x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) pipe2(0x0, 0x0) (rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) r1 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) ptrace(0x4208, r1) 23:45:21 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 306.071827] erofs: cannot find valid erofs superblock [ 306.085124] erofs: read_super, device -> /dev/loop5 [ 306.094782] erofs: options -> [ 306.100715] erofs: cannot read erofs superblock 23:45:21 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) 23:45:21 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) mkdirat(r1, &(0x7f0000000340)='./file0\x00', 0x40) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) syz_clone(0x82814d80, &(0x7f0000000200)="433a9f2074bd4da5c077f8de5a5488e6990de60354ced055c460399dba90b2369bfc3d306b5356b67ceef25a39f63d5f7e39e3508618c0e8daea283d08309a37f7605ac9e03bfd874ef15390e67460954789bafc9538e3bd484ca04083d2f0a1b2a5ac9231e734d299ea9f8ce505321de35c7367564f3cc38e9182fb6e61", 0x7e, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000280)="70380ab235bd67a7a822de12b46980d4c29278d272a332ec59bf65adf947ca59bdae8c5a4d34e35c93f1724dce354fa0b8d2b16b79e874b1ae719fae6988114a52d3aebc26e43765171e5407f17ffebb930ee16ab8d938fa69d65872fad1c4dc962c16fd6945b1e859ca0e651ef9606a81496a30c360dd97facdd6acc119ce8b7ca152") r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x4, 0x3f, 0x1f, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_config_ext={0xd673, 0x80}, 0x98a6b32f64d4fb39, 0x100000001, 0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10001}, r0, 0x0, r3, 0x8) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 306.188847] erofs: read_super, device -> /dev/loop2 [ 306.196669] erofs: options -> [ 306.207687] erofs: root inode @ nid 36 [ 306.211938] erofs: mounted on /dev/loop2 with opts: . [ 306.217433] erofs: unmounted for /dev/loop2 23:45:21 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:21 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf90000535f00", 0x1f, 0x480}], 0x0, &(0x7f0000010a00)) 23:45:21 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 306.342602] erofs: read_super, device -> /dev/loop4 [ 306.357781] erofs: options -> [ 306.377978] erofs: cannot find valid erofs superblock 23:45:21 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 306.461825] erofs: read_super, device -> /dev/loop1 [ 306.463132] erofs: read_super, device -> /dev/loop5 [ 306.467212] erofs: options -> [ 306.472930] erofs: read_super, device -> /dev/loop2 [ 306.479428] erofs: cannot find valid erofs superblock [ 306.500546] erofs: options -> 23:45:21 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:21 executing program 3: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000040)={0x0, 0x3, 0x7, 0x10001}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0x80000001, 0x220000) write$uinput_user_dev(r2, &(0x7f0000000200)={'syz1\x00', {0x5d7, 0x101, 0x100, 0x1}, 0x44, [0xfffffffc, 0x1, 0xffff, 0x3f, 0x7, 0x3f, 0x3f, 0x3, 0x0, 0x1, 0x7, 0xfffffff8, 0x0, 0x80000001, 0x2, 0x0, 0x76ae, 0x3, 0x101, 0x1000, 0x3, 0x9, 0x81, 0xfffffff8, 0x7fff, 0x800, 0x1, 0xc3f, 0x10001, 0x4, 0x101, 0x5, 0x0, 0x1000, 0x2, 0x4, 0x1, 0x5, 0x7fffffff, 0x80000001, 0xffffffff, 0x1, 0x5, 0x19, 0xffffffff, 0xfad768, 0x3f, 0xffff, 0x6, 0xa5c5, 0xffff, 0xd638, 0x200, 0x80, 0x1, 0x9, 0x1, 0x0, 0x227b, 0x7, 0x0, 0x4, 0x398, 0x7fff], [0xad, 0x0, 0x401, 0x4, 0xfb9, 0x17, 0x6, 0x8, 0x5, 0x1, 0x5, 0x1d, 0x7, 0x7fff, 0x8000, 0x401, 0x1, 0x1, 0x400, 0x70, 0xfffffffb, 0x4, 0x1f, 0x4421, 0x1e42e0, 0x80000001, 0x6, 0x5, 0x101, 0x0, 0x1, 0x3ff, 0x6, 0xffffffff, 0x6039f001, 0x58, 0x4, 0x4, 0x9, 0x7, 0xc4, 0x800, 0x6, 0x9, 0x1, 0x6, 0x1000, 0x8, 0x800, 0x4e0f, 0x4, 0x80, 0x7, 0x80000000, 0x40, 0xffffffff, 0x2, 0x40, 0x8000, 0x6, 0x7, 0x7fffffff, 0x9, 0x6], [0x6, 0x4, 0x87a, 0x3ff, 0x81, 0x4, 0x2, 0x4, 0x2, 0x4, 0x3, 0xfffffffa, 0x52b, 0x80, 0x8, 0x101, 0x6, 0x6e, 0x1, 0x8, 0xffffffff, 0x1ff, 0x2, 0xfff, 0x20613d58, 0x4, 0x0, 0x2, 0x2, 0x0, 0x4, 0xffffffff, 0x13, 0x2, 0xf3ff, 0x9, 0x4, 0x1000, 0x9, 0x8, 0x100, 0x6, 0x7, 0x7ff, 0xcb, 0xffffffff, 0x3, 0x9db, 0x61, 0x7, 0x38, 0x10000, 0x40, 0x40, 0x7, 0x4, 0xffffa250, 0x4, 0x1, 0x1, 0x9, 0x2, 0x0, 0x6], [0x4, 0x0, 0x0, 0x40, 0x3f, 0x7, 0xe000, 0xfff, 0xb5, 0x5, 0x3ff, 0xc28, 0x800, 0x3, 0x81, 0x101, 0x80, 0x8, 0x8, 0x2cb, 0x4, 0x4, 0xfffff801, 0xfffffff8, 0x200, 0x7fff, 0x7ff, 0x0, 0x95, 0x4, 0x9, 0x4, 0x7, 0x5, 0xfffffffe, 0x5, 0x401, 0xcc, 0xff, 0x8, 0x9, 0x55, 0x8, 0x6fb, 0x9, 0x620, 0x4, 0x8, 0x0, 0xa62, 0x9, 0x0, 0xffff, 0x5, 0xffff8929, 0x6, 0x97c4, 0x7fff, 0x0, 0x5, 0x101, 0x9, 0x2aca, 0xfff]}, 0x45c) [ 306.511219] erofs: options -> [ 306.516873] erofs: root inode @ nid 36 [ 306.525235] erofs: cannot read erofs superblock [ 306.539022] erofs: bogus i_mode (300) @ nid 36 23:45:21 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:21 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:21 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf90000535f00", 0x1f, 0x480}, {0x0}], 0x0, &(0x7f0000010a00)) [ 306.664637] erofs: read_super, device -> /dev/loop4 [ 306.674728] erofs: options -> [ 306.680838] erofs: cannot find valid erofs superblock [ 306.703275] erofs: read_super, device -> /dev/loop1 [ 306.731788] erofs: options -> [ 306.739460] erofs: cannot find valid erofs superblock [ 306.760287] erofs: read_super, device -> /dev/loop3 [ 306.767002] erofs: options -> [ 306.771923] erofs: root inode @ nid 36 23:45:21 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) [ 306.780524] erofs: bogus i_mode (0) @ nid 36 [ 306.786606] erofs: read_super, device -> /dev/loop5 [ 306.792065] erofs: options -> [ 306.796822] erofs: cannot read erofs superblock 23:45:21 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 306.845250] erofs: read_super, device -> /dev/loop2 [ 306.850653] erofs: options -> [ 306.859289] erofs: root inode @ nid 36 [ 306.871156] erofs: bogus i_mode (300) @ nid 36 [ 306.989433] erofs: read_super, device -> /dev/loop3 [ 306.994860] erofs: options -> [ 306.998648] erofs: root inode @ nid 36 [ 307.005148] erofs: bogus i_mode (0) @ nid 36 23:45:22 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) sched_setparam(0x0, 0x0) (rerun: 32) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) mkdirat(r1, &(0x7f0000000340)='./file0\x00', 0x40) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async, rerun: 64) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async, rerun: 64) syz_clone(0x82814d80, &(0x7f0000000200)="433a9f2074bd4da5c077f8de5a5488e6990de60354ced055c460399dba90b2369bfc3d306b5356b67ceef25a39f63d5f7e39e3508618c0e8daea283d08309a37f7605ac9e03bfd874ef15390e67460954789bafc9538e3bd484ca04083d2f0a1b2a5ac9231e734d299ea9f8ce505321de35c7367564f3cc38e9182fb6e61", 0x7e, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000280)="70380ab235bd67a7a822de12b46980d4c29278d272a332ec59bf65adf947ca59bdae8c5a4d34e35c93f1724dce354fa0b8d2b16b79e874b1ae719fae6988114a52d3aebc26e43765171e5407f17ffebb930ee16ab8d938fa69d65872fad1c4dc962c16fd6945b1e859ca0e651ef9606a81496a30c360dd97facdd6acc119ce8b7ca152") (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x4, 0x3f, 0x1f, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_config_ext={0xd673, 0x80}, 0x98a6b32f64d4fb39, 0x100000001, 0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10001}, r0, 0x0, r3, 0x8) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:22 executing program 3: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf90000535f00", 0x1f, 0x480}, {0x0}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) [ 307.216647] erofs: read_super, device -> /dev/loop2 [ 307.221698] erofs: options -> [ 307.231621] erofs: root inode @ nid 36 [ 307.242737] erofs: bogus i_mode (300) @ nid 36 23:45:22 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) 23:45:22 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 307.264648] erofs: read_super, device -> /dev/loop3 [ 307.284683] erofs: options -> [ 307.292675] erofs: read_super, device -> /dev/loop5 [ 307.305621] erofs: options -> 23:45:22 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) mkdirat(r1, &(0x7f0000000340)='./file0\x00', 0x40) (async, rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) pipe2(0x0, 0x0) (async, rerun: 64) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async, rerun: 64) syz_clone(0x82814d80, &(0x7f0000000200)="433a9f2074bd4da5c077f8de5a5488e6990de60354ced055c460399dba90b2369bfc3d306b5356b67ceef25a39f63d5f7e39e3508618c0e8daea283d08309a37f7605ac9e03bfd874ef15390e67460954789bafc9538e3bd484ca04083d2f0a1b2a5ac9231e734d299ea9f8ce505321de35c7367564f3cc38e9182fb6e61", 0x7e, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000280)="70380ab235bd67a7a822de12b46980d4c29278d272a332ec59bf65adf947ca59bdae8c5a4d34e35c93f1724dce354fa0b8d2b16b79e874b1ae719fae6988114a52d3aebc26e43765171e5407f17ffebb930ee16ab8d938fa69d65872fad1c4dc962c16fd6945b1e859ca0e651ef9606a81496a30c360dd97facdd6acc119ce8b7ca152") r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x4, 0x3f, 0x1f, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_config_ext={0xd673, 0x80}, 0x98a6b32f64d4fb39, 0x100000001, 0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10001}, r0, 0x0, r3, 0x8) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (rerun: 64) 23:45:22 executing program 3: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000", 0x4, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 307.314911] erofs: root inode @ nid 36 [ 307.320126] erofs: cannot read erofs superblock [ 307.326008] erofs: mounted on /dev/loop3 with opts: . [ 307.330504] erofs: read_super, device -> /dev/loop1 [ 307.342291] erofs: options -> [ 307.346895] erofs: cannot find valid erofs superblock [ 307.364518] erofs: unmounted for /dev/loop3 23:45:22 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf90000535f00", 0x1f, 0x480}, {0x0}], 0x0, &(0x7f0000010a00)) [ 307.524322] erofs: read_super, device -> /dev/loop2 [ 307.529724] erofs: options -> [ 307.547039] erofs: root inode @ nid 36 [ 307.551456] erofs: bogus i_mode (0) @ nid 36 23:45:22 executing program 4: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf90000535f0000e803000000000000000000000100"/63, 0x3f, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:22 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 307.698269] erofs: read_super, device -> /dev/loop1 [ 307.713693] erofs: read_super, device -> /dev/loop3 [ 307.721534] erofs: options -> [ 307.724916] erofs: options -> [ 307.728779] erofs: root inode @ nid 36 [ 307.739093] erofs: read_super, device -> /dev/loop4 [ 307.745106] erofs: options -> 23:45:22 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 307.750968] erofs: cannot find valid erofs superblock [ 307.762727] erofs: bogus i_mode (0) @ nid 36 [ 307.767613] erofs: root inode @ nid 36 [ 307.770335] erofs: read_super, device -> /dev/loop5 [ 307.779807] erofs: options -> [ 307.781553] erofs: mounted on /dev/loop4 with opts: . [ 307.787907] erofs: cannot read erofs superblock [ 307.794477] erofs: unmounted for /dev/loop4 23:45:23 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 307.934224] erofs: read_super, device -> /dev/loop2 [ 307.939539] erofs: options -> [ 307.943619] erofs: root inode @ nid 36 [ 307.968620] erofs: bogus i_mode (0) @ nid 36 23:45:23 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="0500", 0x2, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:23 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 308.060559] erofs: read_super, device -> /dev/loop1 [ 308.066030] erofs: options -> [ 308.069711] erofs: cannot find valid erofs superblock [ 308.077585] erofs: read_super, device -> /dev/loop5 23:45:23 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e803000000000000", 0x20, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 308.100803] erofs: options -> [ 308.117355] erofs: root inode @ nid 36 [ 308.130436] erofs: read_super, device -> /dev/loop3 [ 308.136016] erofs: options -> [ 308.139227] erofs: read_super, device -> /dev/loop4 [ 308.139774] erofs: root inode @ nid 36 [ 308.151135] erofs: bogus i_mode (0) @ nid 36 [ 308.159631] erofs: options -> [ 308.169832] erofs: root inode @ nid 36 [ 308.176055] erofs: bogus i_mode (0) @ nid 36 [ 308.178948] erofs: bogus i_mode (0) @ nid 36 [ 308.202002] erofs: read_super, device -> /dev/loop1 [ 308.209299] erofs: options -> [ 308.211226] erofs: read_super, device -> /dev/loop2 [ 308.213059] erofs: root inode @ nid 36 [ 308.225100] erofs: options -> [ 308.228273] erofs: mounted on /dev/loop1 with opts: . [ 308.234767] erofs: unmounted for /dev/loop1 [ 308.236255] erofs: root inode @ nid 36 [ 308.243971] erofs: bogus i_mode (0) @ nid 36 23:45:23 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000d67) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200202, 0x0) lseek(r2, 0x0, 0x3) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r3) ptrace$setopts(0x4200, r3, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xe586, 0xfffffffffffffffa, 0x9}) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, 0xfffffffffffffffe) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x19b, 0x17, &(0x7f0000000200)="90bef07a00a849bd3c1925c221b67dc7e13b42b8e66bad0c934445fe014a04632189d5edb752c60d3c8bb4db009abe266b022da768b6cba486a0e3f06fd9f6917559bf617abfb02736dbaafba0fd86e20d572d5b7bc1ac8d76af6c21534a41eb708474c6ad1e097ab5267655d0200a5652c47600eb3b7fa72a1d9e0884296736368e5b026818d441331152d039640fd94f08fc6fe031273cdcbed8946f2527236b254688a79c56bb137bcb72d82775a34d8adfadf753783a3d45e0a7c467eb63b96ec37e2e3d8c23e2b38cf0fa149feebfb343327dcf26e5d5223c217abff9655fbc78403e794f93f0c0b7d740108f441732170f9ea05e55493da1bc05f5b8edeaaaaa875291a014e44d2d10cd30791e7b59efdb60bc9c4c4af84da5106f2a712adb8fae84a77bb4e390a1fa4172ecd2fcba8b60231e02305f36ff70563ea4e3c0d7842e83c08269d25d2c70d3a587283f50b6faea08fc6c6d309ae66307b2b34b65d251096964627b9cdfeab8392b6558c397aeb5a062aed99f814784d6a34bb50e79365859894acdd8ee58b38b6c9aa3433a8d2a5a96a5f4634ff4626dad6a7d5c69d9f24406a8aa355abdb933798a016155c33371786d7a27e64bfe56ecf9f32bd112cbe82ce4fcaff72c026891c902d9b04f77b693d6d3c1f4aceb3d70290be0c37829401366d7161b32b6593e4061e9b884d35448d1c99310c268a2e494fc1cad8d5febce1b36db74a6bd8a8cc5b149ebfd94f9e849729d13dbe440a6b2c5381783c0ba00a3b92815f4d2c8a437742a9862329a7e35eb808c77121f2fddbe9e0a816403ec362e24836dd1501d8df570b0412a3b84a4da9221cff7f2ea17e72fcbb7a233c6398693f3bb9ce0ce94ee8e1db8bcb775f8a7c19ae135bd9c4cee2db04e017bad9f3a8e7a82e243fc0e4ee3b5e1ec24fd10eab0c95e32aa1de2f463a5b44ddb81cc809f5eeff2e94fbbc2aab7e49b9fd27c571656ad07fa1fea0e762702e13dec2e94f17cb66b09ad3ebe6a2cbd4d4a8f57029ab87c556a9fc8575ddb19684bf7c6e825912e11fb16c0310750a3a9507df025afab8a57de7da965a8725f202a105c4d9405e9e9dd46321fdbc9a4e0d7260b601683380ea9ed463374c71a3a211dcafcfe8d0ef0832e6566086b9452e79fd6c6f54a8fb3cb2d04f4ec6ad6dc822e6ef6a358cc87a164460fd5aea822c2583573cfe188628a3e0838a0f803d3cb4f68f107a2ef0071116670d70b2b733f801031d339032ac752f96f7e3ca260386c598949bcdc53218f9907798dd46d03ab0dd539fed1c18627bce6d21139a26f8dd06e17209d03b9d25c33ab5d8fbd4947effd1b85c1f6a59c9b2094fcc14d00024e1837010fe7336077ada624dca343ebc5cd1539008d0e55634c38a08517d6945d30f0f26b08c205430c92eb0573fef1eb2a371af49bbf6593"}) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:23 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:23 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:23 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e803000000000000", 0x20, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 308.387403] erofs: read_super, device -> /dev/loop3 [ 308.398073] erofs: options -> [ 308.412424] erofs: root inode @ nid 36 [ 308.429473] erofs: bogus i_mode (0) @ nid 36 23:45:23 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 1) [ 308.495482] erofs: read_super, device -> /dev/loop5 [ 308.500528] erofs: options -> [ 308.506609] erofs: read_super, device -> /dev/loop2 [ 308.512195] erofs: read_super, device -> /dev/loop1 [ 308.520557] erofs: options -> [ 308.524504] erofs: options -> [ 308.529056] erofs: root inode @ nid 36 [ 308.533783] erofs: cannot find valid erofs superblock [ 308.539203] erofs: root inode @ nid 36 23:45:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 1) [ 308.546564] erofs: bogus i_mode (0) @ nid 36 [ 308.555033] erofs: mounted on /dev/loop1 with opts: . [ 308.560995] FAULT_INJECTION: forcing a failure. [ 308.560995] name failslab, interval 1, probability 0, space 0, times 1 [ 308.573352] erofs: unmounted for /dev/loop1 [ 308.578009] CPU: 1 PID: 18141 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 308.585901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 23:45:23 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 2) [ 308.591668] FAULT_INJECTION: forcing a failure. [ 308.591668] name failslab, interval 1, probability 0, space 0, times 1 [ 308.595260] Call Trace: [ 308.595286] dump_stack+0x1fc/0x2ef [ 308.595305] should_fail.cold+0xa/0xf [ 308.595321] ? setup_fault_attr+0x200/0x200 [ 308.595336] ? lock_acquire+0x170/0x3c0 [ 308.595355] __should_failslab+0x115/0x180 [ 308.595373] should_failslab+0x5/0x10 [ 308.595386] __kmalloc+0x2ab/0x3c0 [ 308.595398] ? __se_sys_memfd_create+0xf8/0x440 [ 308.595412] __se_sys_memfd_create+0xf8/0x440 [ 308.595425] ? memfd_file_seals_ptr+0x150/0x150 [ 308.595440] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 308.595455] ? trace_hardirqs_off_caller+0x6e/0x210 [ 308.595469] ? do_syscall_64+0x21/0x620 [ 308.595483] do_syscall_64+0xf9/0x620 [ 308.595499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.595511] RIP: 0033:0x7fc00fa84109 23:45:23 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 308.595526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 308.595533] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 308.595546] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa84109 [ 308.595554] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007fc00fadd1be [ 308.595561] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007fc00e3f91d0 [ 308.595567] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 308.595575] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 308.763435] CPU: 0 PID: 18143 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 308.771342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.780701] Call Trace: [ 308.783348] dump_stack+0x1fc/0x2ef [ 308.786988] should_fail.cold+0xa/0xf [ 308.790799] ? setup_fault_attr+0x200/0x200 [ 308.795125] ? lock_acquire+0x170/0x3c0 [ 308.799095] __should_failslab+0x115/0x180 [ 308.803336] should_failslab+0x5/0x10 [ 308.807150] __kmalloc+0x2ab/0x3c0 [ 308.810686] ? __se_sys_memfd_create+0xf8/0x440 [ 308.815351] __se_sys_memfd_create+0xf8/0x440 [ 308.819880] ? memfd_file_seals_ptr+0x150/0x150 [ 308.824550] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 308.830079] ? trace_hardirqs_off_caller+0x6e/0x210 [ 308.835088] ? do_syscall_64+0x21/0x620 [ 308.839057] do_syscall_64+0xf9/0x620 [ 308.842940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.848131] RIP: 0033:0x7f6b889e3109 [ 308.851855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 308.870939] RSP: 002b:00007f6b87357f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 308.878646] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f6b889e3109 [ 308.885920] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f6b88a3c1be [ 308.893183] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f6b873581d0 [ 308.900456] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 23:45:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 2) [ 308.907727] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:24 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:24 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 309.048172] FAULT_INJECTION: forcing a failure. [ 309.048172] name failslab, interval 1, probability 0, space 0, times 0 [ 309.068676] erofs: read_super, device -> /dev/loop5 [ 309.074173] erofs: options -> [ 309.076537] erofs: read_super, device -> /dev/loop2 [ 309.077638] CPU: 1 PID: 18154 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 309.082555] erofs: options -> [ 309.090340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.090347] Call Trace: [ 309.090370] dump_stack+0x1fc/0x2ef [ 309.090386] should_fail.cold+0xa/0xf [ 309.090404] ? setup_fault_attr+0x200/0x200 [ 309.090418] ? lock_acquire+0x170/0x3c0 [ 309.090438] __should_failslab+0x115/0x180 [ 309.090454] should_failslab+0x5/0x10 [ 309.090467] kmem_cache_alloc+0x277/0x370 [ 309.090482] ? shmem_destroy_callback+0xb0/0xb0 [ 309.090496] shmem_alloc_inode+0x18/0x40 [ 309.090509] ? shmem_destroy_callback+0xb0/0xb0 [ 309.090522] alloc_inode+0x5d/0x180 [ 309.090533] new_inode+0x1d/0xf0 [ 309.090551] shmem_get_inode+0x96/0x8d0 [ 309.103683] FAULT_INJECTION: forcing a failure. [ 309.103683] name failslab, interval 1, probability 0, space 0, times 0 [ 309.104404] __shmem_file_setup.part.0+0x7a/0x2b0 [ 309.104424] shmem_file_setup+0x61/0x90 [ 309.104441] __se_sys_memfd_create+0x26b/0x440 [ 309.184077] ? memfd_file_seals_ptr+0x150/0x150 [ 309.188746] erofs: cannot find valid erofs superblock [ 309.193959] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 309.199342] ? trace_hardirqs_off_caller+0x6e/0x210 [ 309.204378] ? do_syscall_64+0x21/0x620 [ 309.208367] do_syscall_64+0xf9/0x620 [ 309.212291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.217510] RIP: 0033:0x7f6b889e3109 [ 309.221231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 309.240391] RSP: 002b:00007f6b87357f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 309.248119] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f6b889e3109 [ 309.255393] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f6b88a3c1be [ 309.262825] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f6b873581d0 [ 309.270081] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 309.277347] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:24 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000d67) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200202, 0x0) lseek(r2, 0x0, 0x3) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r3) ptrace$setopts(0x4200, r3, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xe586, 0xfffffffffffffffa, 0x9}) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, 0xfffffffffffffffe) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x19b, 0x17, &(0x7f0000000200)="90bef07a00a849bd3c1925c221b67dc7e13b42b8e66bad0c934445fe014a04632189d5edb752c60d3c8bb4db009abe266b022da768b6cba486a0e3f06fd9f6917559bf617abfb02736dbaafba0fd86e20d572d5b7bc1ac8d76af6c21534a41eb708474c6ad1e097ab5267655d0200a5652c47600eb3b7fa72a1d9e0884296736368e5b026818d441331152d039640fd94f08fc6fe031273cdcbed8946f2527236b254688a79c56bb137bcb72d82775a34d8adfadf753783a3d45e0a7c467eb63b96ec37e2e3d8c23e2b38cf0fa149feebfb343327dcf26e5d5223c217abff9655fbc78403e794f93f0c0b7d740108f441732170f9ea05e55493da1bc05f5b8edeaaaaa875291a014e44d2d10cd30791e7b59efdb60bc9c4c4af84da5106f2a712adb8fae84a77bb4e390a1fa4172ecd2fcba8b60231e02305f36ff70563ea4e3c0d7842e83c08269d25d2c70d3a587283f50b6faea08fc6c6d309ae66307b2b34b65d251096964627b9cdfeab8392b6558c397aeb5a062aed99f814784d6a34bb50e79365859894acdd8ee58b38b6c9aa3433a8d2a5a96a5f4634ff4626dad6a7d5c69d9f24406a8aa355abdb933798a016155c33371786d7a27e64bfe56ecf9f32bd112cbe82ce4fcaff72c026891c902d9b04f77b693d6d3c1f4aceb3d70290be0c37829401366d7161b32b6593e4061e9b884d35448d1c99310c268a2e494fc1cad8d5febce1b36db74a6bd8a8cc5b149ebfd94f9e849729d13dbe440a6b2c5381783c0ba00a3b92815f4d2c8a437742a9862329a7e35eb808c77121f2fddbe9e0a816403ec362e24836dd1501d8df570b0412a3b84a4da9221cff7f2ea17e72fcbb7a233c6398693f3bb9ce0ce94ee8e1db8bcb775f8a7c19ae135bd9c4cee2db04e017bad9f3a8e7a82e243fc0e4ee3b5e1ec24fd10eab0c95e32aa1de2f463a5b44ddb81cc809f5eeff2e94fbbc2aab7e49b9fd27c571656ad07fa1fea0e762702e13dec2e94f17cb66b09ad3ebe6a2cbd4d4a8f57029ab87c556a9fc8575ddb19684bf7c6e825912e11fb16c0310750a3a9507df025afab8a57de7da965a8725f202a105c4d9405e9e9dd46321fdbc9a4e0d7260b601683380ea9ed463374c71a3a211dcafcfe8d0ef0832e6566086b9452e79fd6c6f54a8fb3cb2d04f4ec6ad6dc822e6ef6a358cc87a164460fd5aea822c2583573cfe188628a3e0838a0f803d3cb4f68f107a2ef0071116670d70b2b733f801031d339032ac752f96f7e3ca260386c598949bcdc53218f9907798dd46d03ab0dd539fed1c18627bce6d21139a26f8dd06e17209d03b9d25c33ab5d8fbd4947effd1b85c1f6a59c9b2094fcc14d00024e1837010fe7336077ada624dca343ebc5cd1539008d0e55634c38a08517d6945d30f0f26b08c205430c92eb0573fef1eb2a371af49bbf6593"}) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r0, r1, 0x0, 0x20000000d67) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200202, 0x0) (async) lseek(r2, 0x0, 0x3) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r3) (async) ptrace$setopts(0x4200, r3, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xe586, 0xfffffffffffffffa, 0x9}) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, 0xfffffffffffffffe) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x19b, 0x17, &(0x7f0000000200)="90bef07a00a849bd3c1925c221b67dc7e13b42b8e66bad0c934445fe014a04632189d5edb752c60d3c8bb4db009abe266b022da768b6cba486a0e3f06fd9f6917559bf617abfb02736dbaafba0fd86e20d572d5b7bc1ac8d76af6c21534a41eb708474c6ad1e097ab5267655d0200a5652c47600eb3b7fa72a1d9e0884296736368e5b026818d441331152d039640fd94f08fc6fe031273cdcbed8946f2527236b254688a79c56bb137bcb72d82775a34d8adfadf753783a3d45e0a7c467eb63b96ec37e2e3d8c23e2b38cf0fa149feebfb343327dcf26e5d5223c217abff9655fbc78403e794f93f0c0b7d740108f441732170f9ea05e55493da1bc05f5b8edeaaaaa875291a014e44d2d10cd30791e7b59efdb60bc9c4c4af84da5106f2a712adb8fae84a77bb4e390a1fa4172ecd2fcba8b60231e02305f36ff70563ea4e3c0d7842e83c08269d25d2c70d3a587283f50b6faea08fc6c6d309ae66307b2b34b65d251096964627b9cdfeab8392b6558c397aeb5a062aed99f814784d6a34bb50e79365859894acdd8ee58b38b6c9aa3433a8d2a5a96a5f4634ff4626dad6a7d5c69d9f24406a8aa355abdb933798a016155c33371786d7a27e64bfe56ecf9f32bd112cbe82ce4fcaff72c026891c902d9b04f77b693d6d3c1f4aceb3d70290be0c37829401366d7161b32b6593e4061e9b884d35448d1c99310c268a2e494fc1cad8d5febce1b36db74a6bd8a8cc5b149ebfd94f9e849729d13dbe440a6b2c5381783c0ba00a3b92815f4d2c8a437742a9862329a7e35eb808c77121f2fddbe9e0a816403ec362e24836dd1501d8df570b0412a3b84a4da9221cff7f2ea17e72fcbb7a233c6398693f3bb9ce0ce94ee8e1db8bcb775f8a7c19ae135bd9c4cee2db04e017bad9f3a8e7a82e243fc0e4ee3b5e1ec24fd10eab0c95e32aa1de2f463a5b44ddb81cc809f5eeff2e94fbbc2aab7e49b9fd27c571656ad07fa1fea0e762702e13dec2e94f17cb66b09ad3ebe6a2cbd4d4a8f57029ab87c556a9fc8575ddb19684bf7c6e825912e11fb16c0310750a3a9507df025afab8a57de7da965a8725f202a105c4d9405e9e9dd46321fdbc9a4e0d7260b601683380ea9ed463374c71a3a211dcafcfe8d0ef0832e6566086b9452e79fd6c6f54a8fb3cb2d04f4ec6ad6dc822e6ef6a358cc87a164460fd5aea822c2583573cfe188628a3e0838a0f803d3cb4f68f107a2ef0071116670d70b2b733f801031d339032ac752f96f7e3ca260386c598949bcdc53218f9907798dd46d03ab0dd539fed1c18627bce6d21139a26f8dd06e17209d03b9d25c33ab5d8fbd4947effd1b85c1f6a59c9b2094fcc14d00024e1837010fe7336077ada624dca343ebc5cd1539008d0e55634c38a08517d6945d30f0f26b08c205430c92eb0573fef1eb2a371af49bbf6593"}) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 309.299989] erofs: read_super, device -> /dev/loop1 [ 309.336752] CPU: 1 PID: 18159 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 309.344659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.348606] erofs: root inode @ nid 36 [ 309.354029] Call Trace: [ 309.354054] dump_stack+0x1fc/0x2ef [ 309.354075] should_fail.cold+0xa/0xf [ 309.354096] ? setup_fault_attr+0x200/0x200 [ 309.354110] ? lock_acquire+0x170/0x3c0 [ 309.354128] __should_failslab+0x115/0x180 [ 309.354144] should_failslab+0x5/0x10 23:45:24 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 309.354156] kmem_cache_alloc+0x277/0x370 [ 309.354172] ? shmem_destroy_callback+0xb0/0xb0 [ 309.354187] shmem_alloc_inode+0x18/0x40 [ 309.354200] ? shmem_destroy_callback+0xb0/0xb0 [ 309.354213] alloc_inode+0x5d/0x180 [ 309.354224] new_inode+0x1d/0xf0 [ 309.354238] shmem_get_inode+0x96/0x8d0 [ 309.354258] __shmem_file_setup.part.0+0x7a/0x2b0 [ 309.354276] shmem_file_setup+0x61/0x90 [ 309.354292] __se_sys_memfd_create+0x26b/0x440 [ 309.362533] erofs: bogus i_mode (0) @ nid 36 [ 309.364379] ? memfd_file_seals_ptr+0x150/0x150 23:45:24 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 3) 23:45:24 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 3) [ 309.364396] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 309.364413] ? trace_hardirqs_off_caller+0x6e/0x210 [ 309.364429] ? do_syscall_64+0x21/0x620 [ 309.364444] do_syscall_64+0xf9/0x620 [ 309.364462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.364473] RIP: 0033:0x7fc00fa84109 [ 309.364484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:45:24 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000d67) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200202, 0x0) lseek(r2, 0x0, 0x3) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r3) ptrace$setopts(0x4200, r3, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xe586, 0xfffffffffffffffa, 0x9}) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, 0xfffffffffffffffe) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x19b, 0x17, &(0x7f0000000200)="90bef07a00a849bd3c1925c221b67dc7e13b42b8e66bad0c934445fe014a04632189d5edb752c60d3c8bb4db009abe266b022da768b6cba486a0e3f06fd9f6917559bf617abfb02736dbaafba0fd86e20d572d5b7bc1ac8d76af6c21534a41eb708474c6ad1e097ab5267655d0200a5652c47600eb3b7fa72a1d9e0884296736368e5b026818d441331152d039640fd94f08fc6fe031273cdcbed8946f2527236b254688a79c56bb137bcb72d82775a34d8adfadf753783a3d45e0a7c467eb63b96ec37e2e3d8c23e2b38cf0fa149feebfb343327dcf26e5d5223c217abff9655fbc78403e794f93f0c0b7d740108f441732170f9ea05e55493da1bc05f5b8edeaaaaa875291a014e44d2d10cd30791e7b59efdb60bc9c4c4af84da5106f2a712adb8fae84a77bb4e390a1fa4172ecd2fcba8b60231e02305f36ff70563ea4e3c0d7842e83c08269d25d2c70d3a587283f50b6faea08fc6c6d309ae66307b2b34b65d251096964627b9cdfeab8392b6558c397aeb5a062aed99f814784d6a34bb50e79365859894acdd8ee58b38b6c9aa3433a8d2a5a96a5f4634ff4626dad6a7d5c69d9f24406a8aa355abdb933798a016155c33371786d7a27e64bfe56ecf9f32bd112cbe82ce4fcaff72c026891c902d9b04f77b693d6d3c1f4aceb3d70290be0c37829401366d7161b32b6593e4061e9b884d35448d1c99310c268a2e494fc1cad8d5febce1b36db74a6bd8a8cc5b149ebfd94f9e849729d13dbe440a6b2c5381783c0ba00a3b92815f4d2c8a437742a9862329a7e35eb808c77121f2fddbe9e0a816403ec362e24836dd1501d8df570b0412a3b84a4da9221cff7f2ea17e72fcbb7a233c6398693f3bb9ce0ce94ee8e1db8bcb775f8a7c19ae135bd9c4cee2db04e017bad9f3a8e7a82e243fc0e4ee3b5e1ec24fd10eab0c95e32aa1de2f463a5b44ddb81cc809f5eeff2e94fbbc2aab7e49b9fd27c571656ad07fa1fea0e762702e13dec2e94f17cb66b09ad3ebe6a2cbd4d4a8f57029ab87c556a9fc8575ddb19684bf7c6e825912e11fb16c0310750a3a9507df025afab8a57de7da965a8725f202a105c4d9405e9e9dd46321fdbc9a4e0d7260b601683380ea9ed463374c71a3a211dcafcfe8d0ef0832e6566086b9452e79fd6c6f54a8fb3cb2d04f4ec6ad6dc822e6ef6a358cc87a164460fd5aea822c2583573cfe188628a3e0838a0f803d3cb4f68f107a2ef0071116670d70b2b733f801031d339032ac752f96f7e3ca260386c598949bcdc53218f9907798dd46d03ab0dd539fed1c18627bce6d21139a26f8dd06e17209d03b9d25c33ab5d8fbd4947effd1b85c1f6a59c9b2094fcc14d00024e1837010fe7336077ada624dca343ebc5cd1539008d0e55634c38a08517d6945d30f0f26b08c205430c92eb0573fef1eb2a371af49bbf6593"}) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r0, r1, 0x0, 0x20000000d67) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200202, 0x0) (async) lseek(r2, 0x0, 0x3) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r3) (async) ptrace$setopts(0x4200, r3, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xe586, 0xfffffffffffffffa, 0x9}) (async) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, 0xfffffffffffffffe) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x19b, 0x17, &(0x7f0000000200)="90bef07a00a849bd3c1925c221b67dc7e13b42b8e66bad0c934445fe014a04632189d5edb752c60d3c8bb4db009abe266b022da768b6cba486a0e3f06fd9f6917559bf617abfb02736dbaafba0fd86e20d572d5b7bc1ac8d76af6c21534a41eb708474c6ad1e097ab5267655d0200a5652c47600eb3b7fa72a1d9e0884296736368e5b026818d441331152d039640fd94f08fc6fe031273cdcbed8946f2527236b254688a79c56bb137bcb72d82775a34d8adfadf753783a3d45e0a7c467eb63b96ec37e2e3d8c23e2b38cf0fa149feebfb343327dcf26e5d5223c217abff9655fbc78403e794f93f0c0b7d740108f441732170f9ea05e55493da1bc05f5b8edeaaaaa875291a014e44d2d10cd30791e7b59efdb60bc9c4c4af84da5106f2a712adb8fae84a77bb4e390a1fa4172ecd2fcba8b60231e02305f36ff70563ea4e3c0d7842e83c08269d25d2c70d3a587283f50b6faea08fc6c6d309ae66307b2b34b65d251096964627b9cdfeab8392b6558c397aeb5a062aed99f814784d6a34bb50e79365859894acdd8ee58b38b6c9aa3433a8d2a5a96a5f4634ff4626dad6a7d5c69d9f24406a8aa355abdb933798a016155c33371786d7a27e64bfe56ecf9f32bd112cbe82ce4fcaff72c026891c902d9b04f77b693d6d3c1f4aceb3d70290be0c37829401366d7161b32b6593e4061e9b884d35448d1c99310c268a2e494fc1cad8d5febce1b36db74a6bd8a8cc5b149ebfd94f9e849729d13dbe440a6b2c5381783c0ba00a3b92815f4d2c8a437742a9862329a7e35eb808c77121f2fddbe9e0a816403ec362e24836dd1501d8df570b0412a3b84a4da9221cff7f2ea17e72fcbb7a233c6398693f3bb9ce0ce94ee8e1db8bcb775f8a7c19ae135bd9c4cee2db04e017bad9f3a8e7a82e243fc0e4ee3b5e1ec24fd10eab0c95e32aa1de2f463a5b44ddb81cc809f5eeff2e94fbbc2aab7e49b9fd27c571656ad07fa1fea0e762702e13dec2e94f17cb66b09ad3ebe6a2cbd4d4a8f57029ab87c556a9fc8575ddb19684bf7c6e825912e11fb16c0310750a3a9507df025afab8a57de7da965a8725f202a105c4d9405e9e9dd46321fdbc9a4e0d7260b601683380ea9ed463374c71a3a211dcafcfe8d0ef0832e6566086b9452e79fd6c6f54a8fb3cb2d04f4ec6ad6dc822e6ef6a358cc87a164460fd5aea822c2583573cfe188628a3e0838a0f803d3cb4f68f107a2ef0071116670d70b2b733f801031d339032ac752f96f7e3ca260386c598949bcdc53218f9907798dd46d03ab0dd539fed1c18627bce6d21139a26f8dd06e17209d03b9d25c33ab5d8fbd4947effd1b85c1f6a59c9b2094fcc14d00024e1837010fe7336077ada624dca343ebc5cd1539008d0e55634c38a08517d6945d30f0f26b08c205430c92eb0573fef1eb2a371af49bbf6593"}) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 309.364491] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 309.364502] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa84109 [ 309.364509] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007fc00fadd1be [ 309.364520] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007fc00e3f91d0 [ 309.373052] erofs: options -> [ 309.376589] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 309.376597] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 309.532165] erofs: cannot find valid erofs superblock 23:45:24 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 309.567641] erofs: read_super, device -> /dev/loop2 [ 309.578244] erofs: options -> [ 309.589919] erofs: cannot find valid erofs superblock [ 309.603467] FAULT_INJECTION: forcing a failure. [ 309.603467] name failslab, interval 1, probability 0, space 0, times 0 [ 309.620593] FAULT_INJECTION: forcing a failure. [ 309.620593] name failslab, interval 1, probability 0, space 0, times 0 [ 309.624904] CPU: 0 PID: 18200 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 309.639704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.649066] Call Trace: [ 309.651663] dump_stack+0x1fc/0x2ef [ 309.655290] should_fail.cold+0xa/0xf [ 309.659102] ? setup_fault_attr+0x200/0x200 [ 309.663484] ? lock_acquire+0x170/0x3c0 [ 309.667459] __should_failslab+0x115/0x180 [ 309.671779] should_failslab+0x5/0x10 [ 309.675587] kmem_cache_alloc+0x277/0x370 [ 309.679732] __d_alloc+0x2b/0xa10 [ 309.683186] d_alloc_pseudo+0x19/0x70 [ 309.686988] alloc_file_pseudo+0xc6/0x250 [ 309.691129] ? alloc_file+0x4d0/0x4d0 [ 309.695010] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 309.700633] ? shmem_get_inode+0x44c/0x8d0 [ 309.704870] __shmem_file_setup.part.0+0x102/0x2b0 [ 309.710169] shmem_file_setup+0x61/0x90 [ 309.714137] __se_sys_memfd_create+0x26b/0x440 [ 309.718742] ? memfd_file_seals_ptr+0x150/0x150 [ 309.723409] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 309.728771] ? trace_hardirqs_off_caller+0x6e/0x210 [ 309.733780] ? do_syscall_64+0x21/0x620 [ 309.737748] do_syscall_64+0xf9/0x620 [ 309.741633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.746813] RIP: 0033:0x7fc00fa84109 [ 309.750518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 309.769408] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 309.777106] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa84109 [ 309.784364] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007fc00fadd1be [ 309.791632] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007fc00e3f91d0 [ 309.798981] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 309.806261] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 309.813543] CPU: 1 PID: 18201 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 309.821436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.830793] Call Trace: [ 309.833398] dump_stack+0x1fc/0x2ef [ 309.837041] should_fail.cold+0xa/0xf [ 309.840856] ? setup_fault_attr+0x200/0x200 [ 309.845202] ? lock_acquire+0x170/0x3c0 [ 309.849211] __should_failslab+0x115/0x180 [ 309.853460] should_failslab+0x5/0x10 [ 309.857303] kmem_cache_alloc+0x277/0x370 [ 309.861458] __d_alloc+0x2b/0xa10 [ 309.864928] d_alloc_pseudo+0x19/0x70 [ 309.868742] alloc_file_pseudo+0xc6/0x250 [ 309.872892] ? alloc_file+0x4d0/0x4d0 [ 309.876694] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 309.882315] ? shmem_get_inode+0x44c/0x8d0 [ 309.886541] __shmem_file_setup.part.0+0x102/0x2b0 [ 309.891468] shmem_file_setup+0x61/0x90 [ 309.895437] __se_sys_memfd_create+0x26b/0x440 [ 309.900184] ? memfd_file_seals_ptr+0x150/0x150 [ 309.904836] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 309.910192] ? trace_hardirqs_off_caller+0x6e/0x210 [ 309.915202] ? do_syscall_64+0x21/0x620 [ 309.919188] do_syscall_64+0xf9/0x620 [ 309.922980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.928150] RIP: 0033:0x7f6b889e3109 [ 309.931886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 309.950769] RSP: 002b:00007f6b87357f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 309.958468] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f6b889e3109 23:45:25 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 4) 23:45:25 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r2 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffa000/0x4000)=nil) fstat(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000200)={{0x3, 0xee01, 0xee00, 0x0, r3, 0x42, 0x7}, 0x7f, 0x81, 0x8000000000000000, 0x8000, r0, r0, 0xffff}) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 309.965725] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f6b88a3c1be [ 309.972977] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f6b873581d0 [ 309.980345] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 309.987597] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:25 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:25 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 4) 23:45:25 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 310.119387] erofs: read_super, device -> /dev/loop5 23:45:25 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) r2 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffa000/0x4000)=nil) fstat(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000200)={{0x3, 0xee01, 0xee00, 0x0, r3, 0x42, 0x7}, 0x7f, 0x81, 0x8000000000000000, 0x8000, r0, r0, 0xffff}) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (rerun: 64) [ 310.144423] erofs: options -> [ 310.148482] FAULT_INJECTION: forcing a failure. [ 310.148482] name failslab, interval 1, probability 0, space 0, times 0 [ 310.163235] erofs: root inode @ nid 36 [ 310.184235] erofs: bogus i_mode (0) @ nid 36 [ 310.190650] FAULT_INJECTION: forcing a failure. [ 310.190650] name failslab, interval 1, probability 0, space 0, times 0 [ 310.193069] CPU: 0 PID: 18239 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 310.203004] erofs: read_super, device -> /dev/loop2 [ 310.209735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.209743] Call Trace: [ 310.209765] dump_stack+0x1fc/0x2ef [ 310.209783] should_fail.cold+0xa/0xf [ 310.209802] ? setup_fault_attr+0x200/0x200 [ 310.221314] erofs: options -> [ 310.224231] ? lock_acquire+0x170/0x3c0 [ 310.224254] __should_failslab+0x115/0x180 [ 310.224271] should_failslab+0x5/0x10 [ 310.224285] kmem_cache_alloc+0x277/0x370 [ 310.224302] __alloc_file+0x21/0x340 [ 310.224320] alloc_empty_file+0x6d/0x170 [ 310.230608] erofs: cannot find valid erofs superblock [ 310.234291] alloc_file+0x5e/0x4d0 [ 310.234312] alloc_file_pseudo+0x165/0x250 [ 310.234327] ? alloc_file+0x4d0/0x4d0 [ 310.234340] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 310.234358] ? shmem_get_inode+0x44c/0x8d0 [ 310.292436] __shmem_file_setup.part.0+0x102/0x2b0 [ 310.297366] shmem_file_setup+0x61/0x90 [ 310.301338] __se_sys_memfd_create+0x26b/0x440 [ 310.305920] ? memfd_file_seals_ptr+0x150/0x150 [ 310.310936] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 310.316315] ? trace_hardirqs_off_caller+0x6e/0x210 [ 310.321329] ? do_syscall_64+0x21/0x620 [ 310.325399] do_syscall_64+0xf9/0x620 [ 310.329213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.334419] RIP: 0033:0x7fc00fa84109 [ 310.338134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 310.357037] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 310.364756] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa84109 [ 310.372026] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007fc00fadd1be [ 310.379307] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007fc00e3f91d0 [ 310.386578] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 310.393852] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 310.401451] CPU: 1 PID: 18242 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 310.409361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.418716] Call Trace: [ 310.421315] dump_stack+0x1fc/0x2ef [ 310.424976] should_fail.cold+0xa/0xf [ 310.428912] ? setup_fault_attr+0x200/0x200 [ 310.433361] ? lock_acquire+0x170/0x3c0 [ 310.437356] __should_failslab+0x115/0x180 [ 310.441609] should_failslab+0x5/0x10 23:45:25 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 5) [ 310.445516] kmem_cache_alloc+0x277/0x370 [ 310.449796] __alloc_file+0x21/0x340 [ 310.453526] alloc_empty_file+0x6d/0x170 [ 310.457591] alloc_file+0x5e/0x4d0 [ 310.461175] alloc_file_pseudo+0x165/0x250 [ 310.465425] ? alloc_file+0x4d0/0x4d0 [ 310.469231] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 310.475005] ? shmem_get_inode+0x44c/0x8d0 [ 310.479245] __shmem_file_setup.part.0+0x102/0x2b0 [ 310.484165] shmem_file_setup+0x61/0x90 [ 310.488130] __se_sys_memfd_create+0x26b/0x440 [ 310.492723] ? memfd_file_seals_ptr+0x150/0x150 [ 310.497406] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 310.502768] ? trace_hardirqs_off_caller+0x6e/0x210 [ 310.507887] ? do_syscall_64+0x21/0x620 [ 310.511904] do_syscall_64+0xf9/0x620 [ 310.515718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.520921] RIP: 0033:0x7f6b889e3109 [ 310.524628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:45:25 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r2 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffa000/0x4000)=nil) fstat(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000200)={{0x3, 0xee01, 0xee00, 0x0, r3, 0x42, 0x7}, 0x7f, 0x81, 0x8000000000000000, 0x8000, r0, r0, 0xffff}) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffa000/0x4000)=nil) (async) fstat(r1, &(0x7f0000000000)) (async) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000200)={{0x3, 0xee01, 0xee00, 0x0, r3, 0x42, 0x7}, 0x7f, 0x81, 0x8000000000000000, 0x8000, r0, r0, 0xffff}) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 310.543779] RSP: 002b:00007f6b87357f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 310.551564] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f6b889e3109 [ 310.558929] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f6b88a3c1be [ 310.566198] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f6b873581d0 [ 310.573463] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 310.580816] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:25 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 5) [ 310.626985] erofs: read_super, device -> /dev/loop1 [ 310.632151] erofs: options -> 23:45:25 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:25 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 310.678134] erofs: cannot find valid erofs superblock 23:45:25 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 310.738264] FAULT_INJECTION: forcing a failure. [ 310.738264] name failslab, interval 1, probability 0, space 0, times 0 23:45:25 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x10001, &(0x7f0000000200)=""/145) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 310.797236] CPU: 1 PID: 18263 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 310.805159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.814521] Call Trace: [ 310.817126] dump_stack+0x1fc/0x2ef [ 310.820764] should_fail.cold+0xa/0xf [ 310.824590] ? setup_fault_attr+0x200/0x200 [ 310.828927] ? lock_acquire+0x170/0x3c0 [ 310.832924] __should_failslab+0x115/0x180 [ 310.834767] FAULT_INJECTION: forcing a failure. [ 310.834767] name failslab, interval 1, probability 0, space 0, times 0 [ 310.837172] should_failslab+0x5/0x10 [ 310.837201] kmem_cache_alloc_trace+0x284/0x380 [ 310.837231] apparmor_file_alloc_security+0x394/0xad0 [ 310.862667] ? apparmor_file_receive+0x160/0x160 [ 310.867442] ? __alloc_file+0x21/0x340 [ 310.871356] security_file_alloc+0x40/0x90 [ 310.875609] __alloc_file+0xd8/0x340 [ 310.879340] alloc_empty_file+0x6d/0x170 [ 310.883427] alloc_file+0x5e/0x4d0 [ 310.886993] alloc_file_pseudo+0x165/0x250 [ 310.891250] ? alloc_file+0x4d0/0x4d0 [ 310.895066] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 310.900714] ? shmem_get_inode+0x44c/0x8d0 [ 310.904973] __shmem_file_setup.part.0+0x102/0x2b0 [ 310.909924] shmem_file_setup+0x61/0x90 [ 310.913916] __se_sys_memfd_create+0x26b/0x440 [ 310.918530] ? memfd_file_seals_ptr+0x150/0x150 [ 310.923230] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 310.928603] ? trace_hardirqs_off_caller+0x6e/0x210 [ 310.933630] ? do_syscall_64+0x21/0x620 [ 310.937613] do_syscall_64+0xf9/0x620 [ 310.941428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.946625] RIP: 0033:0x7fc00fa84109 [ 310.950346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 310.969271] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 310.976972] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa84109 [ 310.984254] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007fc00fadd1be [ 310.991536] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007fc00e3f91d0 [ 310.998817] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 311.006101] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 311.021681] CPU: 1 PID: 18284 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 311.029600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.038957] Call Trace: [ 311.041562] dump_stack+0x1fc/0x2ef [ 311.045234] should_fail.cold+0xa/0xf [ 311.049048] ? setup_fault_attr+0x200/0x200 [ 311.053381] ? lock_acquire+0x170/0x3c0 [ 311.057377] __should_failslab+0x115/0x180 [ 311.061204] erofs: read_super, device -> /dev/loop1 [ 311.061621] should_failslab+0x5/0x10 [ 311.068648] erofs: read_super, device -> /dev/loop2 [ 311.070410] kmem_cache_alloc_trace+0x284/0x380 [ 311.070434] apparmor_file_alloc_security+0x394/0xad0 [ 311.070454] ? apparmor_file_receive+0x160/0x160 [ 311.070471] ? __alloc_file+0x21/0x340 [ 311.070490] security_file_alloc+0x40/0x90 [ 311.081171] erofs: options -> [ 311.085352] __alloc_file+0xd8/0x340 [ 311.085371] alloc_empty_file+0x6d/0x170 [ 311.085388] alloc_file+0x5e/0x4d0 [ 311.085408] alloc_file_pseudo+0x165/0x250 [ 311.085422] ? alloc_file+0x4d0/0x4d0 [ 311.085435] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 311.085452] ? shmem_get_inode+0x44c/0x8d0 [ 311.085470] __shmem_file_setup.part.0+0x102/0x2b0 [ 311.085487] shmem_file_setup+0x61/0x90 [ 311.085500] __se_sys_memfd_create+0x26b/0x440 23:45:26 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 6) 23:45:26 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 6) [ 311.085522] ? memfd_file_seals_ptr+0x150/0x150 [ 311.098767] erofs: options -> [ 311.101560] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 311.101581] ? trace_hardirqs_off_caller+0x6e/0x210 [ 311.101597] ? do_syscall_64+0x21/0x620 [ 311.101614] do_syscall_64+0xf9/0x620 [ 311.101631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.111894] erofs: cannot find valid erofs superblock [ 311.112917] RIP: 0033:0x7f6b889e3109 [ 311.112932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 311.112941] RSP: 002b:00007f6b87357f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 311.112955] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f6b889e3109 [ 311.112964] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f6b88a3c1be [ 311.112971] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f6b873581d0 [ 311.112983] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 311.128838] erofs: cannot find valid erofs superblock [ 311.130823] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 311.273334] erofs: read_super, device -> /dev/loop5 [ 311.278399] erofs: options -> [ 311.281655] erofs: root inode @ nid 36 [ 311.298897] FAULT_INJECTION: forcing a failure. [ 311.298897] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 311.312010] CPU: 1 PID: 18302 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 [ 311.319919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.329363] Call Trace: [ 311.331965] dump_stack+0x1fc/0x2ef [ 311.335613] should_fail.cold+0xa/0xf [ 311.339431] ? lock_acquire+0x170/0x3c0 [ 311.343429] ? setup_fault_attr+0x200/0x200 [ 311.347786] __alloc_pages_nodemask+0x239/0x2890 [ 311.352561] ? __lock_acquire+0x6de/0x3ff0 [ 311.356823] ? static_obj+0x50/0x50 [ 311.360487] ? __lock_acquire+0x6de/0x3ff0 [ 311.361001] erofs: bogus i_mode (0) @ nid 36 [ 311.364735] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 311.364759] ? __lock_acquire+0x6de/0x3ff0 [ 311.364779] ? mark_held_locks+0xf0/0xf0 [ 311.364794] ? unwind_next_frame+0xeee/0x1400 [ 311.364808] ? mark_held_locks+0xf0/0xf0 [ 311.364819] ? deref_stack_reg+0x134/0x1d0 [ 311.364830] ? get_reg+0x176/0x1f0 [ 311.364844] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 311.364861] alloc_pages_vma+0xf2/0x780 [ 311.364881] shmem_alloc_page+0x11c/0x1f0 [ 311.364894] ? shmem_swapin+0x220/0x220 [ 311.364923] ? percpu_counter_add_batch+0x126/0x180 [ 311.406580] FAULT_INJECTION: forcing a failure. [ 311.406580] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 311.409016] ? __vm_enough_memory+0x316/0x650 [ 311.409038] shmem_alloc_and_acct_page+0x15a/0x850 [ 311.409061] shmem_getpage_gfp+0x4e9/0x37f0 [ 311.409087] ? shmem_alloc_and_acct_page+0x850/0x850 [ 311.453171] ? mark_held_locks+0xa6/0xf0 [ 311.457235] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 311.462424] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 311.467622] shmem_write_begin+0xff/0x1e0 [ 311.471770] generic_perform_write+0x1f8/0x4d0 [ 311.476368] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 311.481133] ? current_time+0x1c0/0x1c0 [ 311.485122] ? lock_acquire+0x170/0x3c0 [ 311.489112] __generic_file_write_iter+0x24b/0x610 [ 311.494059] generic_file_write_iter+0x3f8/0x730 [ 311.498835] __vfs_write+0x51b/0x770 [ 311.502558] ? kernel_read+0x110/0x110 [ 311.506628] ? check_preemption_disabled+0x41/0x280 [ 311.511643] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 311.516658] vfs_write+0x1f3/0x540 [ 311.520199] __x64_sys_pwrite64+0x1f7/0x250 [ 311.524528] ? ksys_pwrite64+0x1a0/0x1a0 [ 311.528588] ? trace_hardirqs_off_caller+0x6e/0x210 [ 311.533603] ? do_syscall_64+0x21/0x620 [ 311.537573] do_syscall_64+0xf9/0x620 [ 311.541369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.546556] RIP: 0033:0x7f6b889960d7 [ 311.550267] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b 23:45:26 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 311.569248] RSP: 002b:00007f6b87357f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 311.576949] RAX: ffffffffffffffda RBX: 00007f6b88a2ca20 RCX: 00007f6b889960d7 [ 311.584211] RDX: 000000000000000f RSI: 0000000020010000 RDI: 0000000000000005 [ 311.591560] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f6b873581d0 [ 311.598831] R10: 0000000000000400 R11: 0000000000000293 R12: 0000000000000005 [ 311.606109] R13: 0000000000000005 R14: 0000000020000200 R15: 0000000000000000 23:45:26 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c002400", 0x10, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 311.626143] CPU: 1 PID: 18305 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 311.634141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.643497] Call Trace: [ 311.646102] dump_stack+0x1fc/0x2ef [ 311.649722] should_fail.cold+0xa/0xf [ 311.653516] ? lock_acquire+0x170/0x3c0 [ 311.657478] ? setup_fault_attr+0x200/0x200 [ 311.661799] __alloc_pages_nodemask+0x239/0x2890 [ 311.666546] ? __lock_acquire+0x6de/0x3ff0 [ 311.670771] ? static_obj+0x50/0x50 [ 311.674393] ? __lock_acquire+0x6de/0x3ff0 [ 311.678617] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 311.683447] ? __lock_acquire+0x6de/0x3ff0 [ 311.687680] ? mark_held_locks+0xf0/0xf0 [ 311.691824] ? unwind_next_frame+0xeee/0x1400 [ 311.696310] ? mark_held_locks+0xf0/0xf0 [ 311.700355] ? deref_stack_reg+0x134/0x1d0 [ 311.704677] ? get_reg+0x176/0x1f0 [ 311.708209] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 311.714082] alloc_pages_vma+0xf2/0x780 [ 311.718071] shmem_alloc_page+0x11c/0x1f0 [ 311.722211] ? shmem_swapin+0x220/0x220 [ 311.726189] ? percpu_counter_add_batch+0x126/0x180 [ 311.731196] ? __vm_enough_memory+0x316/0x650 [ 311.735683] shmem_alloc_and_acct_page+0x15a/0x850 [ 311.740624] shmem_getpage_gfp+0x4e9/0x37f0 [ 311.745034] ? shmem_alloc_and_acct_page+0x850/0x850 [ 311.750174] ? mark_held_locks+0xa6/0xf0 [ 311.754223] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 311.759415] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 311.764596] shmem_write_begin+0xff/0x1e0 [ 311.768746] generic_perform_write+0x1f8/0x4d0 [ 311.773322] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 311.777982] ? current_time+0x1c0/0x1c0 [ 311.781948] ? lock_acquire+0x170/0x3c0 [ 311.785933] __generic_file_write_iter+0x24b/0x610 [ 311.790853] generic_file_write_iter+0x3f8/0x730 [ 311.795692] __vfs_write+0x51b/0x770 [ 311.799412] ? kernel_read+0x110/0x110 [ 311.803302] ? check_preemption_disabled+0x41/0x280 [ 311.808311] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 311.813404] vfs_write+0x1f3/0x540 [ 311.816985] __x64_sys_pwrite64+0x1f7/0x250 [ 311.821309] ? ksys_pwrite64+0x1a0/0x1a0 [ 311.825358] ? trace_hardirqs_off_caller+0x6e/0x210 [ 311.830366] ? do_syscall_64+0x21/0x620 [ 311.834347] do_syscall_64+0xf9/0x620 [ 311.838141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.843353] RIP: 0033:0x7fc00fa370d7 [ 311.847055] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 311.865952] RSP: 002b:00007fc00e3f8f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 311.873648] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa370d7 [ 311.880990] RDX: 000000000000000f RSI: 0000000020010000 RDI: 0000000000000004 [ 311.888241] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 311.895492] R10: 0000000000000400 R11: 0000000000000293 R12: 0000000000000004 [ 311.902744] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000 23:45:27 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x10001, &(0x7f0000000200)=""/145) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 311.961652] erofs: read_super, device -> /dev/loop3 [ 311.979749] erofs: read_super, device -> /dev/loop4 23:45:27 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {0x0, 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.024800] erofs: options -> [ 312.032630] erofs: read_super, device -> /dev/loop1 [ 312.035553] erofs: options -> [ 312.042617] erofs: cannot find valid erofs superblock [ 312.057234] erofs: cannot find valid erofs superblock [ 312.066345] erofs: options -> [ 312.070168] erofs: root inode @ nid 36 [ 312.070932] erofs: read_super, device -> /dev/loop2 [ 312.080065] erofs: mounted on /dev/loop1 with opts: . [ 312.082153] erofs: options -> [ 312.088335] erofs: unmounted for /dev/loop1 [ 312.102520] erofs: cannot find valid erofs superblock 23:45:27 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:27 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:27 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 7) 23:45:27 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.293172] erofs: read_super, device -> /dev/loop5 [ 312.300940] erofs: options -> [ 312.315888] erofs: root inode @ nid 36 [ 312.327838] erofs: bogus i_mode (0) @ nid 36 [ 312.327897] erofs: read_super, device -> /dev/loop2 [ 312.346950] erofs: options -> [ 312.347394] FAULT_INJECTION: forcing a failure. [ 312.347394] name failslab, interval 1, probability 0, space 0, times 0 [ 312.351393] erofs: cannot find valid erofs superblock [ 312.372838] erofs: read_super, device -> /dev/loop3 [ 312.378367] erofs: options -> [ 312.382027] erofs: root inode @ nid 36 [ 312.386187] CPU: 1 PID: 18347 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 23:45:27 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.394077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.403446] Call Trace: [ 312.406047] dump_stack+0x1fc/0x2ef [ 312.409823] should_fail.cold+0xa/0xf [ 312.413731] ? setup_fault_attr+0x200/0x200 [ 312.418085] ? lock_acquire+0x170/0x3c0 [ 312.419612] erofs: mounted on /dev/loop3 with opts: . [ 312.422075] __should_failslab+0x115/0x180 [ 312.422096] should_failslab+0x5/0x10 [ 312.422108] kmem_cache_alloc+0x277/0x370 [ 312.422128] getname_flags+0xce/0x590 [ 312.429802] erofs: unmounted for /dev/loop3 [ 312.431589] do_sys_open+0x26c/0x520 [ 312.431604] ? filp_open+0x70/0x70 [ 312.431625] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 312.460819] ? trace_hardirqs_off_caller+0x6e/0x210 [ 312.465858] ? do_syscall_64+0x21/0x620 [ 312.469825] do_syscall_64+0xf9/0x620 [ 312.473645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 312.478838] RIP: 0033:0x7fc00fa37024 23:45:27 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 8) [ 312.482537] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 312.501432] RSP: 002b:00007fc00e3f8eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 312.509131] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa37024 [ 312.516397] RDX: 0000000000000002 RSI: 00007fc00e3f8fe0 RDI: 00000000ffffff9c [ 312.523676] RBP: 00007fc00e3f8fe0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 312.530952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 312.538451] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:27 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.604330] erofs: read_super, device -> /dev/loop1 [ 312.609383] erofs: options -> [ 312.628712] erofs: cannot find valid erofs superblock [ 312.638252] erofs: read_super, device -> /dev/loop5 [ 312.649451] erofs: options -> 23:45:27 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.657689] erofs: root inode @ nid 36 [ 312.662841] erofs: bogus i_mode (0) @ nid 36 [ 312.672570] FAULT_INJECTION: forcing a failure. [ 312.672570] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 312.684477] CPU: 1 PID: 18364 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 312.692363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.701861] Call Trace: [ 312.704724] dump_stack+0x1fc/0x2ef [ 312.708621] should_fail.cold+0xa/0xf [ 312.712411] ? setup_fault_attr+0x200/0x200 [ 312.716726] ? do_writepages+0x290/0x290 [ 312.720897] ? unlock_page+0x13d/0x230 [ 312.724886] __alloc_pages_nodemask+0x239/0x2890 [ 312.729642] ? lock_downgrade+0x720/0x720 [ 312.733784] ? check_preemption_disabled+0x41/0x280 [ 312.738808] ? __lock_acquire+0x6de/0x3ff0 [ 312.743064] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 312.747931] ? lock_downgrade+0x720/0x720 [ 312.752068] ? lock_acquire+0x170/0x3c0 [ 312.756055] ? up_write+0x18/0x150 [ 312.759593] ? generic_file_write_iter+0x381/0x730 [ 312.764547] ? iov_iter_init+0xb8/0x1d0 [ 312.768525] cache_grow_begin+0xa4/0x8a0 [ 312.772577] ? setup_fault_attr+0x200/0x200 [ 312.776889] ? lock_acquire+0x170/0x3c0 [ 312.780864] cache_alloc_refill+0x273/0x340 [ 312.785185] kmem_cache_alloc+0x346/0x370 [ 312.789331] getname_flags+0xce/0x590 [ 312.793123] do_sys_open+0x26c/0x520 [ 312.796839] ? filp_open+0x70/0x70 [ 312.800385] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 312.805850] ? trace_hardirqs_off_caller+0x6e/0x210 [ 312.810857] ? do_syscall_64+0x21/0x620 [ 312.814916] do_syscall_64+0xf9/0x620 [ 312.818709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 312.823885] RIP: 0033:0x7fc00fa37024 [ 312.827594] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 312.846515] RSP: 002b:00007fc00e3f8eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 23:45:27 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:27 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x10001, &(0x7f0000000200)=""/145) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x10001, &(0x7f0000000200)=""/145) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r3, r4, 0x0, 0x20000000d67) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 312.854224] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa37024 [ 312.861497] RDX: 0000000000000002 RSI: 00007fc00e3f8fe0 RDI: 00000000ffffff9c [ 312.868771] RBP: 00007fc00e3f8fe0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 312.876040] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 312.883310] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:28 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 312.955100] erofs: read_super, device -> /dev/loop2 [ 312.963232] erofs: read_super, device -> /dev/loop4 [ 312.964255] erofs: options -> [ 312.968320] erofs: options -> [ 312.975220] erofs: root inode @ nid 36 [ 312.987626] erofs: mounted on /dev/loop4 with opts: . [ 312.993298] erofs: read_super, device -> /dev/loop3 [ 313.000291] erofs: options -> 23:45:28 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 9) [ 313.012630] erofs: root inode @ nid 36 [ 313.025082] erofs: mounted on /dev/loop3 with opts: . [ 313.030756] erofs: cannot find valid erofs superblock [ 313.040542] erofs: unmounted for /dev/loop4 [ 313.051902] erofs: unmounted for /dev/loop3 [ 313.092458] FAULT_INJECTION: forcing a failure. [ 313.092458] name failslab, interval 1, probability 0, space 0, times 0 [ 313.107339] CPU: 1 PID: 18391 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 313.115250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.124613] Call Trace: [ 313.127217] dump_stack+0x1fc/0x2ef [ 313.130940] should_fail.cold+0xa/0xf [ 313.134751] ? setup_fault_attr+0x200/0x200 23:45:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x141041, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r1, 0x0, 0x20000000d67) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r2, 0xf502, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 313.139102] ? lock_acquire+0x170/0x3c0 [ 313.143080] __should_failslab+0x115/0x180 [ 313.147329] should_failslab+0x5/0x10 [ 313.151122] kmem_cache_alloc+0x277/0x370 [ 313.155280] __alloc_file+0x21/0x340 [ 313.159009] alloc_empty_file+0x6d/0x170 [ 313.163094] path_openat+0xe9/0x2df0 [ 313.166827] ? __lock_acquire+0x6de/0x3ff0 [ 313.171084] ? path_lookupat+0x8d0/0x8d0 [ 313.175154] ? mark_held_locks+0xf0/0xf0 [ 313.179233] do_filp_open+0x18c/0x3f0 [ 313.183032] ? may_open_dev+0xf0/0xf0 [ 313.186838] ? __alloc_fd+0x28d/0x570 [ 313.190645] ? lock_downgrade+0x720/0x720 [ 313.194792] ? lock_acquire+0x170/0x3c0 [ 313.198771] ? __alloc_fd+0x34/0x570 [ 313.202473] ? do_raw_spin_unlock+0x171/0x230 [ 313.206968] ? _raw_spin_unlock+0x29/0x40 [ 313.211102] ? __alloc_fd+0x28d/0x570 [ 313.214903] do_sys_open+0x3b3/0x520 [ 313.218616] ? filp_open+0x70/0x70 [ 313.222166] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 313.227518] ? trace_hardirqs_off_caller+0x6e/0x210 [ 313.232520] ? do_syscall_64+0x21/0x620 [ 313.236484] do_syscall_64+0xf9/0x620 [ 313.240298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.245489] RIP: 0033:0x7fc00fa37024 [ 313.249188] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 313.268082] RSP: 002b:00007fc00e3f8eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 313.275800] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa37024 [ 313.283073] RDX: 0000000000000002 RSI: 00007fc00e3f8fe0 RDI: 00000000ffffff9c [ 313.290342] RBP: 00007fc00e3f8fe0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 313.297685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 313.304955] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 313.329548] erofs: read_super, device -> /dev/loop1 [ 313.335986] erofs: read_super, device -> /dev/loop5 23:45:28 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:28 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 10) [ 313.341023] erofs: options -> [ 313.355624] erofs: options -> [ 313.360097] erofs: root inode @ nid 36 [ 313.375862] erofs: bogus i_mode (0) @ nid 36 23:45:28 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 313.393133] erofs: cannot find valid erofs superblock 23:45:28 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100), 0x0, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 313.434720] FAULT_INJECTION: forcing a failure. [ 313.434720] name failslab, interval 1, probability 0, space 0, times 0 [ 313.458275] CPU: 1 PID: 18423 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 313.466181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.475539] Call Trace: [ 313.478143] dump_stack+0x1fc/0x2ef [ 313.481776] should_fail.cold+0xa/0xf [ 313.485588] ? setup_fault_attr+0x200/0x200 [ 313.489906] ? lock_acquire+0x170/0x3c0 [ 313.493886] __should_failslab+0x115/0x180 [ 313.498130] should_failslab+0x5/0x10 [ 313.501930] kmem_cache_alloc_trace+0x284/0x380 [ 313.506717] apparmor_file_alloc_security+0x394/0xad0 [ 313.511927] ? apparmor_file_receive+0x160/0x160 [ 313.516693] ? __alloc_file+0x21/0x340 [ 313.520595] security_file_alloc+0x40/0x90 [ 313.524867] __alloc_file+0xd8/0x340 [ 313.528595] alloc_empty_file+0x6d/0x170 [ 313.532665] path_openat+0xe9/0x2df0 [ 313.536375] ? __lock_acquire+0x6de/0x3ff0 [ 313.540620] ? path_lookupat+0x8d0/0x8d0 [ 313.544686] ? mark_held_locks+0xf0/0xf0 [ 313.548752] do_filp_open+0x18c/0x3f0 [ 313.552549] ? may_open_dev+0xf0/0xf0 [ 313.556355] ? __alloc_fd+0x28d/0x570 [ 313.560173] ? lock_downgrade+0x720/0x720 [ 313.564328] ? lock_acquire+0x170/0x3c0 [ 313.568303] ? __alloc_fd+0x34/0x570 [ 313.572004] ? do_raw_spin_unlock+0x171/0x230 [ 313.576489] ? _raw_spin_unlock+0x29/0x40 [ 313.580625] ? __alloc_fd+0x28d/0x570 [ 313.584428] do_sys_open+0x3b3/0x520 [ 313.588143] ? filp_open+0x70/0x70 [ 313.591681] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 313.597100] ? trace_hardirqs_off_caller+0x6e/0x210 [ 313.602113] ? do_syscall_64+0x21/0x620 [ 313.606098] do_syscall_64+0xf9/0x620 [ 313.609925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.615109] RIP: 0033:0x7fc00fa37024 [ 313.618810] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 313.637789] RSP: 002b:00007fc00e3f8eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 313.645506] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa37024 [ 313.652772] RDX: 0000000000000002 RSI: 00007fc00e3f8fe0 RDI: 00000000ffffff9c [ 313.660032] RBP: 00007fc00e3f8fe0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 313.667294] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 313.674569] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:28 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:28 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 11) [ 313.719932] erofs: read_super, device -> /dev/loop3 [ 313.720086] erofs: read_super, device -> /dev/loop2 [ 313.732608] erofs: options -> [ 313.733412] erofs: options -> [ 313.746229] erofs: root inode @ nid 36 [ 313.752450] erofs: mounted on /dev/loop3 with opts: . [ 313.759290] erofs: cannot find valid erofs superblock [ 313.769936] erofs: unmounted for /dev/loop3 23:45:28 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e803000000000000", 0x20, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 313.849211] FAULT_INJECTION: forcing a failure. [ 313.849211] name failslab, interval 1, probability 0, space 0, times 0 [ 313.860793] CPU: 1 PID: 18440 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 313.868768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.878121] Call Trace: [ 313.880703] dump_stack+0x1fc/0x2ef [ 313.884341] should_fail.cold+0xa/0xf [ 313.888146] ? setup_fault_attr+0x200/0x200 [ 313.892473] ? lock_acquire+0x170/0x3c0 [ 313.896460] __should_failslab+0x115/0x180 [ 313.900688] should_failslab+0x5/0x10 [ 313.904609] kmem_cache_alloc_trace+0x284/0x380 [ 313.909278] ? loop_info64_to_compat+0x5e0/0x5e0 [ 313.914023] __kthread_create_on_node+0xd2/0x410 [ 313.918780] ? kthread_parkme+0xa0/0xa0 [ 313.922748] ? lock_acquire+0x170/0x3c0 [ 313.926725] ? lo_ioctl+0x1bb/0x20e0 [ 313.930444] ? __mutex_lock+0x368/0x1190 [ 313.934514] ? lock_downgrade+0x720/0x720 [ 313.938722] ? check_preemption_disabled+0x41/0x280 [ 313.943823] ? loop_info64_to_compat+0x5e0/0x5e0 [ 313.948573] kthread_create_on_node+0xbb/0xf0 [ 313.953067] ? __kthread_create_on_node+0x410/0x410 [ 313.958088] ? __fget+0x356/0x510 [ 313.961540] ? do_dup2+0x450/0x450 [ 313.965068] ? __lockdep_init_map+0x100/0x5a0 [ 313.969553] ? __lockdep_init_map+0x100/0x5a0 [ 313.974039] lo_ioctl+0xae5/0x20e0 [ 313.977583] ? loop_set_status64+0x110/0x110 [ 313.981982] blkdev_ioctl+0x5cb/0x1a80 [ 313.985964] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.991326] ? blkpg_ioctl+0x9d0/0x9d0 [ 313.995213] ? mark_held_locks+0xf0/0xf0 [ 313.999267] ? mark_held_locks+0xf0/0xf0 [ 314.003349] ? debug_check_no_obj_freed+0x201/0x490 [ 314.008390] ? lock_downgrade+0x720/0x720 [ 314.012531] block_ioctl+0xe9/0x130 [ 314.016155] ? blkdev_fallocate+0x3f0/0x3f0 [ 314.020469] do_vfs_ioctl+0xcdb/0x12e0 [ 314.024368] ? lock_downgrade+0x720/0x720 [ 314.028519] ? check_preemption_disabled+0x41/0x280 [ 314.033532] ? ioctl_preallocate+0x200/0x200 [ 314.037944] ? __fget+0x356/0x510 [ 314.041400] ? do_dup2+0x450/0x450 [ 314.044942] ? do_sys_open+0x2bf/0x520 [ 314.048841] ksys_ioctl+0x9b/0xc0 [ 314.052301] __x64_sys_ioctl+0x6f/0xb0 [ 314.056181] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 314.060751] do_syscall_64+0xf9/0x620 [ 314.064547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.069728] RIP: 0033:0x7fc00fa83ec7 [ 314.073437] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 314.092335] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 314.100047] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 314.107407] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 314.114775] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 314.122036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 314.129382] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:29 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:29 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 12) [ 314.147705] erofs: read_super, device -> /dev/loop5 [ 314.154056] erofs: read_super, device -> /dev/loop1 [ 314.159086] erofs: options -> [ 314.163328] erofs: cannot find valid erofs superblock [ 314.174789] erofs: options -> [ 314.186838] erofs: root inode @ nid 36 23:45:29 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 314.199817] erofs: bogus i_mode (0) @ nid 36 23:45:29 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x141041, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r1, 0x0, 0x20000000d67) (async) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r2, 0xf502, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:29 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000", 0x10, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 314.265301] FAULT_INJECTION: forcing a failure. [ 314.265301] name failslab, interval 1, probability 0, space 0, times 0 [ 314.280512] CPU: 1 PID: 18454 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 314.288419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.297772] Call Trace: [ 314.300350] dump_stack+0x1fc/0x2ef [ 314.303995] should_fail.cold+0xa/0xf [ 314.307787] ? setup_fault_attr+0x200/0x200 [ 314.312098] ? lock_acquire+0x170/0x3c0 [ 314.316062] __should_failslab+0x115/0x180 [ 314.320282] should_failslab+0x5/0x10 [ 314.324069] kmem_cache_alloc+0x277/0x370 [ 314.328229] __kernfs_new_node+0xd2/0x680 [ 314.332420] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 314.337164] ? _raw_spin_unlock_irq+0x5a/0x80 [ 314.341649] ? __cpu_to_node+0x7b/0xa0 [ 314.345525] ? mark_held_locks+0xf0/0xf0 [ 314.349572] ? io_schedule_timeout+0x140/0x140 [ 314.354151] ? enqueue_entity+0xf86/0x3850 [ 314.358392] ? set_user_nice.part.0+0x3b9/0xab0 [ 314.363054] kernfs_create_dir_ns+0x9e/0x230 [ 314.367473] internal_create_group+0x1c1/0xb20 [ 314.372057] ? sysfs_remove_link_from_group+0x70/0x70 [ 314.377249] ? lock_downgrade+0x720/0x720 [ 314.381391] lo_ioctl+0xf7c/0x20e0 [ 314.384919] ? loop_set_status64+0x110/0x110 [ 314.389309] blkdev_ioctl+0x5cb/0x1a80 [ 314.393193] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.398553] ? blkpg_ioctl+0x9d0/0x9d0 [ 314.402432] ? mark_held_locks+0xf0/0xf0 [ 314.406483] ? mark_held_locks+0xf0/0xf0 [ 314.410532] ? debug_check_no_obj_freed+0x201/0x490 [ 314.415539] ? lock_downgrade+0x720/0x720 [ 314.419674] block_ioctl+0xe9/0x130 [ 314.423283] ? blkdev_fallocate+0x3f0/0x3f0 [ 314.427594] do_vfs_ioctl+0xcdb/0x12e0 [ 314.431469] ? lock_downgrade+0x720/0x720 [ 314.435606] ? check_preemption_disabled+0x41/0x280 [ 314.440608] ? ioctl_preallocate+0x200/0x200 [ 314.445005] ? __fget+0x356/0x510 [ 314.448443] ? do_dup2+0x450/0x450 [ 314.451973] ? do_sys_open+0x2bf/0x520 [ 314.455852] ksys_ioctl+0x9b/0xc0 [ 314.459438] __x64_sys_ioctl+0x6f/0xb0 [ 314.463424] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 314.468014] do_syscall_64+0xf9/0x620 [ 314.471806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.476984] RIP: 0033:0x7fc00fa83ec7 [ 314.480681] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 314.499679] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 314.507375] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 314.514632] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 314.521891] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 314.529156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 314.536423] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 314.552530] erofs: read_super, device -> /dev/loop4 [ 314.558138] erofs: options -> [ 314.562468] erofs: root inode @ nid 36 [ 314.572961] erofs: mounted on /dev/loop4 with opts: . [ 314.580556] erofs: read_super, device -> /dev/loop2 [ 314.586524] erofs: options -> [ 314.590389] erofs: read_super, device -> /dev/loop1 [ 314.590689] erofs: read_super, device -> /dev/loop3 [ 314.599855] erofs: options -> [ 314.608486] erofs: options -> 23:45:29 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 13) [ 314.620027] erofs: root inode @ nid 36 [ 314.624217] erofs: root inode @ nid 36 [ 314.624274] erofs: blksize 1 isn't supported on this platform [ 314.636383] erofs: read_super, device -> /dev/loop5 [ 314.637505] erofs: mounted on /dev/loop3 with opts: . [ 314.646911] erofs: mounted on /dev/loop2 with opts: . [ 314.652635] erofs: options -> [ 314.656634] erofs: unmounted for /dev/loop4 [ 314.664611] erofs: unmounted for /dev/loop2 [ 314.670727] erofs: root inode @ nid 36 [ 314.673716] erofs: unmounted for /dev/loop3 [ 314.681972] erofs: mounted on /dev/loop5 with opts: . [ 314.687557] erofs: unmounted for /dev/loop5 23:45:29 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:29 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 314.813632] FAULT_INJECTION: forcing a failure. [ 314.813632] name failslab, interval 1, probability 0, space 0, times 0 [ 314.828817] CPU: 1 PID: 18486 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 314.836727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.846447] Call Trace: [ 314.849043] dump_stack+0x1fc/0x2ef [ 314.852669] should_fail.cold+0xa/0xf [ 314.856517] ? setup_fault_attr+0x200/0x200 [ 314.860845] ? lock_acquire+0x170/0x3c0 [ 314.864861] __should_failslab+0x115/0x180 [ 314.869098] should_failslab+0x5/0x10 [ 314.872912] kmem_cache_alloc+0x277/0x370 [ 314.877422] __kernfs_new_node+0xd2/0x680 [ 314.881575] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 314.886326] ? __mutex_unlock_slowpath+0xea/0x610 [ 314.891191] ? wait_for_completion_io+0x10/0x10 [ 314.895895] ? kernfs_next_descendant_post+0x19c/0x290 [ 314.901214] kernfs_new_node+0x92/0x120 [ 314.905193] __kernfs_create_file+0x51/0x340 [ 314.909612] sysfs_add_file_mode_ns+0x226/0x540 [ 314.914302] internal_create_group+0x355/0xb20 [ 314.918900] ? sysfs_remove_link_from_group+0x70/0x70 [ 314.924094] ? lock_downgrade+0x720/0x720 [ 314.928249] lo_ioctl+0xf7c/0x20e0 [ 314.931784] ? loop_set_status64+0x110/0x110 [ 314.936286] blkdev_ioctl+0x5cb/0x1a80 [ 314.940223] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.945601] ? blkpg_ioctl+0x9d0/0x9d0 [ 314.949494] ? mark_held_locks+0xf0/0xf0 [ 314.953560] ? mark_held_locks+0xf0/0xf0 [ 314.957637] ? debug_check_no_obj_freed+0x201/0x490 [ 314.962671] ? lock_downgrade+0x720/0x720 [ 314.966820] block_ioctl+0xe9/0x130 [ 314.970635] ? blkdev_fallocate+0x3f0/0x3f0 [ 314.974972] do_vfs_ioctl+0xcdb/0x12e0 [ 314.978863] ? lock_downgrade+0x720/0x720 [ 314.983014] ? check_preemption_disabled+0x41/0x280 [ 314.988042] ? ioctl_preallocate+0x200/0x200 [ 314.992453] ? __fget+0x356/0x510 [ 314.995917] ? do_dup2+0x450/0x450 [ 314.999470] ? do_sys_open+0x2bf/0x520 [ 315.003378] ksys_ioctl+0x9b/0xc0 [ 315.006851] __x64_sys_ioctl+0x6f/0xb0 [ 315.010761] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 315.015361] do_syscall_64+0xf9/0x620 [ 315.019279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 315.024483] RIP: 0033:0x7fc00fa83ec7 [ 315.028207] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 315.047122] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.055025] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 315.062408] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 315.069670] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 315.076935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 315.084209] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:30 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05", 0x1, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:30 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:30 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 14) [ 315.121908] erofs: read_super, device -> /dev/loop4 [ 315.137590] erofs: options -> [ 315.145387] erofs: root inode @ nid 36 [ 315.154417] erofs: mounted on /dev/loop4 with opts: . [ 315.192483] erofs: unmounted for /dev/loop4 [ 315.199161] erofs: read_super, device -> /dev/loop3 [ 315.215562] erofs: options -> [ 315.227012] erofs: root inode @ nid 36 [ 315.237548] erofs: mounted on /dev/loop3 with opts: . 23:45:30 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 315.243847] erofs: unmounted for /dev/loop3 [ 315.286250] FAULT_INJECTION: forcing a failure. [ 315.286250] name failslab, interval 1, probability 0, space 0, times 0 [ 315.298546] CPU: 0 PID: 18511 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 315.306572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.315931] Call Trace: [ 315.318526] dump_stack+0x1fc/0x2ef [ 315.322346] should_fail.cold+0xa/0xf [ 315.326139] ? setup_fault_attr+0x200/0x200 [ 315.330448] ? lock_acquire+0x170/0x3c0 [ 315.334557] __should_failslab+0x115/0x180 [ 315.338945] should_failslab+0x5/0x10 [ 315.342742] kmem_cache_alloc+0x277/0x370 [ 315.346891] __kernfs_new_node+0xd2/0x680 [ 315.351036] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 315.355783] ? kernfs_activate+0x2c/0x1d0 [ 315.359932] ? lock_downgrade+0x720/0x720 [ 315.364097] ? kernfs_add_one+0x51/0x4c0 [ 315.368262] ? mutex_trylock+0x1a0/0x1a0 [ 315.372327] ? __mutex_unlock_slowpath+0xea/0x610 [ 315.377165] kernfs_new_node+0x92/0x120 [ 315.381144] __kernfs_create_file+0x51/0x340 [ 315.385562] sysfs_add_file_mode_ns+0x226/0x540 [ 315.390222] internal_create_group+0x355/0xb20 [ 315.394797] ? sysfs_remove_link_from_group+0x70/0x70 [ 315.399983] ? lock_downgrade+0x720/0x720 [ 315.405066] lo_ioctl+0xf7c/0x20e0 [ 315.408613] ? loop_set_status64+0x110/0x110 [ 315.413029] blkdev_ioctl+0x5cb/0x1a80 [ 315.416917] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 315.422382] ? blkpg_ioctl+0x9d0/0x9d0 [ 315.426258] ? mark_held_locks+0xf0/0xf0 [ 315.430313] ? mark_held_locks+0xf0/0xf0 [ 315.434362] ? debug_check_no_obj_freed+0x201/0x490 [ 315.439373] ? lock_downgrade+0x720/0x720 [ 315.443509] block_ioctl+0xe9/0x130 [ 315.447212] ? blkdev_fallocate+0x3f0/0x3f0 [ 315.451609] do_vfs_ioctl+0xcdb/0x12e0 [ 315.455488] ? lock_downgrade+0x720/0x720 [ 315.459620] ? check_preemption_disabled+0x41/0x280 [ 315.464641] ? ioctl_preallocate+0x200/0x200 [ 315.469035] ? __fget+0x356/0x510 [ 315.472473] ? do_dup2+0x450/0x450 [ 315.475995] ? do_sys_open+0x2bf/0x520 [ 315.479967] ksys_ioctl+0x9b/0xc0 [ 315.483518] __x64_sys_ioctl+0x6f/0xb0 [ 315.487436] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 315.492014] do_syscall_64+0xf9/0x620 [ 315.495813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 315.500988] RIP: 0033:0x7fc00fa83ec7 [ 315.504684] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 315.523569] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.531270] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 315.538523] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 315.545779] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 315.553032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 315.560283] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 315.581753] erofs: read_super, device -> /dev/loop2 23:45:30 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 64) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x141041, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r1, r1, 0x0, 0x20000000d67) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r2, 0xf502, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async, rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 315.583855] erofs: read_super, device -> /dev/loop1 [ 315.590493] erofs: options -> [ 315.592045] erofs: read_super, device -> /dev/loop5 [ 315.599641] erofs: cannot find valid erofs superblock [ 315.620708] erofs: read_super, device -> /dev/loop4 [ 315.626005] erofs: options -> [ 315.630070] erofs: options -> 23:45:30 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 315.641720] erofs: blksize 1 isn't supported on this platform [ 315.645241] erofs: options -> [ 315.654309] erofs: root inode @ nid 36 [ 315.670441] erofs: mounted on /dev/loop4 with opts: . [ 315.679435] erofs: root inode @ nid 36 [ 315.694901] erofs: bogus i_mode (0) @ nid 36 [ 315.714432] erofs: read_super, device -> /dev/loop3 [ 315.719875] erofs: options -> [ 315.724450] erofs: root inode @ nid 36 23:45:30 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 15) 23:45:30 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 315.746191] erofs: mounted on /dev/loop3 with opts: . [ 315.754523] erofs: unmounted for /dev/loop4 [ 315.757767] erofs: unmounted for /dev/loop3 [ 315.770583] erofs: read_super, device -> /dev/loop2 [ 315.788990] erofs: options -> 23:45:30 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:30 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05", 0x1, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 315.800611] erofs: cannot find valid erofs superblock 23:45:30 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 315.885606] erofs: read_super, device -> /dev/loop1 [ 315.890870] erofs: read_super, device -> /dev/loop3 [ 315.896915] erofs: options -> [ 315.900332] erofs: options -> [ 315.908601] erofs: read_super, device -> /dev/loop5 [ 315.911629] FAULT_INJECTION: forcing a failure. [ 315.911629] name failslab, interval 1, probability 0, space 0, times 0 [ 315.921074] erofs: options -> [ 315.926790] erofs: root inode @ nid 36 [ 315.932617] erofs: blksize 1 isn't supported on this platform [ 315.939292] CPU: 1 PID: 18556 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 315.947189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.951300] erofs: mounted on /dev/loop3 with opts: . [ 315.956544] Call Trace: [ 315.956567] dump_stack+0x1fc/0x2ef [ 315.956587] should_fail.cold+0xa/0xf [ 315.956606] ? setup_fault_attr+0x200/0x200 [ 315.956621] ? lock_acquire+0x170/0x3c0 [ 315.956638] __should_failslab+0x115/0x180 [ 315.956679] should_failslab+0x5/0x10 [ 315.956692] kmem_cache_alloc+0x277/0x370 [ 315.956708] __kernfs_new_node+0xd2/0x680 [ 315.956726] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 315.956743] ? __mutex_unlock_slowpath+0xea/0x610 [ 315.956758] ? wait_for_completion_io+0x10/0x10 [ 315.956774] ? kernfs_next_descendant_post+0x19c/0x290 [ 315.956792] kernfs_new_node+0x92/0x120 [ 315.956808] __kernfs_create_file+0x51/0x340 [ 315.956827] sysfs_add_file_mode_ns+0x226/0x540 [ 315.970773] erofs: root inode @ nid 36 [ 315.971996] internal_create_group+0x355/0xb20 [ 315.972019] ? sysfs_remove_link_from_group+0x70/0x70 [ 315.972034] ? lock_downgrade+0x720/0x720 [ 315.972062] lo_ioctl+0xf7c/0x20e0 [ 315.976835] erofs: unmounted for /dev/loop3 [ 315.980344] ? loop_set_status64+0x110/0x110 [ 315.980366] blkdev_ioctl+0x5cb/0x1a80 [ 315.980387] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 315.980401] ? blkpg_ioctl+0x9d0/0x9d0 [ 315.997263] erofs: bogus i_mode (0) @ nid 36 [ 316.001430] ? mark_held_locks+0xf0/0xf0 [ 316.001447] ? mark_held_locks+0xf0/0xf0 [ 316.001467] ? debug_check_no_obj_freed+0x201/0x490 [ 316.001485] ? lock_downgrade+0x720/0x720 [ 316.001500] block_ioctl+0xe9/0x130 [ 316.097522] ? blkdev_fallocate+0x3f0/0x3f0 [ 316.101864] do_vfs_ioctl+0xcdb/0x12e0 [ 316.105773] ? lock_downgrade+0x720/0x720 [ 316.109929] ? check_preemption_disabled+0x41/0x280 [ 316.114953] ? ioctl_preallocate+0x200/0x200 [ 316.119390] ? __fget+0x356/0x510 [ 316.122844] ? do_dup2+0x450/0x450 [ 316.126390] ? do_sys_open+0x2bf/0x520 [ 316.130268] ksys_ioctl+0x9b/0xc0 [ 316.133723] __x64_sys_ioctl+0x6f/0xb0 [ 316.137619] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 316.142207] do_syscall_64+0xf9/0x620 [ 316.146011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.151204] RIP: 0033:0x7fc00fa83ec7 [ 316.154925] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 316.173836] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 316.181548] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 316.189011] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 316.196450] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 316.203739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 316.211091] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:31 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:31 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 316.239062] erofs: read_super, device -> /dev/loop2 [ 316.246700] erofs: read_super, device -> /dev/loop4 [ 316.251741] erofs: options -> [ 316.258224] erofs: options -> [ 316.271418] erofs: root inode @ nid 36 [ 316.277500] erofs: mounted on /dev/loop4 with opts: . 23:45:31 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05", 0x1, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:31 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c002400", 0x10, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 316.284671] erofs: cannot find valid erofs superblock 23:45:31 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 16) [ 316.371842] erofs: unmounted for /dev/loop4 [ 316.419814] erofs: read_super, device -> /dev/loop1 [ 316.431559] erofs: read_super, device -> /dev/loop3 [ 316.438679] erofs: options -> [ 316.450279] erofs: options -> 23:45:31 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000000)={0x1, 0x6, 0x1, 0x3, 0x0, [0x7, 0x4, 0xdb86]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(r2, 0x0, 0x10400, 0x82) [ 316.470732] erofs: read_super, device -> /dev/loop5 [ 316.476059] erofs: root inode @ nid 36 [ 316.476211] erofs: blksize 1 isn't supported on this platform [ 316.480640] erofs: mounted on /dev/loop3 with opts: . [ 316.486427] erofs: options -> [ 316.495402] erofs: root inode @ nid 36 [ 316.499657] erofs: bogus i_mode (0) @ nid 36 [ 316.506591] FAULT_INJECTION: forcing a failure. [ 316.506591] name failslab, interval 1, probability 0, space 0, times 0 [ 316.518818] CPU: 1 PID: 18584 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 316.526723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.529809] erofs: unmounted for /dev/loop3 [ 316.536074] Call Trace: [ 316.536098] dump_stack+0x1fc/0x2ef [ 316.536119] should_fail.cold+0xa/0xf [ 316.536136] ? setup_fault_attr+0x200/0x200 [ 316.536150] ? lock_acquire+0x170/0x3c0 [ 316.536168] __should_failslab+0x115/0x180 [ 316.536184] should_failslab+0x5/0x10 [ 316.536196] kmem_cache_alloc+0x277/0x370 [ 316.536212] __kernfs_new_node+0xd2/0x680 [ 316.536230] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 316.536246] ? __mutex_unlock_slowpath+0xea/0x610 [ 316.536262] ? wait_for_completion_io+0x10/0x10 [ 316.589626] ? kernfs_next_descendant_post+0x19c/0x290 [ 316.594899] kernfs_new_node+0x92/0x120 [ 316.598870] __kernfs_create_file+0x51/0x340 [ 316.603300] sysfs_add_file_mode_ns+0x226/0x540 [ 316.607968] internal_create_group+0x355/0xb20 [ 316.612560] ? sysfs_remove_link_from_group+0x70/0x70 [ 316.617756] ? lock_downgrade+0x720/0x720 [ 316.621927] lo_ioctl+0xf7c/0x20e0 [ 316.625481] ? loop_set_status64+0x110/0x110 [ 316.629903] blkdev_ioctl+0x5cb/0x1a80 [ 316.633797] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.639157] ? blkpg_ioctl+0x9d0/0x9d0 [ 316.643038] ? mark_held_locks+0xf0/0xf0 [ 316.647109] ? mark_held_locks+0xf0/0xf0 [ 316.651165] ? debug_check_no_obj_freed+0x201/0x490 [ 316.656177] ? lock_downgrade+0x720/0x720 [ 316.660312] block_ioctl+0xe9/0x130 [ 316.663932] ? blkdev_fallocate+0x3f0/0x3f0 [ 316.668362] do_vfs_ioctl+0xcdb/0x12e0 [ 316.672324] ? lock_downgrade+0x720/0x720 [ 316.676459] ? check_preemption_disabled+0x41/0x280 [ 316.681460] ? ioctl_preallocate+0x200/0x200 [ 316.685871] ? __fget+0x356/0x510 [ 316.689327] ? do_dup2+0x450/0x450 [ 316.692861] ? do_sys_open+0x2bf/0x520 [ 316.696747] ksys_ioctl+0x9b/0xc0 [ 316.700215] __x64_sys_ioctl+0x6f/0xb0 [ 316.704099] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 316.708676] do_syscall_64+0xf9/0x620 [ 316.712475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.717654] RIP: 0033:0x7fc00fa83ec7 [ 316.721351] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 316.740238] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 316.747963] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 316.755229] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 316.762600] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 23:45:31 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 316.769874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 316.777145] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 316.906359] erofs: read_super, device -> /dev/loop4 [ 316.918908] erofs: read_super, device -> /dev/loop2 [ 316.926036] erofs: options -> [ 316.934540] erofs: options -> [ 316.945698] erofs: root inode @ nid 36 [ 316.947008] erofs: root inode @ nid 36 23:45:32 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 316.958784] erofs: mounted on /dev/loop2 with opts: . 23:45:32 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041000074", 0x9, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:32 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000000)={0x1, 0x6, 0x1, 0x3, 0x0, [0x7, 0x4, 0xdb86]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(r2, 0x0, 0x10400, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000000)={0x1, 0x6, 0x1, 0x3, 0x0, [0x7, 0x4, 0xdb86]}) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(r2, 0x0, 0x10400, 0x82) (async) 23:45:32 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 17) [ 316.985916] erofs: mounted on /dev/loop4 with opts: . [ 316.999893] erofs: unmounted for /dev/loop2 [ 317.008762] erofs: read_super, device -> /dev/loop1 [ 317.030901] erofs: options -> 23:45:32 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:32 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000000)={0x1, 0x6, 0x1, 0x3, 0x0, [0x7, 0x4, 0xdb86]}) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(r2, 0x0, 0x10400, 0x82) [ 317.040834] erofs: unmounted for /dev/loop4 [ 317.048837] erofs: blksize 1 isn't supported on this platform 23:45:32 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 317.104795] erofs: read_super, device -> /dev/loop3 [ 317.106633] erofs: read_super, device -> /dev/loop5 [ 317.120361] erofs: options -> [ 317.132649] erofs: options -> [ 317.135076] erofs: root inode @ nid 36 [ 317.140538] erofs: root inode @ nid 36 [ 317.151059] erofs: mounted on /dev/loop3 with opts: . [ 317.167510] erofs: mounted on /dev/loop5 with opts: . [ 317.193132] erofs: unmounted for /dev/loop5 23:45:32 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) openat(r2, &(0x7f0000000000)='./file1\x00', 0x105001, 0x40) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 317.215346] erofs: unmounted for /dev/loop3 [ 317.272110] FAULT_INJECTION: forcing a failure. [ 317.272110] name failslab, interval 1, probability 0, space 0, times 0 [ 317.288826] CPU: 0 PID: 18641 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 317.296734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.306091] Call Trace: [ 317.308714] dump_stack+0x1fc/0x2ef [ 317.312359] should_fail.cold+0xa/0xf [ 317.316175] ? setup_fault_attr+0x200/0x200 [ 317.320608] ? lock_acquire+0x170/0x3c0 [ 317.324692] __should_failslab+0x115/0x180 [ 317.328940] should_failslab+0x5/0x10 [ 317.332776] kmem_cache_alloc+0x277/0x370 [ 317.336950] __kernfs_new_node+0xd2/0x680 [ 317.341211] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 317.345980] ? __mutex_unlock_slowpath+0xea/0x610 [ 317.350838] ? wait_for_completion_io+0x10/0x10 [ 317.355522] ? kernfs_next_descendant_post+0x19c/0x290 [ 317.360831] kernfs_new_node+0x92/0x120 [ 317.364917] __kernfs_create_file+0x51/0x340 [ 317.369342] sysfs_add_file_mode_ns+0x226/0x540 [ 317.374031] internal_create_group+0x355/0xb20 [ 317.378638] ? sysfs_remove_link_from_group+0x70/0x70 [ 317.383889] ? lock_downgrade+0x720/0x720 [ 317.388057] lo_ioctl+0xf7c/0x20e0 [ 317.391617] ? loop_set_status64+0x110/0x110 [ 317.396046] blkdev_ioctl+0x5cb/0x1a80 [ 317.399947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.405322] ? blkpg_ioctl+0x9d0/0x9d0 [ 317.409226] ? mark_held_locks+0xf0/0xf0 [ 317.413308] ? mark_held_locks+0xf0/0xf0 [ 317.417384] ? debug_check_no_obj_freed+0x201/0x490 [ 317.422517] ? lock_downgrade+0x720/0x720 [ 317.426693] block_ioctl+0xe9/0x130 [ 317.430335] ? blkdev_fallocate+0x3f0/0x3f0 [ 317.434693] do_vfs_ioctl+0xcdb/0x12e0 [ 317.438603] ? lock_downgrade+0x720/0x720 [ 317.442781] ? check_preemption_disabled+0x41/0x280 [ 317.447819] ? ioctl_preallocate+0x200/0x200 [ 317.452247] ? __fget+0x356/0x510 [ 317.455721] ? do_dup2+0x450/0x450 [ 317.459294] ? do_sys_open+0x2bf/0x520 [ 317.463202] ksys_ioctl+0x9b/0xc0 [ 317.466681] __x64_sys_ioctl+0x6f/0xb0 [ 317.470583] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 317.475179] do_syscall_64+0xf9/0x620 [ 317.479100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.484304] RIP: 0033:0x7fc00fa83ec7 [ 317.488032] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 317.506948] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 317.514663] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 317.522033] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 317.529313] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 317.536597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 317.543877] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 317.609349] erofs: read_super, device -> /dev/loop4 [ 317.616223] erofs: options -> [ 317.624165] erofs: root inode @ nid 36 [ 317.633162] erofs: mounted on /dev/loop4 with opts: . [ 317.648927] erofs: read_super, device -> /dev/loop2 [ 317.654369] erofs: read_super, device -> /dev/loop1 23:45:32 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041000074", 0x9, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:32 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:32 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 18) [ 317.692229] erofs: options -> [ 317.696209] erofs: options -> [ 317.716401] erofs: blksize 1 isn't supported on this platform [ 317.723088] erofs: cannot find valid erofs superblock [ 317.746565] erofs: unmounted for /dev/loop4 [ 317.833574] erofs: read_super, device -> /dev/loop5 [ 317.840990] erofs: options -> [ 317.854783] erofs: root inode @ nid 36 [ 317.868282] erofs: mounted on /dev/loop5 with opts: . 23:45:32 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:32 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 317.907200] erofs: read_super, device -> /dev/loop3 [ 317.909705] erofs: unmounted for /dev/loop5 [ 317.912243] erofs: options -> [ 317.945692] erofs: root inode @ nid 36 [ 317.967430] erofs: mounted on /dev/loop3 with opts: . [ 317.977688] FAULT_INJECTION: forcing a failure. [ 317.977688] name failslab, interval 1, probability 0, space 0, times 0 [ 318.001377] erofs: unmounted for /dev/loop3 [ 318.017487] CPU: 0 PID: 18673 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 318.025526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.034890] Call Trace: [ 318.037495] dump_stack+0x1fc/0x2ef [ 318.041143] should_fail.cold+0xa/0xf [ 318.044959] ? setup_fault_attr+0x200/0x200 [ 318.049389] ? lock_acquire+0x170/0x3c0 [ 318.053376] __should_failslab+0x115/0x180 [ 318.057629] should_failslab+0x5/0x10 [ 318.061615] kmem_cache_alloc+0x277/0x370 [ 318.066064] __kernfs_new_node+0xd2/0x680 [ 318.070229] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 318.075002] ? __mutex_unlock_slowpath+0xea/0x610 [ 318.079862] ? wait_for_completion_io+0x10/0x10 [ 318.084545] ? kernfs_next_descendant_post+0x19c/0x290 [ 318.089853] kernfs_new_node+0x92/0x120 [ 318.093866] __kernfs_create_file+0x51/0x340 [ 318.098300] sysfs_add_file_mode_ns+0x226/0x540 [ 318.102995] internal_create_group+0x355/0xb20 [ 318.107634] ? sysfs_remove_link_from_group+0x70/0x70 [ 318.112843] ? lock_downgrade+0x720/0x720 [ 318.117030] lo_ioctl+0xf7c/0x20e0 [ 318.120594] ? loop_set_status64+0x110/0x110 [ 318.125017] blkdev_ioctl+0x5cb/0x1a80 [ 318.128919] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.134311] ? blkpg_ioctl+0x9d0/0x9d0 [ 318.138222] ? mark_held_locks+0xf0/0xf0 [ 318.142302] ? mark_held_locks+0xf0/0xf0 [ 318.146373] ? debug_check_no_obj_freed+0x201/0x490 [ 318.151408] ? lock_downgrade+0x720/0x720 [ 318.155568] block_ioctl+0xe9/0x130 [ 318.159210] ? blkdev_fallocate+0x3f0/0x3f0 [ 318.163545] do_vfs_ioctl+0xcdb/0x12e0 [ 318.167446] ? lock_downgrade+0x720/0x720 [ 318.171608] ? check_preemption_disabled+0x41/0x280 [ 318.176648] ? ioctl_preallocate+0x200/0x200 [ 318.181070] ? __fget+0x356/0x510 [ 318.184538] ? do_dup2+0x450/0x450 [ 318.188083] ? do_sys_open+0x2bf/0x520 [ 318.192087] ksys_ioctl+0x9b/0xc0 [ 318.195573] __x64_sys_ioctl+0x6f/0xb0 [ 318.199473] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 318.204064] do_syscall_64+0xf9/0x620 [ 318.207876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.213072] RIP: 0033:0x7fc00fa83ec7 [ 318.216881] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 318.235873] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.243593] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 318.250888] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 318.258164] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 23:45:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) (async) openat(r2, &(0x7f0000000000)='./file1\x00', 0x105001, 0x40) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 318.265424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 318.272804] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:33 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041000074", 0x9, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:33 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x23, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 318.343394] erofs: read_super, device -> /dev/loop2 [ 318.343776] erofs: read_super, device -> /dev/loop1 [ 318.361738] erofs: options -> [ 318.366861] erofs: root inode @ nid 0 [ 318.372772] erofs: options -> [ 318.375735] erofs: bogus i_mode (0) @ nid 0 23:45:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) openat(r2, &(0x7f0000000000)='./file1\x00', 0x105001, 0x40) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r1, r2, 0x0, 0x20000000d67) (async) openat(r2, &(0x7f0000000000)='./file1\x00', 0x105001, 0x40) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 318.389055] erofs: cannot find valid erofs superblock [ 318.396837] erofs: read_super, device -> /dev/loop4 [ 318.402419] erofs: options -> [ 318.413771] erofs: root inode @ nid 36 [ 318.417972] erofs: mounted on /dev/loop4 with opts: . [ 318.436423] ieee802154 phy0 wpan0: encryption failed: -22 23:45:33 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 318.442035] ieee802154 phy1 wpan1: encryption failed: -22 23:45:33 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 19) 23:45:33 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 318.520654] erofs: read_super, device -> /dev/loop5 [ 318.531121] erofs: options -> [ 318.540451] erofs: root inode @ nid 36 [ 318.546530] erofs: mounted on /dev/loop5 with opts: . [ 318.552223] erofs: unmounted for /dev/loop4 [ 318.552892] erofs: read_super, device -> /dev/loop3 [ 318.562167] erofs: options -> [ 318.585162] erofs: root inode @ nid 36 [ 318.587755] erofs: unmounted for /dev/loop5 [ 318.601324] erofs: mounted on /dev/loop3 with opts: . [ 318.634964] erofs: unmounted for /dev/loop3 23:45:33 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000", 0xd, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 318.676664] erofs: read_super, device -> /dev/loop2 [ 318.684908] erofs: read_super, device -> /dev/loop1 [ 318.687893] erofs: options -> [ 318.695297] erofs: options -> [ 318.699921] erofs: root inode @ nid 0 [ 318.704028] FAULT_INJECTION: forcing a failure. [ 318.704028] name failslab, interval 1, probability 0, space 0, times 0 [ 318.716108] erofs: cannot find valid erofs superblock [ 318.717433] erofs: bogus i_mode (0) @ nid 0 23:45:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpgid(r0) r1 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/239, 0xef}, {&(0x7f0000000300)=""/189, 0xbd}, {&(0x7f0000000140)=""/6, 0x6}], 0x3, &(0x7f00000016c0)=[{&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f00000003c0)=""/201, 0xc9}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/176, 0xb0}, {&(0x7f0000001580)=""/173, 0xad}, {&(0x7f0000001640)=""/125, 0x7d}], 0x6, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) tgkill(r2, r0, 0x22) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 318.727494] CPU: 1 PID: 18741 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 318.735392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.744749] Call Trace: [ 318.747340] dump_stack+0x1fc/0x2ef [ 318.750968] should_fail.cold+0xa/0xf [ 318.754863] ? setup_fault_attr+0x200/0x200 [ 318.759186] ? lock_acquire+0x170/0x3c0 [ 318.763172] ? dev_uevent_filter+0xd0/0xd0 [ 318.767552] __should_failslab+0x115/0x180 [ 318.771786] should_failslab+0x5/0x10 [ 318.775613] kmem_cache_alloc_trace+0x284/0x380 [ 318.780330] ? dev_uevent_filter+0xd0/0xd0 [ 318.784571] kobject_uevent_env+0x236/0x1480 [ 318.789079] lo_ioctl+0xff9/0x20e0 [ 318.792633] ? loop_set_status64+0x110/0x110 [ 318.797043] blkdev_ioctl+0x5cb/0x1a80 [ 318.800926] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.806286] ? blkpg_ioctl+0x9d0/0x9d0 [ 318.810165] ? mark_held_locks+0xf0/0xf0 [ 318.814235] ? mark_held_locks+0xf0/0xf0 [ 318.818312] ? debug_check_no_obj_freed+0x201/0x490 [ 318.823339] ? lock_downgrade+0x720/0x720 [ 318.827511] block_ioctl+0xe9/0x130 [ 318.831241] ? blkdev_fallocate+0x3f0/0x3f0 [ 318.835593] do_vfs_ioctl+0xcdb/0x12e0 [ 318.839487] ? lock_downgrade+0x720/0x720 [ 318.843655] ? check_preemption_disabled+0x41/0x280 [ 318.848852] ? ioctl_preallocate+0x200/0x200 [ 318.853292] ? __fget+0x356/0x510 [ 318.856754] ? do_dup2+0x450/0x450 [ 318.860297] ? do_sys_open+0x2bf/0x520 [ 318.864494] ksys_ioctl+0x9b/0xc0 [ 318.867956] __x64_sys_ioctl+0x6f/0xb0 [ 318.871873] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 318.876461] do_syscall_64+0xf9/0x620 [ 318.880256] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.885434] RIP: 0033:0x7fc00fa83ec7 [ 318.889135] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 318.908025] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.915734] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 318.923013] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 318.930288] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 318.937548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 318.944824] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:34 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 318.992665] erofs: read_super, device -> /dev/loop4 [ 319.006671] erofs: options -> [ 319.012196] erofs: root inode @ nid 36 23:45:34 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpgid(r0) (async) r1 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async, rerun: 64) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/239, 0xef}, {&(0x7f0000000300)=""/189, 0xbd}, {&(0x7f0000000140)=""/6, 0x6}], 0x3, &(0x7f00000016c0)=[{&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f00000003c0)=""/201, 0xc9}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/176, 0xb0}, {&(0x7f0000001580)=""/173, 0xad}, {&(0x7f0000001640)=""/125, 0x7d}], 0x6, 0x0) (rerun: 64) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async, rerun: 64) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async, rerun: 32) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async, rerun: 32) tgkill(r2, r0, 0x22) (rerun: 32) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 319.036991] erofs: mounted on /dev/loop4 with opts: . 23:45:34 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 20) 23:45:34 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.094029] erofs: read_super, device -> /dev/loop5 23:45:34 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x53, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.128004] erofs: options -> [ 319.141323] erofs: root inode @ nid 36 [ 319.150615] erofs: unmounted for /dev/loop4 [ 319.161063] erofs: mounted on /dev/loop5 with opts: . 23:45:34 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpgid(r0) (async, rerun: 32) r1 = gettid() (rerun: 32) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/239, 0xef}, {&(0x7f0000000300)=""/189, 0xbd}, {&(0x7f0000000140)=""/6, 0x6}], 0x3, &(0x7f00000016c0)=[{&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f00000003c0)=""/201, 0xc9}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/176, 0xb0}, {&(0x7f0000001580)=""/173, 0xad}, {&(0x7f0000001640)=""/125, 0x7d}], 0x6, 0x0) (async, rerun: 64) sched_setparam(0x0, 0x0) (rerun: 64) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 64) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) tgkill(r2, r0, 0x22) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 319.176133] erofs: unmounted for /dev/loop5 23:45:34 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x1000500, &(0x7f0000000200)="0f681681a0ea2c45f258edbfb019bce040b846379660d9a5c9f55f431bf29814a6a0c483be2037989792dda90634212c9123202af96c9511fdadd18a5592e03bb1d7ac40ec0e3da43515706e0adcf18b602f344ee6a2a396731203d4dd56f80b5d36ed56824acf982e1dcb0e6469c1cf467f9c6b46d65d6073d93e1c2018595f93b0de1452152e513767bfb9c175636ea0684cf924951dd67bef92c12f974e0048f8c04089cddf59592c9fdb7b1ccee7898b8f6c51ce40a4e4a074decf998e40122902a8382f5faeab4d0843933b1c38760336ed93e2256c07ebe690a62454b701144bf5ef63e3d44c2ba18dab859aa4fcd941c0190930", 0xf7, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0)="c9c6434abf3c5b3282630265040563e6834ecca967703823d2c8d15c567d25d5554621b7fbdb24e929d30e00afea9855b9d9c0bad4703d96a7f6586f") sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) perf_event_open(&(0x7f0000000880)={0x1, 0x80, 0x1, 0x2, 0x80, 0x1, 0x0, 0xffffffffffffffff, 0x4808, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000840), 0x6}, 0x50000, 0x8, 0x0, 0x4, 0x1000, 0x1ff, 0x7f, 0x0, 0x3ff, 0x0, 0xfffffffffffffc00}, 0x0, 0xb, 0xffffffffffffffff, 0xb) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000060000000000000005000000000000000400000000000000030000000000000007000000000000000100000000000000000000000000000000000000000000000108000000000000000000000000000005000000000000000200000000000000000000000000008000000000000000000000000000000000012000000000000000000000000000000700000000000000010000800000000001000100000000000000000000000000000000000000000002040000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000000000000000000000400"/256]) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48020000040a01020000000000000000070000030900030073797a31000000004c0008800c00024000000000000000060c00014000000000000000810c00014000000000000001c10c00024000000000000000000c00024000000000dc59103655000000070c000140000000000001000108000540fffffffb94000480080002407683843f140003006272696467655f736c6176655f3000001400030076657468315f766972745f77696669001400030076657468315f766c616e000000000000140003006772653000000000000000000ff725fdca000000001400030073797a6b616c6c657230000000000000080002405e32cdb9140003006d6163736563300000000000000000000800014000000002b0000c00b40de3714ebedc79d8ce54132a6a23bd39f20934edda02d52b7491942091e973218594e6c7a508113d20eef0ac05e02f1b1fc42bbd113e674d60c371a0f5f4350c5c57d81f9c0e851a765ebdef21182df8466b4f914aa628a7276b847074c170adcb06f432462e6cc7c7b2a2c2cd0c9a352f702cdacd020133d904b826217143db9127f0adfca09803d6f0bdaddb49d2009025e3a772642d72f08ded9d145665e32973b1d9868fde26b50ce00900030073797a310000000077000c0018a54ef2eb8361d5b75658673a5cbfb55993e3a16b01f9bf650034cfe31d0fce5a716bb5c64088d1028489305eb0ebc013e199d9155d2257d9244604206ddd5c87aa213dda986faba7be5000dc776e78fb9802fd3b1e2082aad693959e13df5e9e66c411a21ed20181e6da03f6eaa0edc5861d000900010073797a3000000000"], 0x248}, 0x1, 0x0, 0x0, 0x40}, 0x40040) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000900)=ANY=[@ANYBLOB="600000000308010400000000000000000000000f1e8bba40600100000900010073797a300000000006000240809b00000900010073797a310000000024000480080005400000f34b0800034000000008080002400000000608000440f4d78ad4a9cec32fdf24fc02345d88cafd2b0af14b2ab8c0a9a18948b06e6f631a29680c08c34b50b54953b4575412c4aaccd8073bbe191967ee239ced6e5e11ad13fae1cdadec55fd09ea034c74e437259707a6e7b81d7b54db6f1eec12ecac71da899401afbb92bbad97c01eef118e0b0684ddc90ade7ae909afdce4bcf912a845a27a"], 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x40000, 0xc8) [ 319.245069] erofs: read_super, device -> /dev/loop2 [ 319.249063] FAULT_INJECTION: forcing a failure. [ 319.249063] name failslab, interval 1, probability 0, space 0, times 0 [ 319.250203] erofs: options -> [ 319.257489] erofs: blksize 1 isn't supported on this platform [ 319.264102] CPU: 1 PID: 18782 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 319.278833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.288323] Call Trace: [ 319.290921] dump_stack+0x1fc/0x2ef [ 319.294557] should_fail.cold+0xa/0xf [ 319.298357] ? setup_fault_attr+0x200/0x200 [ 319.302740] ? lock_acquire+0x170/0x3c0 [ 319.306713] __should_failslab+0x115/0x180 [ 319.311027] should_failslab+0x5/0x10 [ 319.314912] __kmalloc+0x2ab/0x3c0 [ 319.318464] ? kobject_get_path+0xbf/0x240 [ 319.322699] kobject_get_path+0xbf/0x240 [ 319.327041] kobject_uevent_env+0x25c/0x1480 [ 319.331460] lo_ioctl+0xff9/0x20e0 [ 319.335011] ? loop_set_status64+0x110/0x110 [ 319.339420] blkdev_ioctl+0x5cb/0x1a80 [ 319.343298] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.348652] ? blkpg_ioctl+0x9d0/0x9d0 [ 319.352540] ? mark_held_locks+0xf0/0xf0 [ 319.356625] ? mark_held_locks+0xf0/0xf0 [ 319.360682] ? debug_check_no_obj_freed+0x201/0x490 [ 319.365688] ? lock_downgrade+0x720/0x720 [ 319.369831] block_ioctl+0xe9/0x130 [ 319.373453] ? blkdev_fallocate+0x3f0/0x3f0 [ 319.377779] do_vfs_ioctl+0xcdb/0x12e0 [ 319.381657] ? lock_downgrade+0x720/0x720 [ 319.385869] ? check_preemption_disabled+0x41/0x280 [ 319.390898] ? ioctl_preallocate+0x200/0x200 [ 319.395457] ? __fget+0x356/0x510 [ 319.398934] ? do_dup2+0x450/0x450 [ 319.402488] ? do_sys_open+0x2bf/0x520 [ 319.406382] ksys_ioctl+0x9b/0xc0 [ 319.409836] __x64_sys_ioctl+0x6f/0xb0 [ 319.413722] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 319.418312] do_syscall_64+0xf9/0x620 [ 319.422114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.427408] RIP: 0033:0x7fc00fa83ec7 [ 319.431109] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 319.450006] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 319.457728] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 319.464989] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 319.472259] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 319.479536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 319.486806] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:34 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.497231] erofs: read_super, device -> /dev/loop1 [ 319.498477] erofs: read_super, device -> /dev/loop4 [ 319.502268] erofs: options -> [ 319.507073] erofs: read_super, device -> /dev/loop3 [ 319.522669] erofs: options -> [ 319.528285] erofs: root inode @ nid 36 [ 319.533392] erofs: root inode @ nid 0 [ 319.535203] erofs: mounted on /dev/loop4 with opts: . 23:45:34 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.547399] erofs: options -> 23:45:34 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 21) [ 319.579664] erofs: bogus i_mode (0) @ nid 0 [ 319.582528] erofs: read_super, device -> /dev/loop5 [ 319.589273] erofs: options -> [ 319.593139] erofs: root inode @ nid 36 [ 319.597579] erofs: mounted on /dev/loop5 with opts: . [ 319.604871] erofs: unmounted for /dev/loop5 [ 319.624362] erofs: root inode @ nid 36 23:45:34 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.628845] erofs: unmounted for /dev/loop4 [ 319.634511] erofs: mounted on /dev/loop3 with opts: . [ 319.642604] erofs: unmounted for /dev/loop3 23:45:34 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.770120] erofs: read_super, device -> /dev/loop2 23:45:34 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 319.808934] erofs: options -> [ 319.831030] FAULT_INJECTION: forcing a failure. [ 319.831030] name failslab, interval 1, probability 0, space 0, times 0 [ 319.834135] erofs: blksize 1 isn't supported on this platform [ 319.843098] CPU: 0 PID: 18814 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 319.856855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.866213] Call Trace: [ 319.868817] dump_stack+0x1fc/0x2ef [ 319.872462] should_fail.cold+0xa/0xf [ 319.876292] ? setup_fault_attr+0x200/0x200 [ 319.880634] ? lock_acquire+0x170/0x3c0 [ 319.884629] __should_failslab+0x115/0x180 [ 319.888881] should_failslab+0x5/0x10 [ 319.892693] kmem_cache_alloc_node+0x245/0x3b0 [ 319.897283] __alloc_skb+0x71/0x560 [ 319.900919] alloc_uevent_skb+0x7b/0x210 [ 319.904982] kobject_uevent_env+0xa90/0x1480 [ 319.909389] lo_ioctl+0xff9/0x20e0 [ 319.912943] ? loop_set_status64+0x110/0x110 [ 319.917355] blkdev_ioctl+0x5cb/0x1a80 [ 319.921238] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.926616] ? blkpg_ioctl+0x9d0/0x9d0 [ 319.930509] ? mark_held_locks+0xf0/0xf0 [ 319.934569] ? mark_held_locks+0xf0/0xf0 [ 319.938626] ? debug_check_no_obj_freed+0x201/0x490 [ 319.943638] ? lock_downgrade+0x720/0x720 [ 319.947800] block_ioctl+0xe9/0x130 [ 319.951517] ? blkdev_fallocate+0x3f0/0x3f0 [ 319.955829] do_vfs_ioctl+0xcdb/0x12e0 [ 319.959712] ? lock_downgrade+0x720/0x720 [ 319.963852] ? check_preemption_disabled+0x41/0x280 [ 319.968872] ? ioctl_preallocate+0x200/0x200 [ 319.973288] ? __fget+0x356/0x510 [ 319.976740] ? do_dup2+0x450/0x450 [ 319.980271] ? do_sys_open+0x2bf/0x520 [ 319.984157] ksys_ioctl+0x9b/0xc0 [ 319.987615] __x64_sys_ioctl+0x6f/0xb0 [ 319.991514] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 319.996100] do_syscall_64+0xf9/0x620 [ 319.999906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.005093] RIP: 0033:0x7fc00fa83ec7 [ 320.008805] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 320.027702] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.035411] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 320.042679] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 320.049956] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 320.057223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 320.064496] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:35 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 320.125192] erofs: read_super, device -> /dev/loop4 [ 320.130229] erofs: options -> [ 320.134944] erofs: root inode @ nid 36 [ 320.139581] erofs: mounted on /dev/loop4 with opts: . [ 320.153713] erofs: read_super, device -> /dev/loop1 [ 320.154095] erofs: read_super, device -> /dev/loop3 [ 320.158758] erofs: options -> [ 320.158823] erofs: root inode @ nid 36 [ 320.167901] erofs: options -> [ 320.175325] erofs: read_super, device -> /dev/loop5 23:45:35 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 22) [ 320.209305] erofs: mounted on /dev/loop1 with opts: . [ 320.214153] erofs: options -> [ 320.226461] erofs: root inode @ nid 36 [ 320.229971] erofs: root inode @ nid 36 [ 320.236421] erofs: unmounted for /dev/loop4 [ 320.238723] erofs: mounted on /dev/loop3 with opts: . [ 320.253660] erofs: mounted on /dev/loop5 with opts: . 23:45:35 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 320.261302] erofs: unmounted for /dev/loop5 [ 320.265327] erofs: unmounted for /dev/loop3 [ 320.282822] erofs: unmounted for /dev/loop1 [ 320.296391] erofs: read_super, device -> /dev/loop2 [ 320.301435] erofs: options -> 23:45:35 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x1000500, &(0x7f0000000200)="0f681681a0ea2c45f258edbfb019bce040b846379660d9a5c9f55f431bf29814a6a0c483be2037989792dda90634212c9123202af96c9511fdadd18a5592e03bb1d7ac40ec0e3da43515706e0adcf18b602f344ee6a2a396731203d4dd56f80b5d36ed56824acf982e1dcb0e6469c1cf467f9c6b46d65d6073d93e1c2018595f93b0de1452152e513767bfb9c175636ea0684cf924951dd67bef92c12f974e0048f8c04089cddf59592c9fdb7b1ccee7898b8f6c51ce40a4e4a074decf998e40122902a8382f5faeab4d0843933b1c38760336ed93e2256c07ebe690a62454b701144bf5ef63e3d44c2ba18dab859aa4fcd941c0190930", 0xf7, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0)="c9c6434abf3c5b3282630265040563e6834ecca967703823d2c8d15c567d25d5554621b7fbdb24e929d30e00afea9855b9d9c0bad4703d96a7f6586f") sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async, rerun: 32) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 32) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) perf_event_open(&(0x7f0000000880)={0x1, 0x80, 0x1, 0x2, 0x80, 0x1, 0x0, 0xffffffffffffffff, 0x4808, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000840), 0x6}, 0x50000, 0x8, 0x0, 0x4, 0x1000, 0x1ff, 0x7f, 0x0, 0x3ff, 0x0, 0xfffffffffffffc00}, 0x0, 0xb, 0xffffffffffffffff, 0xb) (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) (async) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000060000000000000005000000000000000400000000000000030000000000000007000000000000000100000000000000000000000000000000000000000000000108000000000000000000000000000005000000000000000200000000000000000000000000008000000000000000000000000000000000012000000000000000000000000000000700000000000000010000800000000001000100000000000000000000000000000000000000000002040000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000000000000000000000400"/256]) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48020000040a01020000000000000000070000030900030073797a31000000004c0008800c00024000000000000000060c00014000000000000000810c00014000000000000001c10c00024000000000000000000c00024000000000dc59103655000000070c000140000000000001000108000540fffffffb94000480080002407683843f140003006272696467655f736c6176655f3000001400030076657468315f766972745f77696669001400030076657468315f766c616e000000000000140003006772653000000000000000000ff725fdca000000001400030073797a6b616c6c657230000000000000080002405e32cdb9140003006d6163736563300000000000000000000800014000000002b0000c00b40de3714ebedc79d8ce54132a6a23bd39f20934edda02d52b7491942091e973218594e6c7a508113d20eef0ac05e02f1b1fc42bbd113e674d60c371a0f5f4350c5c57d81f9c0e851a765ebdef21182df8466b4f914aa628a7276b847074c170adcb06f432462e6cc7c7b2a2c2cd0c9a352f702cdacd020133d904b826217143db9127f0adfca09803d6f0bdaddb49d2009025e3a772642d72f08ded9d145665e32973b1d9868fde26b50ce00900030073797a310000000077000c0018a54ef2eb8361d5b75658673a5cbfb55993e3a16b01f9bf650034cfe31d0fce5a716bb5c64088d1028489305eb0ebc013e199d9155d2257d9244604206ddd5c87aa213dda986faba7be5000dc776e78fb9802fd3b1e2082aad693959e13df5e9e66c411a21ed20181e6da03f6eaa0edc5861d000900010073797a3000000000"], 0x248}, 0x1, 0x0, 0x0, 0x40}, 0x40040) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000900)=ANY=[@ANYBLOB="600000000308010400000000000000000000000f1e8bba40600100000900010073797a300000000006000240809b00000900010073797a310000000024000480080005400000f34b0800034000000008080002400000000608000440f4d78ad4a9cec32fdf24fc02345d88cafd2b0af14b2ab8c0a9a18948b06e6f631a29680c08c34b50b54953b4575412c4aaccd8073bbe191967ee239ced6e5e11ad13fae1cdadec55fd09ea034c74e437259707a6e7b81d7b54db6f1eec12ecac71da899401afbb92bbad97c01eef118e0b0684ddc90ade7ae909afdce4bcf912a845a27a"], 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x40000, 0xc8) (rerun: 32) [ 320.329700] erofs: blksize 1 isn't supported on this platform [ 320.389213] FAULT_INJECTION: forcing a failure. [ 320.389213] name failslab, interval 1, probability 0, space 0, times 0 [ 320.401271] CPU: 1 PID: 18841 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 320.409162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.418511] Call Trace: [ 320.421092] dump_stack+0x1fc/0x2ef [ 320.424732] should_fail.cold+0xa/0xf [ 320.428534] ? setup_fault_attr+0x200/0x200 [ 320.432849] ? lock_acquire+0x170/0x3c0 [ 320.436826] __should_failslab+0x115/0x180 [ 320.441064] should_failslab+0x5/0x10 [ 320.444858] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 320.449959] __kmalloc_node_track_caller+0x38/0x70 [ 320.454995] __alloc_skb+0xae/0x560 [ 320.458655] alloc_uevent_skb+0x7b/0x210 [ 320.462745] kobject_uevent_env+0xa90/0x1480 [ 320.467157] lo_ioctl+0xff9/0x20e0 [ 320.470689] ? loop_set_status64+0x110/0x110 [ 320.475115] blkdev_ioctl+0x5cb/0x1a80 [ 320.479052] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.484418] ? blkpg_ioctl+0x9d0/0x9d0 [ 320.488301] ? mark_held_locks+0xf0/0xf0 [ 320.492395] ? mark_held_locks+0xf0/0xf0 [ 320.496505] ? debug_check_no_obj_freed+0x201/0x490 [ 320.501519] ? lock_downgrade+0x720/0x720 [ 320.505680] block_ioctl+0xe9/0x130 [ 320.509308] ? blkdev_fallocate+0x3f0/0x3f0 [ 320.513634] do_vfs_ioctl+0xcdb/0x12e0 [ 320.517612] ? lock_downgrade+0x720/0x720 [ 320.521772] ? check_preemption_disabled+0x41/0x280 [ 320.526788] ? ioctl_preallocate+0x200/0x200 [ 320.531195] ? __fget+0x356/0x510 [ 320.534647] ? do_dup2+0x450/0x450 [ 320.538218] ? do_sys_open+0x2bf/0x520 [ 320.542118] ksys_ioctl+0x9b/0xc0 [ 320.545567] __x64_sys_ioctl+0x6f/0xb0 [ 320.549456] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 320.554162] do_syscall_64+0xf9/0x620 [ 320.558077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.563288] RIP: 0033:0x7fc00fa83ec7 [ 320.567108] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 320.586190] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.593892] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 320.601149] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 320.608411] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 320.615684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 320.622942] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:35 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c04100", 0x7, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 320.715656] erofs: read_super, device -> /dev/loop1 [ 320.720706] erofs: options -> [ 320.724321] erofs: read_super, device -> /dev/loop4 [ 320.729610] erofs: options -> [ 320.740545] erofs: root inode @ nid 36 [ 320.751579] erofs: root inode @ nid 36 23:45:35 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:35 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:35 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 23) [ 320.762446] erofs: mounted on /dev/loop4 with opts: . [ 320.770420] erofs: mounted on /dev/loop1 with opts: . [ 320.796884] erofs: unmounted for /dev/loop1 [ 320.809196] erofs: read_super, device -> /dev/loop5 [ 320.840525] erofs: unmounted for /dev/loop4 [ 320.847807] erofs: options -> [ 320.851340] erofs: root inode @ nid 36 [ 320.860023] erofs: mounted on /dev/loop5 with opts: . [ 320.863941] erofs: read_super, device -> /dev/loop3 [ 320.882484] erofs: read_super, device -> /dev/loop2 [ 320.887520] erofs: options -> 23:45:35 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 320.896021] erofs: unmounted for /dev/loop5 [ 320.898390] erofs: options -> [ 320.904844] erofs: blksize 1 isn't supported on this platform [ 320.916752] erofs: root inode @ nid 36 [ 320.929641] erofs: mounted on /dev/loop3 with opts: . [ 320.942113] erofs: unmounted for /dev/loop3 23:45:36 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.027204] FAULT_INJECTION: forcing a failure. [ 321.027204] name failslab, interval 1, probability 0, space 0, times 0 [ 321.038934] CPU: 1 PID: 18878 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 321.046830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.056432] Call Trace: [ 321.059145] dump_stack+0x1fc/0x2ef [ 321.062786] should_fail.cold+0xa/0xf [ 321.066598] ? setup_fault_attr+0x200/0x200 [ 321.070920] ? lock_acquire+0x170/0x3c0 [ 321.074904] __should_failslab+0x115/0x180 [ 321.079147] should_failslab+0x5/0x10 [ 321.083039] kmem_cache_alloc+0x277/0x370 [ 321.087197] skb_clone+0x151/0x3d0 [ 321.090737] netlink_broadcast_filtered+0x8e5/0xbc0 [ 321.095784] netlink_broadcast+0x35/0x40 [ 321.099843] kobject_uevent_env+0xa56/0x1480 [ 321.104452] lo_ioctl+0xff9/0x20e0 [ 321.108007] ? loop_set_status64+0x110/0x110 [ 321.112443] blkdev_ioctl+0x5cb/0x1a80 [ 321.116333] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.121685] ? blkpg_ioctl+0x9d0/0x9d0 [ 321.125583] ? mark_held_locks+0xf0/0xf0 [ 321.129742] ? mark_held_locks+0xf0/0xf0 [ 321.133810] ? debug_check_no_obj_freed+0x201/0x490 [ 321.138826] ? lock_downgrade+0x720/0x720 [ 321.142983] block_ioctl+0xe9/0x130 [ 321.146618] ? blkdev_fallocate+0x3f0/0x3f0 [ 321.150972] do_vfs_ioctl+0xcdb/0x12e0 [ 321.154869] ? lock_downgrade+0x720/0x720 [ 321.159065] ? check_preemption_disabled+0x41/0x280 [ 321.164205] ? ioctl_preallocate+0x200/0x200 [ 321.168626] ? __fget+0x356/0x510 [ 321.172090] ? do_dup2+0x450/0x450 [ 321.175649] ? do_sys_open+0x2bf/0x520 [ 321.179540] ksys_ioctl+0x9b/0xc0 [ 321.183003] __x64_sys_ioctl+0x6f/0xb0 [ 321.186904] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 321.191501] do_syscall_64+0xf9/0x620 [ 321.195310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.200498] RIP: 0033:0x7fc00fa83ec7 [ 321.204212] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 321.223120] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 321.230833] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 321.238189] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 321.247894] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 321.255277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 321.262726] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:36 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000", 0x4, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.318348] erofs: read_super, device -> /dev/loop4 [ 321.325207] erofs: read_super, device -> /dev/loop1 [ 321.330333] erofs: options -> 23:45:36 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.363234] erofs: options -> [ 321.368097] erofs: root inode @ nid 0 [ 321.382205] erofs: root inode @ nid 36 [ 321.390145] erofs: bogus i_mode (0) @ nid 0 [ 321.409323] erofs: mounted on /dev/loop4 with opts: . 23:45:36 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 24) 23:45:36 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.460907] erofs: read_super, device -> /dev/loop5 [ 321.466149] erofs: unmounted for /dev/loop4 [ 321.472841] erofs: read_super, device -> /dev/loop2 [ 321.479268] erofs: options -> [ 321.486875] erofs: options -> [ 321.492411] erofs: read_super, device -> /dev/loop3 [ 321.501359] erofs: blksize 1 isn't supported on this platform [ 321.510209] erofs: root inode @ nid 36 23:45:36 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x1000500, &(0x7f0000000200)="0f681681a0ea2c45f258edbfb019bce040b846379660d9a5c9f55f431bf29814a6a0c483be2037989792dda90634212c9123202af96c9511fdadd18a5592e03bb1d7ac40ec0e3da43515706e0adcf18b602f344ee6a2a396731203d4dd56f80b5d36ed56824acf982e1dcb0e6469c1cf467f9c6b46d65d6073d93e1c2018595f93b0de1452152e513767bfb9c175636ea0684cf924951dd67bef92c12f974e0048f8c04089cddf59592c9fdb7b1ccee7898b8f6c51ce40a4e4a074decf998e40122902a8382f5faeab4d0843933b1c38760336ed93e2256c07ebe690a62454b701144bf5ef63e3d44c2ba18dab859aa4fcd941c0190930", 0xf7, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0)="c9c6434abf3c5b3282630265040563e6834ecca967703823d2c8d15c567d25d5554621b7fbdb24e929d30e00afea9855b9d9c0bad4703d96a7f6586f") sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) perf_event_open(&(0x7f0000000880)={0x1, 0x80, 0x1, 0x2, 0x80, 0x1, 0x0, 0xffffffffffffffff, 0x4808, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000840), 0x6}, 0x50000, 0x8, 0x0, 0x4, 0x1000, 0x1ff, 0x7f, 0x0, 0x3ff, 0x0, 0xfffffffffffffc00}, 0x0, 0xb, 0xffffffffffffffff, 0xb) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000060000000000000005000000000000000400000000000000030000000000000007000000000000000100000000000000000000000000000000000000000000000108000000000000000000000000000005000000000000000200000000000000000000000000008000000000000000000000000000000000012000000000000000000000000000000700000000000000010000800000000001000100000000000000000000000000000000000000000002040000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000000000000000000000400"/256]) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48020000040a01020000000000000000070000030900030073797a31000000004c0008800c00024000000000000000060c00014000000000000000810c00014000000000000001c10c00024000000000000000000c00024000000000dc59103655000000070c000140000000000001000108000540fffffffb94000480080002407683843f140003006272696467655f736c6176655f3000001400030076657468315f766972745f77696669001400030076657468315f766c616e000000000000140003006772653000000000000000000ff725fdca000000001400030073797a6b616c6c657230000000000000080002405e32cdb9140003006d6163736563300000000000000000000800014000000002b0000c00b40de3714ebedc79d8ce54132a6a23bd39f20934edda02d52b7491942091e973218594e6c7a508113d20eef0ac05e02f1b1fc42bbd113e674d60c371a0f5f4350c5c57d81f9c0e851a765ebdef21182df8466b4f914aa628a7276b847074c170adcb06f432462e6cc7c7b2a2c2cd0c9a352f702cdacd020133d904b826217143db9127f0adfca09803d6f0bdaddb49d2009025e3a772642d72f08ded9d145665e32973b1d9868fde26b50ce00900030073797a310000000077000c0018a54ef2eb8361d5b75658673a5cbfb55993e3a16b01f9bf650034cfe31d0fce5a716bb5c64088d1028489305eb0ebc013e199d9155d2257d9244604206ddd5c87aa213dda986faba7be5000dc776e78fb9802fd3b1e2082aad693959e13df5e9e66c411a21ed20181e6da03f6eaa0edc5861d000900010073797a3000000000"], 0x248}, 0x1, 0x0, 0x0, 0x40}, 0x40040) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000900)=ANY=[@ANYBLOB="600000000308010400000000000000000000000f1e8bba40600100000900010073797a300000000006000240809b00000900010073797a310000000024000480080005400000f34b0800034000000008080002400000000608000440f4d78ad4a9cec32fdf24fc02345d88cafd2b0af14b2ab8c0a9a18948b06e6f631a29680c08c34b50b54953b4575412c4aaccd8073bbe191967ee239ced6e5e11ad13fae1cdadec55fd09ea034c74e437259707a6e7b81d7b54db6f1eec12ecac71da899401afbb92bbad97c01eef118e0b0684ddc90ade7ae909afdce4bcf912a845a27a"], 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x40000, 0xc8) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x1000500, &(0x7f0000000200)="0f681681a0ea2c45f258edbfb019bce040b846379660d9a5c9f55f431bf29814a6a0c483be2037989792dda90634212c9123202af96c9511fdadd18a5592e03bb1d7ac40ec0e3da43515706e0adcf18b602f344ee6a2a396731203d4dd56f80b5d36ed56824acf982e1dcb0e6469c1cf467f9c6b46d65d6073d93e1c2018595f93b0de1452152e513767bfb9c175636ea0684cf924951dd67bef92c12f974e0048f8c04089cddf59592c9fdb7b1ccee7898b8f6c51ce40a4e4a074decf998e40122902a8382f5faeab4d0843933b1c38760336ed93e2256c07ebe690a62454b701144bf5ef63e3d44c2ba18dab859aa4fcd941c0190930", 0xf7, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0)="c9c6434abf3c5b3282630265040563e6834ecca967703823d2c8d15c567d25d5554621b7fbdb24e929d30e00afea9855b9d9c0bad4703d96a7f6586f") (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) perf_event_open(&(0x7f0000000880)={0x1, 0x80, 0x1, 0x2, 0x80, 0x1, 0x0, 0xffffffffffffffff, 0x4808, 0x9, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000840), 0x6}, 0x50000, 0x8, 0x0, 0x4, 0x1000, 0x1ff, 0x7f, 0x0, 0x3ff, 0x0, 0xfffffffffffffc00}, 0x0, 0xb, 0xffffffffffffffff, 0xb) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r2, r3, 0x0, 0x20000000d67) (async) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000060000000000000005000000000000000400000000000000030000000000000007000000000000000100000000000000000000000000000000000000000000000108000000000000000000000000000005000000000000000200000000000000000000000000008000000000000000000000000000000000012000000000000000000000000000000700000000000000010000800000000001000100000000000000000000000000000000000000000002040000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000000000000000000000400"/256]) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48020000040a01020000000000000000070000030900030073797a31000000004c0008800c00024000000000000000060c00014000000000000000810c00014000000000000001c10c00024000000000000000000c00024000000000dc59103655000000070c000140000000000001000108000540fffffffb94000480080002407683843f140003006272696467655f736c6176655f3000001400030076657468315f766972745f77696669001400030076657468315f766c616e000000000000140003006772653000000000000000000ff725fdca000000001400030073797a6b616c6c657230000000000000080002405e32cdb9140003006d6163736563300000000000000000000800014000000002b0000c00b40de3714ebedc79d8ce54132a6a23bd39f20934edda02d52b7491942091e973218594e6c7a508113d20eef0ac05e02f1b1fc42bbd113e674d60c371a0f5f4350c5c57d81f9c0e851a765ebdef21182df8466b4f914aa628a7276b847074c170adcb06f432462e6cc7c7b2a2c2cd0c9a352f702cdacd020133d904b826217143db9127f0adfca09803d6f0bdaddb49d2009025e3a772642d72f08ded9d145665e32973b1d9868fde26b50ce00900030073797a310000000077000c0018a54ef2eb8361d5b75658673a5cbfb55993e3a16b01f9bf650034cfe31d0fce5a716bb5c64088d1028489305eb0ebc013e199d9155d2257d9244604206ddd5c87aa213dda986faba7be5000dc776e78fb9802fd3b1e2082aad693959e13df5e9e66c411a21ed20181e6da03f6eaa0edc5861d000900010073797a3000000000"], 0x248}, 0x1, 0x0, 0x0, 0x40}, 0x40040) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000900)=ANY=[@ANYBLOB="600000000308010400000000000000000000000f1e8bba40600100000900010073797a300000000006000240809b00000900010073797a310000000024000480080005400000f34b0800034000000008080002400000000608000440f4d78ad4a9cec32fdf24fc02345d88cafd2b0af14b2ab8c0a9a18948b06e6f631a29680c08c34b50b54953b4575412c4aaccd8073bbe191967ee239ced6e5e11ad13fae1cdadec55fd09ea034c74e437259707a6e7b81d7b54db6f1eec12ecac71da899401afbb92bbad97c01eef118e0b0684ddc90ade7ae909afdce4bcf912a845a27a"], 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x40000, 0xc8) (async) [ 321.538573] erofs: options -> [ 321.551361] erofs: root inode @ nid 36 [ 321.554257] erofs: read_super, device -> /dev/loop1 [ 321.561209] erofs: bogus i_mode (0) @ nid 36 [ 321.565787] erofs: options -> [ 321.577779] erofs: root inode @ nid 0 [ 321.578886] erofs: mounted on /dev/loop3 with opts: . 23:45:36 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.591976] erofs: bogus i_mode (0) @ nid 0 [ 321.596751] erofs: unmounted for /dev/loop3 23:45:36 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) setpriority(0x2, r0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:36 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000", 0x4, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:36 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x385, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.719965] FAULT_INJECTION: forcing a failure. [ 321.719965] name failslab, interval 1, probability 0, space 0, times 0 [ 321.732434] CPU: 0 PID: 18910 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 321.740390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.749844] Call Trace: [ 321.752444] dump_stack+0x1fc/0x2ef [ 321.756099] should_fail.cold+0xa/0xf [ 321.759915] ? setup_fault_attr+0x200/0x200 [ 321.764242] ? lock_acquire+0x170/0x3c0 [ 321.768215] __should_failslab+0x115/0x180 [ 321.772459] should_failslab+0x5/0x10 [ 321.776252] kmem_cache_alloc+0x277/0x370 [ 321.780396] skb_clone+0x151/0x3d0 [ 321.783947] netlink_broadcast_filtered+0x8e5/0xbc0 [ 321.788958] netlink_broadcast+0x35/0x40 [ 321.793012] kobject_uevent_env+0xa56/0x1480 [ 321.797442] lo_ioctl+0xff9/0x20e0 [ 321.800969] ? loop_set_status64+0x110/0x110 [ 321.805387] blkdev_ioctl+0x5cb/0x1a80 [ 321.809346] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.814696] ? blkpg_ioctl+0x9d0/0x9d0 [ 321.818570] ? mark_held_locks+0xf0/0xf0 [ 321.822626] ? mark_held_locks+0xf0/0xf0 [ 321.826761] ? debug_check_no_obj_freed+0x201/0x490 [ 321.831804] ? lock_downgrade+0x720/0x720 [ 321.835965] block_ioctl+0xe9/0x130 [ 321.839589] ? blkdev_fallocate+0x3f0/0x3f0 [ 321.843899] do_vfs_ioctl+0xcdb/0x12e0 [ 321.847775] ? lock_downgrade+0x720/0x720 [ 321.851907] ? check_preemption_disabled+0x41/0x280 [ 321.857150] ? ioctl_preallocate+0x200/0x200 [ 321.861561] ? __fget+0x356/0x510 [ 321.865010] ? do_dup2+0x450/0x450 [ 321.868541] ? do_sys_open+0x2bf/0x520 [ 321.872415] ksys_ioctl+0x9b/0xc0 [ 321.875868] __x64_sys_ioctl+0x6f/0xb0 [ 321.879752] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 321.884388] do_syscall_64+0xf9/0x620 [ 321.888279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.893460] RIP: 0033:0x7fc00fa83ec7 [ 321.897164] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:45:37 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 321.916068] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 321.923775] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 321.931029] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 321.938284] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 321.945569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 321.952837] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 322.000021] erofs: read_super, device -> /dev/loop2 [ 322.009820] erofs: options -> [ 322.011264] erofs: read_super, device -> /dev/loop4 23:45:37 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) setpriority(0x2, r0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) setpriority(0x2, r0, 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 322.041411] erofs: options -> [ 322.045314] erofs: blksize 1 isn't supported on this platform [ 322.061587] erofs: root inode @ nid 36 [ 322.076692] erofs: mounted on /dev/loop4 with opts: . 23:45:37 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 25) [ 322.114725] erofs: read_super, device -> /dev/loop5 [ 322.119775] erofs: options -> [ 322.132825] erofs: read_super, device -> /dev/loop3 [ 322.137868] erofs: options -> [ 322.141118] erofs: root inode @ nid 36 [ 322.145307] erofs: read_super, device -> /dev/loop1 [ 322.158305] erofs: root inode @ nid 36 23:45:37 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 322.163118] erofs: unmounted for /dev/loop4 [ 322.173768] erofs: options -> [ 322.195572] erofs: root inode @ nid 0 [ 322.200275] erofs: mounted on /dev/loop3 with opts: . [ 322.207508] erofs: bogus i_mode (0) @ nid 36 23:45:37 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) setpriority(0x2, r0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 322.216634] erofs: bogus i_mode (0) @ nid 0 [ 322.224529] erofs: unmounted for /dev/loop3 23:45:37 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000", 0x4, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 322.337286] FAULT_INJECTION: forcing a failure. [ 322.337286] name failslab, interval 1, probability 0, space 0, times 0 [ 322.351705] CPU: 0 PID: 18981 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 322.359599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.368947] Call Trace: [ 322.371538] dump_stack+0x1fc/0x2ef [ 322.375159] should_fail.cold+0xa/0xf [ 322.378951] ? setup_fault_attr+0x200/0x200 [ 322.383334] ? lock_acquire+0x170/0x3c0 [ 322.387324] __should_failslab+0x115/0x180 [ 322.391564] should_failslab+0x5/0x10 [ 322.395363] kmem_cache_alloc_trace+0x284/0x380 [ 322.400027] ? wait_for_completion_io+0x10/0x10 [ 322.404827] ? kobj_ns_initial+0x90/0x90 [ 322.408884] call_usermodehelper_setup+0x84/0x300 [ 322.413744] kobject_uevent_env+0xe83/0x1480 [ 322.418159] lo_ioctl+0xff9/0x20e0 [ 322.421709] ? loop_set_status64+0x110/0x110 [ 322.426131] blkdev_ioctl+0x5cb/0x1a80 [ 322.430022] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.435509] ? blkpg_ioctl+0x9d0/0x9d0 [ 322.439412] ? mark_held_locks+0xf0/0xf0 [ 322.443483] ? mark_held_locks+0xf0/0xf0 [ 322.447561] ? debug_check_no_obj_freed+0x201/0x490 [ 322.452599] ? lock_downgrade+0x720/0x720 [ 322.456750] block_ioctl+0xe9/0x130 [ 322.460392] ? blkdev_fallocate+0x3f0/0x3f0 [ 322.464725] do_vfs_ioctl+0xcdb/0x12e0 [ 322.468617] ? lock_downgrade+0x720/0x720 [ 322.472905] ? check_preemption_disabled+0x41/0x280 [ 322.477941] ? ioctl_preallocate+0x200/0x200 [ 322.482421] ? __fget+0x356/0x510 [ 322.485886] ? do_dup2+0x450/0x450 [ 322.489436] ? do_sys_open+0x2bf/0x520 [ 322.493498] ksys_ioctl+0x9b/0xc0 [ 322.496948] __x64_sys_ioctl+0x6f/0xb0 [ 322.500841] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 322.505438] do_syscall_64+0xf9/0x620 [ 322.509264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.514476] RIP: 0033:0x7fc00fa83ec7 [ 322.518267] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 322.537292] RSP: 002b:00007fc00e3f8f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 322.545050] RAX: ffffffffffffffda RBX: 00007fc00facda20 RCX: 00007fc00fa83ec7 [ 322.552308] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 322.559574] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 322.566834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 322.574094] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 23:45:37 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:37 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 322.608283] erofs: read_super, device -> /dev/loop2 [ 322.613643] erofs: read_super, device -> /dev/loop4 [ 322.627703] erofs: options -> [ 322.641698] erofs: options -> [ 322.647575] erofs: root inode @ nid 36 [ 322.665426] erofs: root inode @ nid 0 [ 322.668123] erofs: mounted on /dev/loop4 with opts: . [ 322.697551] erofs: bogus i_mode (0) @ nid 0 23:45:37 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) flock(r1, 0x0) pipe2(0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) r4 = syz_mount_image$hpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x2, 0x6, &(0x7f0000001580)=[{&(0x7f0000000200)="996c229df9ff9ad293235020c584f929a83f9253c8841fdedd5691f6757487ebc3d1c0b6e430bae461ea1c09ec723a75c8f8f90557b18ea7c99426e45b956220e050cc7fb3a86ac74ba9f4ce3e2ab8282085df3f7e1369e3e0e95f941a956f4a340305252c9522a09356dfaa7130021e3e9e18aa5ff718856a6706851665709a247c221e071c566e6a2efd1c7bf2360f73dc80e7eb9d425d0ed9154f606bfa157fd280de9a5216c24999edb2bb3dc161a425a8cbfb9313", 0xb7, 0x7}, {&(0x7f00000002c0)="b02a422a0af685ee67d8878a7ef5c6b689a12a28e2f7a0aaeb638640c45d16a2e1a3096aa57d619fb590305b82bcbdd19228b7b9d012faf17c28f1177ceea05ef2c8bf03d974771b0c385b916ab69b9a10a9de33980aa032c7af5537c5357b197f699e4e644e5bb2404435d98512e2b2afd3dd73b21e50b54fe75f21c6c98aea3f3e09db8ae335019f6e4c04b6266d55d1bbcc7e96650a5d18979b547027d97d0bc6da272d0bc619f3fb01ab4f70d319d5463cd47c18d3a046b0662c69feeab3c764e541f9ec5afaf5a171a173d48840e42e0cc837475676af6ce05e3f2e20db0026c35f8fde4628286eb7373e3ee8d2f3ebe17d6a17924a7271cf9190ba4d9e4dcb812091c24d0159be6833638f9d830046866b986e501fe0c4823c7ae1ea9aeb3c9c630112aad38957663339a186664e4a79759eb7cba6038f418adcc63d1c2ac1c12058be134cfad27b547910f48f08171c8713d54dbde6f7d69e2bff223f4aceba53367bc6d41550ff799d34d70b889ea2b7a2c439d26a9df39f1acc55c929ebb7a3a2081d719d6f0b36adacbd5647b12cbd64d1b7ab6664b77c371bd92b22885538a1345f0af7ea2abfa491ed5e77346f19b980d34b39d1d9573d45e547a1c10a0d9533fd045b2b11514873ea5ced3c2cde3bfe430b899c6b06c7572f1da2050e5d95b7fafee077b789520d6d4b932946483ece5c59910c4ea097d3587d423e20e4839044286d120426703b2b7ea16b091f393b21441adf29cf39e9a502f49a6b038eb7756c754f2eb039965cddd1fbaf78e4e9fd4815e66640498801f16063c94cf67d511dbcc6d9da778e827add8b66e7c824baa760a5c8a4702b01a4ba4b41267e98c3b4956d825594f2b6abe075f79c4bd626b2389b90c3d6b4d6b8ae920848350363ee629bf8765cd79ee7f2e1a488b69cf9999a8f8687254d0ab01e07b40631dcedc4e4c1f52233d3b6e9d500bcee43416726b94d22f0f520ab6cc81583d4681433138f6eab5e6a20f7951b7e34bc2ce5e84debba4dd81ad35d299af718b6c17000e27ad6a0212c35ad01d86f84a5c3a01413967bcb27b12b8b79126e50745405e8505593b89d106bec2ec47f129cfd57318ad8d33e6e245aeef3e286ad020b933616e68b809ca4c1298a310063a24be42d24d956ad6edf5a715d03955b3e572a1226b6cc1ea57e315bf5dc41e1336489c7c48e8c576995c52ccf455fabf7a915251465c8d82c330dae02eb41b6d995cfb8a37918aafd367f8da2e77dd9f8aef6a9af099fcfca645c1a25022808a7ff00a9677da325d43d99f4c8a9b301fd46cae9f46c15e3ff9819dd13c73b8fc7db7e9ad3bcbb5f2121551301b88f54f2690a167c76b9c6bf24cc2b330a6acd2599a1e69eb1830ec52bbfe92180d322d6c44a5785bcf7f0fa84d829a5dac7b47d88781c66473252d83d0661cf8a2ea725da22aa0cfec03a6fb99e8a02ae818809f4275121212eebf5e3f5b28defce8ca8cffa5c8cb6ea2487e10eb7db300f64e8014f9ec0b2519148f4d4dfcc8f3f5ef85a46e20d9b90e0ff7b4da605864add9a0db383a432056cb678d6af9d33fd2564c4a8b234d693b2c7a5c043cd3b4f7ee533ca5a3ff38f981215d910a39d564444900a3b2ef2a8c8e493935c5f9d97f5bde1ac3ebe9670df1852664e7b89cc75ff24511e662d567e9d63bf14d1530f9aca2101714a9a34b9532a9abd975e08620e609e3330413f10f413d801f476af2b9fc88fbc4e18077c9c74fb84dac613b30229fc8f4939a9fa6b9dc9a7db02255bd973bee3f114437f16488f8848ac8fcde55a763c01283c5486abf3f036d0461ceb674148645a20b12f90640b52183256f01e283be190cc8d5515da8ace0c248bb98eb748484703c23e5a3f3852d348c52659013118965373be7da2d5b83b13e521986f59798967b8922b07c6b874d6be32a0f603d837eaa27d216405731c469922bcf5338b081501d72293b32654e8518a786ae041cb732c3dd43f6341a400f99028bd2f1485a016a83e05f15ff4f8d64de7f3d2f48ab4155d4aae5b2bbc6a00d988ec15acf385c01363908f5a30ff0743df4715d7127360ed61d99ca8d914e1f7dd1941ad48eb3c4773a17ae8714fa8da95723ec6ede7d1e1f98e218703cebab203d3640dec5f7e38049192508f0423a1a35db25006f742172f25a24f833c57a963f449f9bc875e76dcbef4a8c5253985f57dbebf1d20e0d6fcbc9816bde657ef9104c6ec649f92b815fffb0ba12ffb4f03e53d053f38fd471684e4131a87c64e9e7668794be92bb0c4de725fe6e339c043437b583ac3d67130b6097539fce0b35af117250722e08573d4f2f442a9ee681d1881e9752c9ce3e5da6fe335b9d153da172a93935dbc2112b40bf38102f953d60bcbcba5659f92f5e50b77a9d293e4006b9805f9f76b8d34f94c8f28e2cfc4823b21ec40a64d65d4a75dcaa9afe43b0e3a860966ab8576c7727d39ff1e5972021947345511cfd0dbcf001880670c8a87d330d436cc0024484809aa5479cdde04213992646bfde1f81863e66029ce44a315a74d84c04b6db1edbd0157e54ab84796248b38cc7c724eddb36b57f1c40215b1ccd6c69abd54d280975e2970e880ec214d00965f0a3082bcdbfe31fd096e0de7d65248be4e45d79fcc91a2e76c20c4db7790b59f6fd7a3b51542a602cea0028ca7d578ebf367d53c0822a790edfedb96d2a8f29478f560fea3ff19cd637c206560c9ec386bf7221d2c422cfbdf2b550c30c0e7061b39c3e76c4706672392c2308554325df7cb99bc9d7f4e680433da0443cff09c748df2396d69d5c2058bb9b5c62901427d70f988cdb2b3fb3a5da5ee7c517d93e95ab62ab3213af8ae8230312eccd46cb90ed5cc2ff41156b4f47e5ac8bb894b2a4ad2a474c614545256ca1ace2d17257f6071877294e5686dae8bb8ecb9c0e5adad474e96961539dd28d189436d767414ef13c9c524bb00cc5a745477b9be987cb7e3f3089a2de423ec53502e3a6015970ec2150d6a03549facccc037dc4a8ad57d6b7aee4fcdfa90d0150ed4331814154b96985dda67df88c31ec04bc4f659c1ef236d52c508ff7f7e03a2833747854d8df55c0a452e141d66625e6aa001e980827b073046caf3497ea1bd857baa13b7e0183547522a402767d53d88bf1809cf2881a332d77c2e1b5e24f22a4bf2d022e762e42eaf12c42a22a43b9e3c569e25624a686c026c844f1474d0820fae39b5fb0ec21e3523334b848dfbfdd33274ffaff3e143d9c6a43ab55f165fc2b2f5d95f441e339da8e318d491eb060ed3658b5307cf511c43caa37be912c25365455c741fc48795b46fabdf4119bd997e4644efbf13e1468cc78a532ea529ad86bfbcc4ffed9d5c13fac2270d8de393a55df68f2725fb6e94d19942c1730dbc9d95f7876a287b463518b2d8673a990c00948664284904b5cc2ce29d74ea97115eb3ad9370bacc7b35f17f6ba051a2199751b5d04ad05b3b4237832b4e38b0b35e4f2f57214798d32e36130e59184e3b1a19ea5b952d78ee55f8e029f37c1300aa0b70a4648ac5d967692df6f4f79a1ce06bc683e605e4477d75404b8805048a74c295478077ab98fe4cafa420a4916916ca7378e27b09259c47c50db5124f2f312a40996c90609241cbd714baa3e5505f2782cc98b187085fad6fd2895815085050d584dbd48204187e27496a65643fe64ea0129fd3e5c18d63f1dc116fe6920638541abbee08f39c40bc08adf760b2f9b1098e6873b3b1b166518d42dbbafbb825bd68169abae1d6027f25fbae2dcda14a433ed501bf917f12408461aaa710811584992dee6ebfb5988756f2eba456a9da6a91877955f96059ddd3bccf8b022f2e6078e5583b5e90e1e44fec8515fb3d34cd9ad1109666cdbf07291d2e4c674f2f6581f4f308e0cedebcfeea3e41095a6cfb9412b64fced8e6e83098772fe1a22df9bcdff04a125b9adca2a9f3a50674f545104eb1be758c47ca5162a61f3b7dceab8bae2ace3365c4af9b4b3dd168390052c23d9e67ddc05c29fc06e4eed821820ee5b0c7619acc8ad0140d27946ca776b320ed47d7ee8967939c1aed7513789c49afd4bd0809f5d8e87fd70e42180705e848fcffc7cf97d7f61c1e0dba12a8d3104ead9c115c95c93be37949ea8e604378c53868b6fdac7a7d6938bd019213febf62025d9674002bf1819d1f442656c50443ad0f34fa873febb6fb1b992b15669f697e24d669f42280ea619f62315f25be879de1c6cf2f2a23a6c2f941b29035bb38c34c56cc7e80986e63b73b4dfbd5938dcaf8a8d40db07b30e98250a0bd07006b4fde3285bf585288813b91c63357fe438c3b2b8d4adec52adb5aa60455a34c6658e784edaca056246ab1e13955672940b92719232c45eda2175f3e7c73a9a5b74c0378cf46ee531ef3a101ce43e805f4ea950ede100dd5591912b2092e3cbd339899e0d53b390bb440ab578cdeeb142c2adde2a550bbe69d91273e7443479e55d85c91099a6febb0bf035d19392b9fa9ff34a5700a059cc43b8f523bde36c8549aba6dcf7cd4c4e8ce9cfce8e1b4105f35e81f23d7f10802f184b24a5fabe0c032b502d13b434898ad5cce93dc1ff408dd31d687cf45b0c3c61c9a1b571d8ed52158c29dd1af501e54efc7e3fcd474903982ded6debf04f9180bc7bc62806ec17c38b75e6c94076d1c8dd9fa7a279987e4a4d892de9c2c0e570d3ec0f593cfe49cc899bc6e2f2db1b0f055e438233e1e77ef4e52adb3c97352b6183069bae91d34c207e701e844d8e1596898e86e3eb76e9bd150b52e1eeb962382a3fc3ca4e5e535a86978edb07f4cbf1826fe734d0ce4560e6c1d058a6e5a60e7d45a8977c357f8114769005631da638f77749509dcf3403a5265c46bf295aedb7e9b4810507060cf72fada19a9ecd0fbf9b19156b69c72a9f6360f70ded543af75842b63e51c3ef114fbc070df11349db95048f3dcc0fa8599a8315f66a6676f7666ed6da2a4ef8e6b500a292a0cb0aafb5ecfe3c73ed8566f184f1988dc5682dbe1bc3677edcff7de02d041a2195d321e8266c41cd0b1333e9e584a0389b5b9ee601a9117abbb0dccb55f878dadb93f9ee6b31a6dc56397c9e791d6f0abf1a2e619f35b016bcdbbcdd245212d2a8e031305fd48b315dc9615987d192e5b31f925a0e8da8d96a02190a907b6a02728e9b5fbfb7f312010c2f3483e178cd9f3c36eca4bdaa6f46943ba0c742af51f3b993c3c84c931ea701c3d8d57a26e9018e00321194d55df6b0f8040b8e35f93977d1f66a13dfae57e3fdf7fd03433bc9fda29366fc5ee4f7c47e52f42c3b0892dcf8d6199588ec2ffe342cfe25d02074fa8e000ef9dcc395103200994e21f6a0380a9a105966dd7495f9871eccf65b95eec893127237d81aba7d243dc37e725d83f6390f21b6c5f0cf3cecf0ad33226cba792ca6327f6d2d2836e82e6f1f85f5749950e55226f498142dd1266224eaa48d496bb75893cc58800697937b02bdf73d59fba8d84958449a4998cd73f3a39f24a659474bec5eccd3b03aa9feb35bb342c744d396fbf316e33002dd5150dae65e9de48cbe01cf9bacd312276f0c77c2ed7fb920869519542bbf06ed6e77dab376b03f625a1fdf3f2581e26d23083c7f9b1c8725fd1bbf1b0bcc5ae5fa47a82163b7a5b0b8622308de8b7cc304f81f2d5c5d89d847caa455de965eabab11d1171012a17d95caf87d4474d422613386696c71c750acb910d73a469e4758777cd46811cf2b15606cea6bb5a", 0x1000, 0x8}, {&(0x7f00000012c0)="589d1a87ddbfef2ba1dee1b3ba0d2bd54ec38ff3d738ab5021ef8e40eae466c384f7dbbe3fe7f1576c2b9fe14c975fcfcdaf837cf7c75ed7ed92e83b902ffe544333669e3cc7151bf719b892c08c81624eb75bf10472657b27a769cd7958976b11cdcc58908f761f0bd95cf5a374eb75238d8ede501b7a3f3be85fb563c3c7ed03cf926339a67f9183b5c3f9669bb91e14f1efee09d41f500f8e368f03120baf4b71003fd9b7da8a08f19c3f008bb5c01f51b14ced", 0xb5, 0xcb}, {&(0x7f0000001380)="cca26ccc3775db3ca733f38030f6e4bc2874b6438f24772a70138818f6d915afd059aaad3eaee10b4720a312d4a4e495a451469ae836c360aafc1df3e522c8d41b0f4a65e8bd30ac3b850d863b2ba7be535b0fdf8e0ce0762c3c3710d121a564443bfb63af5ce7829a388f93f1d1ec42f1340ea385e6798b7939f47776c08100b79ae0786fb519e9ce10be705e7fb8a14a8eebdd745a8a1cbe72bdee3af5f079e665c0c5dea9775d647f584af7b13cffa0233ffedb30f34e6361f98d8dc04ded02cc340a31e2b04e9a9cbc1d4d4f82030d0c9b84bf451b9fff2e80fafcec7324460f8fbecf7f74838d1ec3ea9c6575ca3c045615dfe6bf04c685168eb29087", 0xff, 0x8000}, {&(0x7f0000000140)="0c1ed78f136e3be372ad318b4a140255f736610124a3a7e6ac38574cb1d5978dc9", 0x21, 0x5}, {&(0x7f0000001480)="c1925b08c5aea46450dfff3a79c238a7d4685c9e020f0c48087e515ab9e3a244c74257314bc5c0f34452ddc96dc5526c7a29b12821e87c13888abb8a269cfb8bd2c375b53d257a89b997096f7fdcd617e524a888fb2a198fb20a98ecdd5e5ceb47f9cefd1cfd6a210b20b775cc18e4ea1675d7ffe688f8fc38490be9149bd0eeb0fea5bbb48455d281b008b5a047d8379c216563a837da996fdb3fbace252d6f0ce44dd19ae48eadda78ac728a4f0589dfb102624fcfeb5e81e3b51b2699b38fad00a6a85d461ac084e6e80946", 0xcd, 0x8ba}], 0x8088, &(0x7f0000001640)={[{'*/'}], [{@euid_eq={'euid', 0x3d, 0xee00}}]}) renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000001680)='./file0\x00', 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) tkill(r0, 0x4) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 322.771813] erofs: read_super, device -> /dev/loop5 23:45:37 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:37 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 26) [ 322.793425] erofs: options -> [ 322.799967] erofs: read_super, device -> /dev/loop3 [ 322.807664] erofs: read_super, device -> /dev/loop1 [ 322.812888] erofs: options -> [ 322.819154] erofs: unmounted for /dev/loop4 [ 322.820735] erofs: root inode @ nid 36 [ 322.828786] erofs: root inode @ nid 36 [ 322.834187] erofs: options -> [ 322.839693] erofs: bogus i_mode (0) @ nid 36 [ 322.847289] erofs: cannot find valid erofs superblock [ 322.853566] erofs: mounted on /dev/loop3 with opts: . [ 322.883117] erofs: read_super, device -> /dev/loop2 [ 322.888801] erofs: unmounted for /dev/loop3 23:45:37 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 322.891522] erofs: options -> [ 322.905216] erofs: root inode @ nid 0 [ 322.909381] erofs: bogus i_mode (0) @ nid 0 [ 322.988370] FAULT_INJECTION: forcing a failure. [ 322.988370] name failslab, interval 1, probability 0, space 0, times 0 [ 323.001274] CPU: 0 PID: 19020 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 323.009175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.018531] Call Trace: [ 323.021132] dump_stack+0x1fc/0x2ef [ 323.024781] should_fail.cold+0xa/0xf [ 323.028593] ? setup_fault_attr+0x200/0x200 [ 323.032292] hpfs: bad mount options. [ 323.032922] ? lock_acquire+0x170/0x3c0 [ 323.032956] __should_failslab+0x115/0x180 [ 323.044957] should_failslab+0x5/0x10 [ 323.048776] kmem_cache_alloc+0x277/0x370 [ 323.052936] __d_alloc+0x2b/0xa10 [ 323.056404] d_alloc+0x4a/0x230 [ 323.059701] __lookup_hash+0xc8/0x180 [ 323.063519] filename_create+0x186/0x490 [ 323.067592] ? kern_path_mountpoint+0x40/0x40 [ 323.072083] ? strncpy_from_user+0x2a2/0x350 [ 323.076484] ? getname_flags+0x25b/0x590 [ 323.080528] do_mkdirat+0xa0/0x2d0 [ 323.084062] ? __ia32_sys_mknod+0x120/0x120 [ 323.088368] ? trace_hardirqs_off_caller+0x6e/0x210 [ 323.093378] ? do_syscall_64+0x21/0x620 [ 323.097341] do_syscall_64+0xf9/0x620 [ 323.101128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.106319] RIP: 0033:0x7fc00fa83217 [ 323.110024] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 323.128916] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 23:45:38 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:38 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c1, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:38 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 323.136615] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 323.143870] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 323.151128] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 323.158406] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 323.165713] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 [ 323.265483] erofs: read_super, device -> /dev/loop5 [ 323.271558] erofs: options -> [ 323.277842] erofs: read_super, device -> /dev/loop1 [ 323.279107] erofs: root inode @ nid 36 [ 323.287082] erofs: options -> [ 323.296140] erofs: cannot find valid erofs superblock [ 323.298456] erofs: mounted on /dev/loop5 with opts: . 23:45:38 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 27) [ 323.315688] erofs: read_super, device -> /dev/loop3 23:45:38 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 323.348518] erofs: options -> [ 323.361564] erofs: root inode @ nid 36 [ 323.377532] erofs: unmounted for /dev/loop5 [ 323.379088] erofs: mounted on /dev/loop3 with opts: . [ 323.411106] erofs: read_super, device -> /dev/loop2 [ 323.425557] erofs: options -> [ 323.429787] erofs: unmounted for /dev/loop3 [ 323.435955] erofs: root inode @ nid 0 [ 323.440125] erofs: bogus i_mode (0) @ nid 0 23:45:38 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 323.457407] FAULT_INJECTION: forcing a failure. [ 323.457407] name failslab, interval 1, probability 0, space 0, times 0 [ 323.469411] CPU: 0 PID: 19057 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 323.477313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.486672] Call Trace: [ 323.489289] dump_stack+0x1fc/0x2ef [ 323.492931] should_fail.cold+0xa/0xf [ 323.496745] ? setup_fault_attr+0x200/0x200 [ 323.501213] __should_failslab+0x115/0x180 [ 323.505452] should_failslab+0x5/0x10 [ 323.509251] kmem_cache_alloc+0x277/0x370 [ 323.513388] ? ext4_sync_fs+0x8d0/0x8d0 [ 323.517353] ext4_alloc_inode+0x1a/0x630 [ 323.521401] ? ext4_sync_fs+0x8d0/0x8d0 [ 323.525362] alloc_inode+0x5d/0x180 [ 323.528973] new_inode+0x1d/0xf0 [ 323.532325] __ext4_new_inode+0x400/0x5a20 [ 323.536546] ? putname+0xe1/0x120 [ 323.539980] ? do_mkdirat+0xa0/0x2d0 [ 323.543695] ? ext4_free_inode+0x1780/0x1780 [ 323.548122] ? debug_check_no_obj_freed+0x201/0x490 [ 323.553136] ? __dquot_initialize+0x298/0xb70 [ 323.557722] ? lock_acquire+0x170/0x3c0 [ 323.561688] ? dquot_initialize_needed+0x290/0x290 [ 323.566611] ? trace_hardirqs_off+0x64/0x200 [ 323.571004] ? common_perm+0x4be/0x800 [ 323.574878] ext4_mkdir+0x396/0xe10 [ 323.578564] ? putname+0xe1/0x120 [ 323.582007] ? ext4_init_dot_dotdot+0x600/0x600 [ 323.586665] ? generic_permission+0x116/0x4d0 [ 323.591263] ? security_inode_permission+0xc5/0xf0 [ 323.596292] ? inode_permission.part.0+0x10c/0x450 [ 323.601226] vfs_mkdir+0x508/0x7a0 [ 323.604756] do_mkdirat+0x262/0x2d0 [ 323.608379] ? __ia32_sys_mknod+0x120/0x120 [ 323.612695] ? trace_hardirqs_off_caller+0x6e/0x210 [ 323.617708] ? do_syscall_64+0x21/0x620 [ 323.621705] do_syscall_64+0xf9/0x620 [ 323.625520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.630691] RIP: 0033:0x7fc00fa83217 [ 323.634414] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 323.653302] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 23:45:38 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async, rerun: 64) ptrace(0x10, r0) (async, rerun: 64) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) flock(r1, 0x0) (rerun: 64) pipe2(0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) (async, rerun: 64) r4 = syz_mount_image$hpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x2, 0x6, &(0x7f0000001580)=[{&(0x7f0000000200)="996c229df9ff9ad293235020c584f929a83f9253c8841fdedd5691f6757487ebc3d1c0b6e430bae461ea1c09ec723a75c8f8f90557b18ea7c99426e45b956220e050cc7fb3a86ac74ba9f4ce3e2ab8282085df3f7e1369e3e0e95f941a956f4a340305252c9522a09356dfaa7130021e3e9e18aa5ff718856a6706851665709a247c221e071c566e6a2efd1c7bf2360f73dc80e7eb9d425d0ed9154f606bfa157fd280de9a5216c24999edb2bb3dc161a425a8cbfb9313", 0xb7, 0x7}, {&(0x7f00000002c0)="b02a422a0af685ee67d8878a7ef5c6b689a12a28e2f7a0aaeb638640c45d16a2e1a3096aa57d619fb590305b82bcbdd19228b7b9d012faf17c28f1177ceea05ef2c8bf03d974771b0c385b916ab69b9a10a9de33980aa032c7af5537c5357b197f699e4e644e5bb2404435d98512e2b2afd3dd73b21e50b54fe75f21c6c98aea3f3e09db8ae335019f6e4c04b6266d55d1bbcc7e96650a5d18979b547027d97d0bc6da272d0bc619f3fb01ab4f70d319d5463cd47c18d3a046b0662c69feeab3c764e541f9ec5afaf5a171a173d48840e42e0cc837475676af6ce05e3f2e20db0026c35f8fde4628286eb7373e3ee8d2f3ebe17d6a17924a7271cf9190ba4d9e4dcb812091c24d0159be6833638f9d830046866b986e501fe0c4823c7ae1ea9aeb3c9c630112aad38957663339a186664e4a79759eb7cba6038f418adcc63d1c2ac1c12058be134cfad27b547910f48f08171c8713d54dbde6f7d69e2bff223f4aceba53367bc6d41550ff799d34d70b889ea2b7a2c439d26a9df39f1acc55c929ebb7a3a2081d719d6f0b36adacbd5647b12cbd64d1b7ab6664b77c371bd92b22885538a1345f0af7ea2abfa491ed5e77346f19b980d34b39d1d9573d45e547a1c10a0d9533fd045b2b11514873ea5ced3c2cde3bfe430b899c6b06c7572f1da2050e5d95b7fafee077b789520d6d4b932946483ece5c59910c4ea097d3587d423e20e4839044286d120426703b2b7ea16b091f393b21441adf29cf39e9a502f49a6b038eb7756c754f2eb039965cddd1fbaf78e4e9fd4815e66640498801f16063c94cf67d511dbcc6d9da778e827add8b66e7c824baa760a5c8a4702b01a4ba4b41267e98c3b4956d825594f2b6abe075f79c4bd626b2389b90c3d6b4d6b8ae920848350363ee629bf8765cd79ee7f2e1a488b69cf9999a8f8687254d0ab01e07b40631dcedc4e4c1f52233d3b6e9d500bcee43416726b94d22f0f520ab6cc81583d4681433138f6eab5e6a20f7951b7e34bc2ce5e84debba4dd81ad35d299af718b6c17000e27ad6a0212c35ad01d86f84a5c3a01413967bcb27b12b8b79126e50745405e8505593b89d106bec2ec47f129cfd57318ad8d33e6e245aeef3e286ad020b933616e68b809ca4c1298a310063a24be42d24d956ad6edf5a715d03955b3e572a1226b6cc1ea57e315bf5dc41e1336489c7c48e8c576995c52ccf455fabf7a915251465c8d82c330dae02eb41b6d995cfb8a37918aafd367f8da2e77dd9f8aef6a9af099fcfca645c1a25022808a7ff00a9677da325d43d99f4c8a9b301fd46cae9f46c15e3ff9819dd13c73b8fc7db7e9ad3bcbb5f2121551301b88f54f2690a167c76b9c6bf24cc2b330a6acd2599a1e69eb1830ec52bbfe92180d322d6c44a5785bcf7f0fa84d829a5dac7b47d88781c66473252d83d0661cf8a2ea725da22aa0cfec03a6fb99e8a02ae818809f4275121212eebf5e3f5b28defce8ca8cffa5c8cb6ea2487e10eb7db300f64e8014f9ec0b2519148f4d4dfcc8f3f5ef85a46e20d9b90e0ff7b4da605864add9a0db383a432056cb678d6af9d33fd2564c4a8b234d693b2c7a5c043cd3b4f7ee533ca5a3ff38f981215d910a39d564444900a3b2ef2a8c8e493935c5f9d97f5bde1ac3ebe9670df1852664e7b89cc75ff24511e662d567e9d63bf14d1530f9aca2101714a9a34b9532a9abd975e08620e609e3330413f10f413d801f476af2b9fc88fbc4e18077c9c74fb84dac613b30229fc8f4939a9fa6b9dc9a7db02255bd973bee3f114437f16488f8848ac8fcde55a763c01283c5486abf3f036d0461ceb674148645a20b12f90640b52183256f01e283be190cc8d5515da8ace0c248bb98eb748484703c23e5a3f3852d348c52659013118965373be7da2d5b83b13e521986f59798967b8922b07c6b874d6be32a0f603d837eaa27d216405731c469922bcf5338b081501d72293b32654e8518a786ae041cb732c3dd43f6341a400f99028bd2f1485a016a83e05f15ff4f8d64de7f3d2f48ab4155d4aae5b2bbc6a00d988ec15acf385c01363908f5a30ff0743df4715d7127360ed61d99ca8d914e1f7dd1941ad48eb3c4773a17ae8714fa8da95723ec6ede7d1e1f98e218703cebab203d3640dec5f7e38049192508f0423a1a35db25006f742172f25a24f833c57a963f449f9bc875e76dcbef4a8c5253985f57dbebf1d20e0d6fcbc9816bde657ef9104c6ec649f92b815fffb0ba12ffb4f03e53d053f38fd471684e4131a87c64e9e7668794be92bb0c4de725fe6e339c043437b583ac3d67130b6097539fce0b35af117250722e08573d4f2f442a9ee681d1881e9752c9ce3e5da6fe335b9d153da172a93935dbc2112b40bf38102f953d60bcbcba5659f92f5e50b77a9d293e4006b9805f9f76b8d34f94c8f28e2cfc4823b21ec40a64d65d4a75dcaa9afe43b0e3a860966ab8576c7727d39ff1e5972021947345511cfd0dbcf001880670c8a87d330d436cc0024484809aa5479cdde04213992646bfde1f81863e66029ce44a315a74d84c04b6db1edbd0157e54ab84796248b38cc7c724eddb36b57f1c40215b1ccd6c69abd54d280975e2970e880ec214d00965f0a3082bcdbfe31fd096e0de7d65248be4e45d79fcc91a2e76c20c4db7790b59f6fd7a3b51542a602cea0028ca7d578ebf367d53c0822a790edfedb96d2a8f29478f560fea3ff19cd637c206560c9ec386bf7221d2c422cfbdf2b550c30c0e7061b39c3e76c4706672392c2308554325df7cb99bc9d7f4e680433da0443cff09c748df2396d69d5c2058bb9b5c62901427d70f988cdb2b3fb3a5da5ee7c517d93e95ab62ab3213af8ae8230312eccd46cb90ed5cc2ff41156b4f47e5ac8bb894b2a4ad2a474c614545256ca1ace2d17257f6071877294e5686dae8bb8ecb9c0e5adad474e96961539dd28d189436d767414ef13c9c524bb00cc5a745477b9be987cb7e3f3089a2de423ec53502e3a6015970ec2150d6a03549facccc037dc4a8ad57d6b7aee4fcdfa90d0150ed4331814154b96985dda67df88c31ec04bc4f659c1ef236d52c508ff7f7e03a2833747854d8df55c0a452e141d66625e6aa001e980827b073046caf3497ea1bd857baa13b7e0183547522a402767d53d88bf1809cf2881a332d77c2e1b5e24f22a4bf2d022e762e42eaf12c42a22a43b9e3c569e25624a686c026c844f1474d0820fae39b5fb0ec21e3523334b848dfbfdd33274ffaff3e143d9c6a43ab55f165fc2b2f5d95f441e339da8e318d491eb060ed3658b5307cf511c43caa37be912c25365455c741fc48795b46fabdf4119bd997e4644efbf13e1468cc78a532ea529ad86bfbcc4ffed9d5c13fac2270d8de393a55df68f2725fb6e94d19942c1730dbc9d95f7876a287b463518b2d8673a990c00948664284904b5cc2ce29d74ea97115eb3ad9370bacc7b35f17f6ba051a2199751b5d04ad05b3b4237832b4e38b0b35e4f2f57214798d32e36130e59184e3b1a19ea5b952d78ee55f8e029f37c1300aa0b70a4648ac5d967692df6f4f79a1ce06bc683e605e4477d75404b8805048a74c295478077ab98fe4cafa420a4916916ca7378e27b09259c47c50db5124f2f312a40996c90609241cbd714baa3e5505f2782cc98b187085fad6fd2895815085050d584dbd48204187e27496a65643fe64ea0129fd3e5c18d63f1dc116fe6920638541abbee08f39c40bc08adf760b2f9b1098e6873b3b1b166518d42dbbafbb825bd68169abae1d6027f25fbae2dcda14a433ed501bf917f12408461aaa710811584992dee6ebfb5988756f2eba456a9da6a91877955f96059ddd3bccf8b022f2e6078e5583b5e90e1e44fec8515fb3d34cd9ad1109666cdbf07291d2e4c674f2f6581f4f308e0cedebcfeea3e41095a6cfb9412b64fced8e6e83098772fe1a22df9bcdff04a125b9adca2a9f3a50674f545104eb1be758c47ca5162a61f3b7dceab8bae2ace3365c4af9b4b3dd168390052c23d9e67ddc05c29fc06e4eed821820ee5b0c7619acc8ad0140d27946ca776b320ed47d7ee8967939c1aed7513789c49afd4bd0809f5d8e87fd70e42180705e848fcffc7cf97d7f61c1e0dba12a8d3104ead9c115c95c93be37949ea8e604378c53868b6fdac7a7d6938bd019213febf62025d9674002bf1819d1f442656c50443ad0f34fa873febb6fb1b992b15669f697e24d669f42280ea619f62315f25be879de1c6cf2f2a23a6c2f941b29035bb38c34c56cc7e80986e63b73b4dfbd5938dcaf8a8d40db07b30e98250a0bd07006b4fde3285bf585288813b91c63357fe438c3b2b8d4adec52adb5aa60455a34c6658e784edaca056246ab1e13955672940b92719232c45eda2175f3e7c73a9a5b74c0378cf46ee531ef3a101ce43e805f4ea950ede100dd5591912b2092e3cbd339899e0d53b390bb440ab578cdeeb142c2adde2a550bbe69d91273e7443479e55d85c91099a6febb0bf035d19392b9fa9ff34a5700a059cc43b8f523bde36c8549aba6dcf7cd4c4e8ce9cfce8e1b4105f35e81f23d7f10802f184b24a5fabe0c032b502d13b434898ad5cce93dc1ff408dd31d687cf45b0c3c61c9a1b571d8ed52158c29dd1af501e54efc7e3fcd474903982ded6debf04f9180bc7bc62806ec17c38b75e6c94076d1c8dd9fa7a279987e4a4d892de9c2c0e570d3ec0f593cfe49cc899bc6e2f2db1b0f055e438233e1e77ef4e52adb3c97352b6183069bae91d34c207e701e844d8e1596898e86e3eb76e9bd150b52e1eeb962382a3fc3ca4e5e535a86978edb07f4cbf1826fe734d0ce4560e6c1d058a6e5a60e7d45a8977c357f8114769005631da638f77749509dcf3403a5265c46bf295aedb7e9b4810507060cf72fada19a9ecd0fbf9b19156b69c72a9f6360f70ded543af75842b63e51c3ef114fbc070df11349db95048f3dcc0fa8599a8315f66a6676f7666ed6da2a4ef8e6b500a292a0cb0aafb5ecfe3c73ed8566f184f1988dc5682dbe1bc3677edcff7de02d041a2195d321e8266c41cd0b1333e9e584a0389b5b9ee601a9117abbb0dccb55f878dadb93f9ee6b31a6dc56397c9e791d6f0abf1a2e619f35b016bcdbbcdd245212d2a8e031305fd48b315dc9615987d192e5b31f925a0e8da8d96a02190a907b6a02728e9b5fbfb7f312010c2f3483e178cd9f3c36eca4bdaa6f46943ba0c742af51f3b993c3c84c931ea701c3d8d57a26e9018e00321194d55df6b0f8040b8e35f93977d1f66a13dfae57e3fdf7fd03433bc9fda29366fc5ee4f7c47e52f42c3b0892dcf8d6199588ec2ffe342cfe25d02074fa8e000ef9dcc395103200994e21f6a0380a9a105966dd7495f9871eccf65b95eec893127237d81aba7d243dc37e725d83f6390f21b6c5f0cf3cecf0ad33226cba792ca6327f6d2d2836e82e6f1f85f5749950e55226f498142dd1266224eaa48d496bb75893cc58800697937b02bdf73d59fba8d84958449a4998cd73f3a39f24a659474bec5eccd3b03aa9feb35bb342c744d396fbf316e33002dd5150dae65e9de48cbe01cf9bacd312276f0c77c2ed7fb920869519542bbf06ed6e77dab376b03f625a1fdf3f2581e26d23083c7f9b1c8725fd1bbf1b0bcc5ae5fa47a82163b7a5b0b8622308de8b7cc304f81f2d5c5d89d847caa455de965eabab11d1171012a17d95caf87d4474d422613386696c71c750acb910d73a469e4758777cd46811cf2b15606cea6bb5a", 0x1000, 0x8}, {&(0x7f00000012c0)="589d1a87ddbfef2ba1dee1b3ba0d2bd54ec38ff3d738ab5021ef8e40eae466c384f7dbbe3fe7f1576c2b9fe14c975fcfcdaf837cf7c75ed7ed92e83b902ffe544333669e3cc7151bf719b892c08c81624eb75bf10472657b27a769cd7958976b11cdcc58908f761f0bd95cf5a374eb75238d8ede501b7a3f3be85fb563c3c7ed03cf926339a67f9183b5c3f9669bb91e14f1efee09d41f500f8e368f03120baf4b71003fd9b7da8a08f19c3f008bb5c01f51b14ced", 0xb5, 0xcb}, {&(0x7f0000001380)="cca26ccc3775db3ca733f38030f6e4bc2874b6438f24772a70138818f6d915afd059aaad3eaee10b4720a312d4a4e495a451469ae836c360aafc1df3e522c8d41b0f4a65e8bd30ac3b850d863b2ba7be535b0fdf8e0ce0762c3c3710d121a564443bfb63af5ce7829a388f93f1d1ec42f1340ea385e6798b7939f47776c08100b79ae0786fb519e9ce10be705e7fb8a14a8eebdd745a8a1cbe72bdee3af5f079e665c0c5dea9775d647f584af7b13cffa0233ffedb30f34e6361f98d8dc04ded02cc340a31e2b04e9a9cbc1d4d4f82030d0c9b84bf451b9fff2e80fafcec7324460f8fbecf7f74838d1ec3ea9c6575ca3c045615dfe6bf04c685168eb29087", 0xff, 0x8000}, {&(0x7f0000000140)="0c1ed78f136e3be372ad318b4a140255f736610124a3a7e6ac38574cb1d5978dc9", 0x21, 0x5}, {&(0x7f0000001480)="c1925b08c5aea46450dfff3a79c238a7d4685c9e020f0c48087e515ab9e3a244c74257314bc5c0f34452ddc96dc5526c7a29b12821e87c13888abb8a269cfb8bd2c375b53d257a89b997096f7fdcd617e524a888fb2a198fb20a98ecdd5e5ceb47f9cefd1cfd6a210b20b775cc18e4ea1675d7ffe688f8fc38490be9149bd0eeb0fea5bbb48455d281b008b5a047d8379c216563a837da996fdb3fbace252d6f0ce44dd19ae48eadda78ac728a4f0589dfb102624fcfeb5e81e3b51b2699b38fad00a6a85d461ac084e6e80946", 0xcd, 0x8ba}], 0x8088, &(0x7f0000001640)={[{'*/'}], [{@euid_eq={'euid', 0x3d, 0xee00}}]}) (rerun: 64) renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000001680)='./file0\x00', 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) tkill(r0, 0x4) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 323.661009] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 323.668368] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 323.675624] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 323.682924] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 323.690196] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 23:45:38 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 28) [ 323.751634] erofs: read_super, device -> /dev/loop1 23:45:38 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:38 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:38 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) [ 323.777767] erofs: options -> [ 323.787565] erofs: cannot find valid erofs superblock [ 323.877900] erofs: read_super, device -> /dev/loop5 [ 323.877913] hpfs: bad mount options. [ 323.888526] FAULT_INJECTION: forcing a failure. [ 323.888526] name failslab, interval 1, probability 0, space 0, times 0 [ 323.888570] erofs: options -> [ 323.908431] CPU: 0 PID: 19080 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 323.916423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.925780] Call Trace: [ 323.928380] dump_stack+0x1fc/0x2ef [ 323.932048] should_fail.cold+0xa/0xf [ 323.935886] ? setup_fault_attr+0x200/0x200 [ 323.940319] __should_failslab+0x115/0x180 [ 323.941492] erofs: root inode @ nid 36 [ 323.944580] should_failslab+0x5/0x10 [ 323.944594] kmem_cache_alloc+0x277/0x370 [ 323.944610] ? ext4_sync_fs+0x8d0/0x8d0 [ 323.944627] ext4_alloc_inode+0x1a/0x630 [ 323.944643] ? ext4_sync_fs+0x8d0/0x8d0 [ 323.944657] alloc_inode+0x5d/0x180 [ 323.944669] new_inode+0x1d/0xf0 [ 323.944684] __ext4_new_inode+0x400/0x5a20 [ 323.944702] ? putname+0xe1/0x120 [ 323.964186] erofs: mounted on /dev/loop5 with opts: . [ 323.964513] ? do_mkdirat+0xa0/0x2d0 [ 323.969096] erofs: unmounted for /dev/loop5 [ 323.972130] ? ext4_free_inode+0x1780/0x1780 [ 323.972147] ? debug_check_no_obj_freed+0x201/0x490 [ 323.972163] ? __dquot_initialize+0x298/0xb70 [ 323.972183] ? lock_acquire+0x170/0x3c0 [ 323.972198] ? dquot_initialize_needed+0x290/0x290 [ 323.972214] ? trace_hardirqs_off+0x64/0x200 [ 323.972231] ? common_perm+0x4be/0x800 [ 323.972252] ext4_mkdir+0x396/0xe10 [ 324.031586] ? putname+0xe1/0x120 [ 324.035035] ? ext4_init_dot_dotdot+0x600/0x600 [ 324.039699] ? generic_permission+0x116/0x4d0 [ 324.044201] ? security_inode_permission+0xc5/0xf0 [ 324.049137] ? inode_permission.part.0+0x10c/0x450 [ 324.054077] vfs_mkdir+0x508/0x7a0 [ 324.057620] do_mkdirat+0x262/0x2d0 [ 324.061245] ? __ia32_sys_mknod+0x120/0x120 [ 324.065562] ? trace_hardirqs_off_caller+0x6e/0x210 [ 324.070579] ? do_syscall_64+0x21/0x620 [ 324.074562] do_syscall_64+0xf9/0x620 [ 324.078623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.083801] RIP: 0033:0x7fc00fa83217 [ 324.087515] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 324.106419] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 324.114238] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 324.121736] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 324.128997] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 324.136255] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 324.143520] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 23:45:39 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 324.205910] hpfs: bad mount options. 23:45:39 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) [ 324.239272] erofs: read_super, device -> /dev/loop3 [ 324.245156] erofs: options -> [ 324.248966] erofs: root inode @ nid 36 [ 324.258641] erofs: mounted on /dev/loop3 with opts: . [ 324.266800] erofs: unmounted for /dev/loop3 23:45:39 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 29) 23:45:39 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 324.386700] erofs: read_super, device -> /dev/loop2 [ 324.396825] erofs: options -> [ 324.400523] erofs: root inode @ nid 36 [ 324.404949] erofs: mounted on /dev/loop2 with opts: . [ 324.410388] erofs: unmounted for /dev/loop2 [ 324.473226] erofs: read_super, device -> /dev/loop5 [ 324.479014] erofs: options -> [ 324.483116] erofs: root inode @ nid 36 [ 324.487429] erofs: mounted on /dev/loop5 with opts: . [ 324.493965] erofs: unmounted for /dev/loop5 [ 324.498766] hpfs: bad mount options. [ 324.508355] FAULT_INJECTION: forcing a failure. [ 324.508355] name failslab, interval 1, probability 0, space 0, times 0 [ 324.526938] CPU: 0 PID: 19123 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 324.535029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.544374] Call Trace: [ 324.546955] dump_stack+0x1fc/0x2ef [ 324.550572] should_fail.cold+0xa/0xf [ 324.554461] ? setup_fault_attr+0x200/0x200 [ 324.558775] ? __lock_acquire+0x6de/0x3ff0 [ 324.563000] __should_failslab+0x115/0x180 [ 324.567226] should_failslab+0x5/0x10 [ 324.571012] __kmalloc+0x2ab/0x3c0 [ 324.574537] ? ext4_find_extent+0x9bb/0xc70 [ 324.579369] ext4_find_extent+0x9bb/0xc70 [ 324.583509] ext4_ext_map_blocks+0x1c0/0x7390 [ 324.588109] ? __lock_acquire+0x6de/0x3ff0 [ 324.592336] ? __lock_acquire+0x6de/0x3ff0 [ 324.596648] ? mark_held_locks+0xf0/0xf0 [ 324.600696] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 324.606048] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 324.611234] ? mark_held_locks+0xf0/0xf0 [ 324.615297] ? ext4_mark_iloc_dirty+0x1b0d/0x2b30 [ 324.620140] ? ext4_es_lookup_extent+0x375/0xb60 [ 324.624927] ? lock_downgrade+0x720/0x720 [ 324.629091] ? lock_acquire+0x170/0x3c0 [ 324.633056] ? check_preemption_disabled+0x41/0x280 [ 324.638077] ? lock_acquire+0x170/0x3c0 [ 324.642045] ? ext4_map_blocks+0x33e/0x1a50 [ 324.646357] ext4_map_blocks+0xd88/0x1a50 [ 324.650500] ? check_preemption_disabled+0x41/0x280 [ 324.655506] ? ext4_issue_zeroout+0x160/0x160 [ 324.660004] ? __brelse+0x84/0xa0 [ 324.663449] ? __ext4_new_inode+0x2eb/0x5a20 [ 324.667847] ext4_getblk+0xad/0x4f0 [ 324.671466] ? ext4_iomap_begin+0xe00/0xe00 [ 324.675790] ? ext4_free_inode+0x1780/0x1780 [ 324.680191] ? debug_check_no_obj_freed+0x201/0x490 [ 324.685210] ? __dquot_initialize+0x298/0xb70 [ 324.689713] ext4_bread+0x7c/0x210 [ 324.693244] ? ext4_getblk+0x4f0/0x4f0 [ 324.697119] ? dquot_initialize_needed+0x290/0x290 [ 324.702053] ? trace_hardirqs_off+0x64/0x200 [ 324.706458] ext4_append+0x155/0x370 [ 324.710163] ext4_mkdir+0x5bd/0xe10 [ 324.713793] ? ext4_init_dot_dotdot+0x600/0x600 [ 324.718456] ? generic_permission+0x116/0x4d0 [ 324.722940] ? inode_permission.part.0+0x10c/0x450 [ 324.727858] vfs_mkdir+0x508/0x7a0 [ 324.731393] do_mkdirat+0x262/0x2d0 [ 324.735023] ? __ia32_sys_mknod+0x120/0x120 [ 324.739337] ? trace_hardirqs_off_caller+0x6e/0x210 [ 324.744350] ? do_syscall_64+0x21/0x620 [ 324.748420] do_syscall_64+0xf9/0x620 [ 324.752221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.757434] RIP: 0033:0x7fc00fa83217 23:45:39 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 324.761137] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 324.780100] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 324.787811] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 324.795078] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 324.802338] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 324.809594] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 324.816851] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 23:45:39 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) 23:45:39 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 32) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) flock(r1, 0x0) (async) pipe2(0x0, 0x0) (async) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) (async, rerun: 64) r4 = syz_mount_image$hpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x2, 0x6, &(0x7f0000001580)=[{&(0x7f0000000200)="996c229df9ff9ad293235020c584f929a83f9253c8841fdedd5691f6757487ebc3d1c0b6e430bae461ea1c09ec723a75c8f8f90557b18ea7c99426e45b956220e050cc7fb3a86ac74ba9f4ce3e2ab8282085df3f7e1369e3e0e95f941a956f4a340305252c9522a09356dfaa7130021e3e9e18aa5ff718856a6706851665709a247c221e071c566e6a2efd1c7bf2360f73dc80e7eb9d425d0ed9154f606bfa157fd280de9a5216c24999edb2bb3dc161a425a8cbfb9313", 0xb7, 0x7}, {&(0x7f00000002c0)="b02a422a0af685ee67d8878a7ef5c6b689a12a28e2f7a0aaeb638640c45d16a2e1a3096aa57d619fb590305b82bcbdd19228b7b9d012faf17c28f1177ceea05ef2c8bf03d974771b0c385b916ab69b9a10a9de33980aa032c7af5537c5357b197f699e4e644e5bb2404435d98512e2b2afd3dd73b21e50b54fe75f21c6c98aea3f3e09db8ae335019f6e4c04b6266d55d1bbcc7e96650a5d18979b547027d97d0bc6da272d0bc619f3fb01ab4f70d319d5463cd47c18d3a046b0662c69feeab3c764e541f9ec5afaf5a171a173d48840e42e0cc837475676af6ce05e3f2e20db0026c35f8fde4628286eb7373e3ee8d2f3ebe17d6a17924a7271cf9190ba4d9e4dcb812091c24d0159be6833638f9d830046866b986e501fe0c4823c7ae1ea9aeb3c9c630112aad38957663339a186664e4a79759eb7cba6038f418adcc63d1c2ac1c12058be134cfad27b547910f48f08171c8713d54dbde6f7d69e2bff223f4aceba53367bc6d41550ff799d34d70b889ea2b7a2c439d26a9df39f1acc55c929ebb7a3a2081d719d6f0b36adacbd5647b12cbd64d1b7ab6664b77c371bd92b22885538a1345f0af7ea2abfa491ed5e77346f19b980d34b39d1d9573d45e547a1c10a0d9533fd045b2b11514873ea5ced3c2cde3bfe430b899c6b06c7572f1da2050e5d95b7fafee077b789520d6d4b932946483ece5c59910c4ea097d3587d423e20e4839044286d120426703b2b7ea16b091f393b21441adf29cf39e9a502f49a6b038eb7756c754f2eb039965cddd1fbaf78e4e9fd4815e66640498801f16063c94cf67d511dbcc6d9da778e827add8b66e7c824baa760a5c8a4702b01a4ba4b41267e98c3b4956d825594f2b6abe075f79c4bd626b2389b90c3d6b4d6b8ae920848350363ee629bf8765cd79ee7f2e1a488b69cf9999a8f8687254d0ab01e07b40631dcedc4e4c1f52233d3b6e9d500bcee43416726b94d22f0f520ab6cc81583d4681433138f6eab5e6a20f7951b7e34bc2ce5e84debba4dd81ad35d299af718b6c17000e27ad6a0212c35ad01d86f84a5c3a01413967bcb27b12b8b79126e50745405e8505593b89d106bec2ec47f129cfd57318ad8d33e6e245aeef3e286ad020b933616e68b809ca4c1298a310063a24be42d24d956ad6edf5a715d03955b3e572a1226b6cc1ea57e315bf5dc41e1336489c7c48e8c576995c52ccf455fabf7a915251465c8d82c330dae02eb41b6d995cfb8a37918aafd367f8da2e77dd9f8aef6a9af099fcfca645c1a25022808a7ff00a9677da325d43d99f4c8a9b301fd46cae9f46c15e3ff9819dd13c73b8fc7db7e9ad3bcbb5f2121551301b88f54f2690a167c76b9c6bf24cc2b330a6acd2599a1e69eb1830ec52bbfe92180d322d6c44a5785bcf7f0fa84d829a5dac7b47d88781c66473252d83d0661cf8a2ea725da22aa0cfec03a6fb99e8a02ae818809f4275121212eebf5e3f5b28defce8ca8cffa5c8cb6ea2487e10eb7db300f64e8014f9ec0b2519148f4d4dfcc8f3f5ef85a46e20d9b90e0ff7b4da605864add9a0db383a432056cb678d6af9d33fd2564c4a8b234d693b2c7a5c043cd3b4f7ee533ca5a3ff38f981215d910a39d564444900a3b2ef2a8c8e493935c5f9d97f5bde1ac3ebe9670df1852664e7b89cc75ff24511e662d567e9d63bf14d1530f9aca2101714a9a34b9532a9abd975e08620e609e3330413f10f413d801f476af2b9fc88fbc4e18077c9c74fb84dac613b30229fc8f4939a9fa6b9dc9a7db02255bd973bee3f114437f16488f8848ac8fcde55a763c01283c5486abf3f036d0461ceb674148645a20b12f90640b52183256f01e283be190cc8d5515da8ace0c248bb98eb748484703c23e5a3f3852d348c52659013118965373be7da2d5b83b13e521986f59798967b8922b07c6b874d6be32a0f603d837eaa27d216405731c469922bcf5338b081501d72293b32654e8518a786ae041cb732c3dd43f6341a400f99028bd2f1485a016a83e05f15ff4f8d64de7f3d2f48ab4155d4aae5b2bbc6a00d988ec15acf385c01363908f5a30ff0743df4715d7127360ed61d99ca8d914e1f7dd1941ad48eb3c4773a17ae8714fa8da95723ec6ede7d1e1f98e218703cebab203d3640dec5f7e38049192508f0423a1a35db25006f742172f25a24f833c57a963f449f9bc875e76dcbef4a8c5253985f57dbebf1d20e0d6fcbc9816bde657ef9104c6ec649f92b815fffb0ba12ffb4f03e53d053f38fd471684e4131a87c64e9e7668794be92bb0c4de725fe6e339c043437b583ac3d67130b6097539fce0b35af117250722e08573d4f2f442a9ee681d1881e9752c9ce3e5da6fe335b9d153da172a93935dbc2112b40bf38102f953d60bcbcba5659f92f5e50b77a9d293e4006b9805f9f76b8d34f94c8f28e2cfc4823b21ec40a64d65d4a75dcaa9afe43b0e3a860966ab8576c7727d39ff1e5972021947345511cfd0dbcf001880670c8a87d330d436cc0024484809aa5479cdde04213992646bfde1f81863e66029ce44a315a74d84c04b6db1edbd0157e54ab84796248b38cc7c724eddb36b57f1c40215b1ccd6c69abd54d280975e2970e880ec214d00965f0a3082bcdbfe31fd096e0de7d65248be4e45d79fcc91a2e76c20c4db7790b59f6fd7a3b51542a602cea0028ca7d578ebf367d53c0822a790edfedb96d2a8f29478f560fea3ff19cd637c206560c9ec386bf7221d2c422cfbdf2b550c30c0e7061b39c3e76c4706672392c2308554325df7cb99bc9d7f4e680433da0443cff09c748df2396d69d5c2058bb9b5c62901427d70f988cdb2b3fb3a5da5ee7c517d93e95ab62ab3213af8ae8230312eccd46cb90ed5cc2ff41156b4f47e5ac8bb894b2a4ad2a474c614545256ca1ace2d17257f6071877294e5686dae8bb8ecb9c0e5adad474e96961539dd28d189436d767414ef13c9c524bb00cc5a745477b9be987cb7e3f3089a2de423ec53502e3a6015970ec2150d6a03549facccc037dc4a8ad57d6b7aee4fcdfa90d0150ed4331814154b96985dda67df88c31ec04bc4f659c1ef236d52c508ff7f7e03a2833747854d8df55c0a452e141d66625e6aa001e980827b073046caf3497ea1bd857baa13b7e0183547522a402767d53d88bf1809cf2881a332d77c2e1b5e24f22a4bf2d022e762e42eaf12c42a22a43b9e3c569e25624a686c026c844f1474d0820fae39b5fb0ec21e3523334b848dfbfdd33274ffaff3e143d9c6a43ab55f165fc2b2f5d95f441e339da8e318d491eb060ed3658b5307cf511c43caa37be912c25365455c741fc48795b46fabdf4119bd997e4644efbf13e1468cc78a532ea529ad86bfbcc4ffed9d5c13fac2270d8de393a55df68f2725fb6e94d19942c1730dbc9d95f7876a287b463518b2d8673a990c00948664284904b5cc2ce29d74ea97115eb3ad9370bacc7b35f17f6ba051a2199751b5d04ad05b3b4237832b4e38b0b35e4f2f57214798d32e36130e59184e3b1a19ea5b952d78ee55f8e029f37c1300aa0b70a4648ac5d967692df6f4f79a1ce06bc683e605e4477d75404b8805048a74c295478077ab98fe4cafa420a4916916ca7378e27b09259c47c50db5124f2f312a40996c90609241cbd714baa3e5505f2782cc98b187085fad6fd2895815085050d584dbd48204187e27496a65643fe64ea0129fd3e5c18d63f1dc116fe6920638541abbee08f39c40bc08adf760b2f9b1098e6873b3b1b166518d42dbbafbb825bd68169abae1d6027f25fbae2dcda14a433ed501bf917f12408461aaa710811584992dee6ebfb5988756f2eba456a9da6a91877955f96059ddd3bccf8b022f2e6078e5583b5e90e1e44fec8515fb3d34cd9ad1109666cdbf07291d2e4c674f2f6581f4f308e0cedebcfeea3e41095a6cfb9412b64fced8e6e83098772fe1a22df9bcdff04a125b9adca2a9f3a50674f545104eb1be758c47ca5162a61f3b7dceab8bae2ace3365c4af9b4b3dd168390052c23d9e67ddc05c29fc06e4eed821820ee5b0c7619acc8ad0140d27946ca776b320ed47d7ee8967939c1aed7513789c49afd4bd0809f5d8e87fd70e42180705e848fcffc7cf97d7f61c1e0dba12a8d3104ead9c115c95c93be37949ea8e604378c53868b6fdac7a7d6938bd019213febf62025d9674002bf1819d1f442656c50443ad0f34fa873febb6fb1b992b15669f697e24d669f42280ea619f62315f25be879de1c6cf2f2a23a6c2f941b29035bb38c34c56cc7e80986e63b73b4dfbd5938dcaf8a8d40db07b30e98250a0bd07006b4fde3285bf585288813b91c63357fe438c3b2b8d4adec52adb5aa60455a34c6658e784edaca056246ab1e13955672940b92719232c45eda2175f3e7c73a9a5b74c0378cf46ee531ef3a101ce43e805f4ea950ede100dd5591912b2092e3cbd339899e0d53b390bb440ab578cdeeb142c2adde2a550bbe69d91273e7443479e55d85c91099a6febb0bf035d19392b9fa9ff34a5700a059cc43b8f523bde36c8549aba6dcf7cd4c4e8ce9cfce8e1b4105f35e81f23d7f10802f184b24a5fabe0c032b502d13b434898ad5cce93dc1ff408dd31d687cf45b0c3c61c9a1b571d8ed52158c29dd1af501e54efc7e3fcd474903982ded6debf04f9180bc7bc62806ec17c38b75e6c94076d1c8dd9fa7a279987e4a4d892de9c2c0e570d3ec0f593cfe49cc899bc6e2f2db1b0f055e438233e1e77ef4e52adb3c97352b6183069bae91d34c207e701e844d8e1596898e86e3eb76e9bd150b52e1eeb962382a3fc3ca4e5e535a86978edb07f4cbf1826fe734d0ce4560e6c1d058a6e5a60e7d45a8977c357f8114769005631da638f77749509dcf3403a5265c46bf295aedb7e9b4810507060cf72fada19a9ecd0fbf9b19156b69c72a9f6360f70ded543af75842b63e51c3ef114fbc070df11349db95048f3dcc0fa8599a8315f66a6676f7666ed6da2a4ef8e6b500a292a0cb0aafb5ecfe3c73ed8566f184f1988dc5682dbe1bc3677edcff7de02d041a2195d321e8266c41cd0b1333e9e584a0389b5b9ee601a9117abbb0dccb55f878dadb93f9ee6b31a6dc56397c9e791d6f0abf1a2e619f35b016bcdbbcdd245212d2a8e031305fd48b315dc9615987d192e5b31f925a0e8da8d96a02190a907b6a02728e9b5fbfb7f312010c2f3483e178cd9f3c36eca4bdaa6f46943ba0c742af51f3b993c3c84c931ea701c3d8d57a26e9018e00321194d55df6b0f8040b8e35f93977d1f66a13dfae57e3fdf7fd03433bc9fda29366fc5ee4f7c47e52f42c3b0892dcf8d6199588ec2ffe342cfe25d02074fa8e000ef9dcc395103200994e21f6a0380a9a105966dd7495f9871eccf65b95eec893127237d81aba7d243dc37e725d83f6390f21b6c5f0cf3cecf0ad33226cba792ca6327f6d2d2836e82e6f1f85f5749950e55226f498142dd1266224eaa48d496bb75893cc58800697937b02bdf73d59fba8d84958449a4998cd73f3a39f24a659474bec5eccd3b03aa9feb35bb342c744d396fbf316e33002dd5150dae65e9de48cbe01cf9bacd312276f0c77c2ed7fb920869519542bbf06ed6e77dab376b03f625a1fdf3f2581e26d23083c7f9b1c8725fd1bbf1b0bcc5ae5fa47a82163b7a5b0b8622308de8b7cc304f81f2d5c5d89d847caa455de965eabab11d1171012a17d95caf87d4474d422613386696c71c750acb910d73a469e4758777cd46811cf2b15606cea6bb5a", 0x1000, 0x8}, {&(0x7f00000012c0)="589d1a87ddbfef2ba1dee1b3ba0d2bd54ec38ff3d738ab5021ef8e40eae466c384f7dbbe3fe7f1576c2b9fe14c975fcfcdaf837cf7c75ed7ed92e83b902ffe544333669e3cc7151bf719b892c08c81624eb75bf10472657b27a769cd7958976b11cdcc58908f761f0bd95cf5a374eb75238d8ede501b7a3f3be85fb563c3c7ed03cf926339a67f9183b5c3f9669bb91e14f1efee09d41f500f8e368f03120baf4b71003fd9b7da8a08f19c3f008bb5c01f51b14ced", 0xb5, 0xcb}, {&(0x7f0000001380)="cca26ccc3775db3ca733f38030f6e4bc2874b6438f24772a70138818f6d915afd059aaad3eaee10b4720a312d4a4e495a451469ae836c360aafc1df3e522c8d41b0f4a65e8bd30ac3b850d863b2ba7be535b0fdf8e0ce0762c3c3710d121a564443bfb63af5ce7829a388f93f1d1ec42f1340ea385e6798b7939f47776c08100b79ae0786fb519e9ce10be705e7fb8a14a8eebdd745a8a1cbe72bdee3af5f079e665c0c5dea9775d647f584af7b13cffa0233ffedb30f34e6361f98d8dc04ded02cc340a31e2b04e9a9cbc1d4d4f82030d0c9b84bf451b9fff2e80fafcec7324460f8fbecf7f74838d1ec3ea9c6575ca3c045615dfe6bf04c685168eb29087", 0xff, 0x8000}, {&(0x7f0000000140)="0c1ed78f136e3be372ad318b4a140255f736610124a3a7e6ac38574cb1d5978dc9", 0x21, 0x5}, {&(0x7f0000001480)="c1925b08c5aea46450dfff3a79c238a7d4685c9e020f0c48087e515ab9e3a244c74257314bc5c0f34452ddc96dc5526c7a29b12821e87c13888abb8a269cfb8bd2c375b53d257a89b997096f7fdcd617e524a888fb2a198fb20a98ecdd5e5ceb47f9cefd1cfd6a210b20b775cc18e4ea1675d7ffe688f8fc38490be9149bd0eeb0fea5bbb48455d281b008b5a047d8379c216563a837da996fdb3fbace252d6f0ce44dd19ae48eadda78ac728a4f0589dfb102624fcfeb5e81e3b51b2699b38fad00a6a85d461ac084e6e80946", 0xcd, 0x8ba}], 0x8088, &(0x7f0000001640)={[{'*/'}], [{@euid_eq={'euid', 0x3d, 0xee00}}]}) (rerun: 64) renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000001680)='./file0\x00', 0x1) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) tkill(r0, 0x4) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 324.888084] erofs: read_super, device -> /dev/loop4 [ 324.902225] erofs: read_super, device -> /dev/loop3 [ 324.913664] erofs: options -> [ 324.920484] erofs: options -> [ 324.932558] erofs: root inode @ nid 36 23:45:39 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:40 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 30) [ 324.937255] erofs: root inode @ nid 36 [ 324.941233] erofs: mounted on /dev/loop4 with opts: . [ 324.958008] erofs: mounted on /dev/loop3 with opts: . [ 324.974994] erofs: unmounted for /dev/loop3 23:45:40 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = syz_mount_image$gfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="196205bb9acd46a5c4", 0x9, 0x9}], 0x1088400, &(0x7f0000000200)={[{@norecovery}], [{@smackfsdef={'smackfsdef', 0x3d, '#'}}, {@subj_role={'subj_role', 0x3d, ',,\''}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@fowner_gt={'fowner>', 0xee01}}, {@dont_appraise}]}) openat(r1, 0x0, 0x60800, 0x82) lsetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@random={'user.', 'euid'}, &(0x7f0000000300)=':\x00', 0x2, 0x3) [ 324.998626] erofs: unmounted for /dev/loop4 [ 325.062922] erofs: read_super, device -> /dev/loop2 [ 325.068129] erofs: options -> [ 325.071713] erofs: root inode @ nid 0 [ 325.077693] erofs: bogus i_mode (0) @ nid 0 23:45:40 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x23, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:40 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:40 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 325.167637] erofs: read_super, device -> /dev/loop5 [ 325.173238] erofs: options -> [ 325.177095] erofs: root inode @ nid 36 [ 325.191948] erofs: bogus i_mode (300) @ nid 36 [ 325.266985] erofs: read_super, device -> /dev/loop1 [ 325.272790] erofs: options -> [ 325.279935] erofs: root inode @ nid 36 [ 325.282980] FAULT_INJECTION: forcing a failure. [ 325.282980] name failslab, interval 1, probability 0, space 0, times 0 [ 325.299961] erofs: mounted on /dev/loop1 with opts: . [ 325.306235] CPU: 1 PID: 19175 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 325.310832] erofs: unmounted for /dev/loop1 [ 325.314145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.314152] Call Trace: [ 325.314179] dump_stack+0x1fc/0x2ef [ 325.314199] should_fail.cold+0xa/0xf [ 325.314216] ? setup_fault_attr+0x200/0x200 [ 325.314230] ? __lock_acquire+0x6de/0x3ff0 [ 325.314250] __should_failslab+0x115/0x180 [ 325.314267] should_failslab+0x5/0x10 [ 325.314280] __kmalloc+0x2ab/0x3c0 [ 325.314292] ? ext4_find_extent+0x9bb/0xc70 23:45:40 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 325.314306] ext4_find_extent+0x9bb/0xc70 [ 325.314326] ext4_ext_map_blocks+0x1c0/0x7390 [ 325.314343] ? __lock_acquire+0x6de/0x3ff0 [ 325.314361] ? __lock_acquire+0x6de/0x3ff0 [ 325.314381] ? mark_held_locks+0xf0/0xf0 [ 325.314396] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 325.314409] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 325.314423] ? mark_held_locks+0xf0/0xf0 [ 325.314440] ? ext4_mark_iloc_dirty+0x1b0d/0x2b30 [ 325.314460] ? ext4_es_lookup_extent+0x375/0xb60 [ 325.314479] ? lock_downgrade+0x720/0x720 [ 325.314492] ? lock_acquire+0x170/0x3c0 [ 325.314509] ? check_preemption_disabled+0x41/0x280 [ 325.314529] ? lock_acquire+0x170/0x3c0 [ 325.314543] ? ext4_map_blocks+0x33e/0x1a50 [ 325.314572] ext4_map_blocks+0xd88/0x1a50 [ 325.314591] ? check_preemption_disabled+0x41/0x280 [ 325.314609] ? ext4_issue_zeroout+0x160/0x160 [ 325.314625] ? __brelse+0x84/0xa0 [ 325.314639] ? __ext4_new_inode+0x2eb/0x5a20 [ 325.314662] ext4_getblk+0xad/0x4f0 [ 325.314680] ? ext4_iomap_begin+0xe00/0xe00 [ 325.314697] ? ext4_free_inode+0x1780/0x1780 [ 325.314710] ? debug_check_no_obj_freed+0x201/0x490 [ 325.314725] ? __dquot_initialize+0x298/0xb70 [ 325.314744] ext4_bread+0x7c/0x210 [ 325.314759] ? ext4_getblk+0x4f0/0x4f0 [ 325.314774] ? dquot_initialize_needed+0x290/0x290 [ 325.314792] ? trace_hardirqs_off+0x64/0x200 [ 325.314810] ext4_append+0x155/0x370 [ 325.314829] ext4_mkdir+0x5bd/0xe10 [ 325.314852] ? ext4_init_dot_dotdot+0x600/0x600 [ 325.314870] ? generic_permission+0x116/0x4d0 [ 325.314888] ? inode_permission.part.0+0x10c/0x450 [ 325.314907] vfs_mkdir+0x508/0x7a0 [ 325.314923] do_mkdirat+0x262/0x2d0 [ 325.314938] ? __ia32_sys_mknod+0x120/0x120 [ 325.314955] ? trace_hardirqs_off_caller+0x6e/0x210 [ 325.314970] ? do_syscall_64+0x21/0x620 [ 325.314987] do_syscall_64+0xf9/0x620 [ 325.315006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.315018] RIP: 0033:0x7fc00fa83217 [ 325.315032] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 325.315039] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 325.315053] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 325.315061] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 325.315068] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 325.315076] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 325.315084] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 [ 325.625154] erofs: read_super, device -> /dev/loop2 [ 325.630385] erofs: options -> [ 325.636576] erofs: root inode @ nid 0 [ 325.641528] erofs: bogus i_mode (0) @ nid 0 [ 325.663801] erofs: read_super, device -> /dev/loop4 [ 325.668869] erofs: options -> [ 325.675807] erofs: root inode @ nid 36 [ 325.679978] erofs: mounted on /dev/loop4 with opts: . [ 325.700220] erofs: read_super, device -> /dev/loop3 23:45:40 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 325.722348] Bluetooth: hci4: command 0x0406 tx timeout [ 325.739011] erofs: options -> [ 325.750145] erofs: root inode @ nid 36 [ 325.757001] erofs: read_super, device -> /dev/loop5 [ 325.766459] erofs: mounted on /dev/loop3 with opts: . 23:45:40 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r1 = syz_mount_image$gfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="196205bb9acd46a5c4", 0x9, 0x9}], 0x1088400, &(0x7f0000000200)={[{@norecovery}], [{@smackfsdef={'smackfsdef', 0x3d, '#'}}, {@subj_role={'subj_role', 0x3d, ',,\''}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@fowner_gt={'fowner>', 0xee01}}, {@dont_appraise}]}) openat(r1, 0x0, 0x60800, 0x82) lsetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@random={'user.', 'euid'}, &(0x7f0000000300)=':\x00', 0x2, 0x3) 23:45:40 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 31) [ 325.769741] Bluetooth: hci1: command 0x0406 tx timeout [ 325.771702] erofs: options -> [ 325.774499] erofs: root inode @ nid 36 [ 325.788963] erofs: unmounted for /dev/loop3 [ 325.800935] erofs: bogus i_mode (300) @ nid 36 [ 325.812060] Bluetooth: hci0: command 0x0406 tx timeout 23:45:40 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 1) 23:45:40 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 325.825196] Bluetooth: hci2: command 0x0406 tx timeout [ 325.837384] Bluetooth: hci5: command 0x0406 tx timeout [ 325.845849] Bluetooth: hci3: command 0x0406 tx timeout [ 325.851287] erofs: unmounted for /dev/loop4 [ 325.949681] FAULT_INJECTION: forcing a failure. [ 325.949681] name failslab, interval 1, probability 0, space 0, times 0 [ 325.961293] CPU: 1 PID: 19217 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 325.969169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.978512] Call Trace: [ 325.981099] dump_stack+0x1fc/0x2ef [ 325.984775] should_fail.cold+0xa/0xf [ 325.988601] ? setup_fault_attr+0x200/0x200 [ 325.992917] ? lock_acquire+0x170/0x3c0 [ 325.996890] __should_failslab+0x115/0x180 [ 326.001132] should_failslab+0x5/0x10 [ 326.004938] __kmalloc+0x2ab/0x3c0 [ 326.008476] ? __se_sys_memfd_create+0xf8/0x440 [ 326.013136] __se_sys_memfd_create+0xf8/0x440 [ 326.017637] ? memfd_file_seals_ptr+0x150/0x150 [ 326.022307] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 326.027678] ? trace_hardirqs_off_caller+0x6e/0x210 [ 326.032711] ? do_syscall_64+0x21/0x620 [ 326.036694] do_syscall_64+0xf9/0x620 [ 326.040492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.045674] RIP: 0033:0x7f1733ddd109 [ 326.049547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 326.068448] RSP: 002b:00007f1732751f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 326.076145] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f1733ddd109 [ 326.083404] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f1733e361be [ 326.090670] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f17327521d0 [ 326.097928] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 326.105192] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 326.137721] erofs: read_super, device -> /dev/loop2 [ 326.142926] erofs: options -> 23:45:41 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 2) 23:45:41 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = syz_mount_image$gfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="196205bb9acd46a5c4", 0x9, 0x9}], 0x1088400, &(0x7f0000000200)={[{@norecovery}], [{@smackfsdef={'smackfsdef', 0x3d, '#'}}, {@subj_role={'subj_role', 0x3d, ',,\''}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@fowner_gt={'fowner>', 0xee01}}, {@dont_appraise}]}) openat(r1, 0x0, 0x60800, 0x82) (async) lsetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@random={'user.', 'euid'}, &(0x7f0000000300)=':\x00', 0x2, 0x3) 23:45:41 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c0", 0x5, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 326.155921] erofs: root inode @ nid 0 [ 326.173256] erofs: bogus i_mode (0) @ nid 0 23:45:41 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 326.217912] FAULT_INJECTION: forcing a failure. [ 326.217912] name failslab, interval 1, probability 0, space 0, times 0 [ 326.229815] erofs: read_super, device -> /dev/loop3 [ 326.236023] erofs: options -> [ 326.250497] erofs: root inode @ nid 36 [ 326.256414] erofs: mounted on /dev/loop3 with opts: . [ 326.261107] CPU: 0 PID: 19228 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 326.262810] FAULT_INJECTION: forcing a failure. [ 326.262810] name failslab, interval 1, probability 0, space 0, times 0 [ 326.269504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.269511] Call Trace: [ 326.269538] dump_stack+0x1fc/0x2ef [ 326.269557] should_fail.cold+0xa/0xf [ 326.269580] ? setup_fault_attr+0x200/0x200 [ 326.269595] ? lock_acquire+0x170/0x3c0 [ 326.308536] __should_failslab+0x115/0x180 [ 326.312770] should_failslab+0x5/0x10 [ 326.316566] kmem_cache_alloc+0x277/0x370 [ 326.320706] ? shmem_destroy_callback+0xb0/0xb0 [ 326.325400] shmem_alloc_inode+0x18/0x40 [ 326.329476] ? shmem_destroy_callback+0xb0/0xb0 [ 326.334146] alloc_inode+0x5d/0x180 [ 326.337769] new_inode+0x1d/0xf0 [ 326.341133] shmem_get_inode+0x96/0x8d0 [ 326.345128] __shmem_file_setup.part.0+0x7a/0x2b0 [ 326.349986] shmem_file_setup+0x61/0x90 [ 326.354307] __se_sys_memfd_create+0x26b/0x440 [ 326.359020] ? memfd_file_seals_ptr+0x150/0x150 [ 326.363685] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 326.369044] ? trace_hardirqs_off_caller+0x6e/0x210 [ 326.374057] ? do_syscall_64+0x21/0x620 [ 326.378022] do_syscall_64+0xf9/0x620 [ 326.381819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.387000] RIP: 0033:0x7f1733ddd109 [ 326.390703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 326.409683] RSP: 002b:00007f1732751f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 326.417382] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f1733ddd109 [ 326.424653] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f1733e361be [ 326.431927] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f17327521d0 [ 326.439193] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 326.446457] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 326.453735] CPU: 1 PID: 19230 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 326.461621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.471070] Call Trace: [ 326.473678] dump_stack+0x1fc/0x2ef [ 326.477322] should_fail.cold+0xa/0xf [ 326.481142] ? setup_fault_attr+0x200/0x200 [ 326.485474] ? __es_tree_search.isra.0+0x1af/0x210 [ 326.486427] erofs: unmounted for /dev/loop3 [ 326.490414] __should_failslab+0x115/0x180 [ 326.490433] should_failslab+0x5/0x10 [ 326.490448] kmem_cache_alloc+0x3f/0x370 [ 326.490466] __es_insert_extent+0x39b/0x13b0 [ 326.490492] ext4_es_insert_extent+0x22e/0x5e0 [ 326.490509] ? ext4_map_blocks+0x59f/0x1a50 [ 326.520185] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 326.526007] ext4_map_blocks+0xa2a/0x1a50 [ 326.530180] ? ext4_issue_zeroout+0x160/0x160 [ 326.534698] ? __brelse+0x84/0xa0 [ 326.538167] ? __ext4_new_inode+0x2eb/0x5a20 [ 326.542603] ext4_getblk+0xad/0x4f0 [ 326.546243] ? ext4_iomap_begin+0xe00/0xe00 [ 326.550580] ? ext4_free_inode+0x1780/0x1780 [ 326.551275] erofs: read_super, device -> /dev/loop5 [ 326.554996] ? debug_check_no_obj_freed+0x201/0x490 [ 326.555011] ? __dquot_initialize+0x298/0xb70 23:45:41 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 3) [ 326.555029] ext4_bread+0x7c/0x210 [ 326.555044] ? ext4_getblk+0x4f0/0x4f0 [ 326.555057] ? dquot_initialize_needed+0x290/0x290 [ 326.555074] ? trace_hardirqs_off+0x64/0x200 [ 326.555090] ext4_append+0x155/0x370 [ 326.555105] ext4_mkdir+0x5bd/0xe10 [ 326.555124] ? ext4_init_dot_dotdot+0x600/0x600 [ 326.581731] erofs: options -> [ 326.581964] ? generic_permission+0x116/0x4d0 [ 326.581982] ? inode_permission.part.0+0x10c/0x450 [ 326.581999] vfs_mkdir+0x508/0x7a0 [ 326.582014] do_mkdirat+0x262/0x2d0 [ 326.582028] ? __ia32_sys_mknod+0x120/0x120 [ 326.582043] ? trace_hardirqs_off_caller+0x6e/0x210 [ 326.582058] ? do_syscall_64+0x21/0x620 [ 326.582074] do_syscall_64+0xf9/0x620 [ 326.631332] erofs: root inode @ nid 36 [ 326.631851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.631865] RIP: 0033:0x7fc00fa83217 [ 326.631879] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 326.631887] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 326.631902] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 326.631910] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 326.631919] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 326.631927] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 326.631933] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 [ 326.713877] erofs: bogus i_mode (300) @ nid 36 [ 326.742341] erofs: read_super, device -> /dev/loop4 23:45:41 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:41 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:41 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000000c0)=0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0xcd, 0x7f, 0x3f, 0x2, 0x0, 0x9, 0x90012, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x10001, 0x8000000000000000}, 0x10880, 0x8, 0x6, 0x1, 0x8001, 0x0, 0x8, 0x0, 0x805c, 0x0, 0x9}, r2, 0x1, r4, 0x3) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) ioctl$BTRFS_IOC_SPACE_INFO(r5, 0xc0109414, &(0x7f0000000200)={0xc5b, 0x6, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) [ 326.773486] erofs: read_super, device -> /dev/loop2 [ 326.775435] erofs: options -> [ 326.791650] erofs: options -> [ 326.797091] erofs: root inode @ nid 36 [ 326.801131] erofs: mounted on /dev/loop4 with opts: . 23:45:41 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 32) [ 326.827777] FAULT_INJECTION: forcing a failure. [ 326.827777] name failslab, interval 1, probability 0, space 0, times 0 [ 326.831153] erofs: cannot find valid erofs superblock [ 326.859089] erofs: unmounted for /dev/loop4 [ 326.863336] CPU: 1 PID: 19256 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 326.871346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.880879] Call Trace: [ 326.883548] dump_stack+0x1fc/0x2ef [ 326.887170] should_fail.cold+0xa/0xf [ 326.890989] ? setup_fault_attr+0x200/0x200 [ 326.895303] ? lock_acquire+0x170/0x3c0 [ 326.899295] __should_failslab+0x115/0x180 [ 326.903563] should_failslab+0x5/0x10 [ 326.907364] kmem_cache_alloc+0x277/0x370 [ 326.911528] __d_alloc+0x2b/0xa10 [ 326.914986] d_alloc_pseudo+0x19/0x70 [ 326.918783] alloc_file_pseudo+0xc6/0x250 [ 326.922931] ? alloc_file+0x4d0/0x4d0 [ 326.926740] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 326.932377] ? shmem_get_inode+0x44c/0x8d0 [ 326.936611] __shmem_file_setup.part.0+0x102/0x2b0 [ 326.941542] shmem_file_setup+0x61/0x90 [ 326.945532] __se_sys_memfd_create+0x26b/0x440 [ 326.950101] ? memfd_file_seals_ptr+0x150/0x150 [ 326.954765] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 326.960119] ? trace_hardirqs_off_caller+0x6e/0x210 [ 326.965126] ? do_syscall_64+0x21/0x620 [ 326.969089] do_syscall_64+0xf9/0x620 [ 326.972882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.978054] RIP: 0033:0x7f1733ddd109 [ 326.981757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 327.000646] RSP: 002b:00007f1732751f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 327.008341] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f1733ddd109 [ 327.015618] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f1733e361be [ 327.022874] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f17327521d0 [ 327.030132] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 327.037386] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 327.064396] erofs: read_super, device -> /dev/loop3 [ 327.072644] erofs: read_super, device -> /dev/loop5 23:45:42 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 4) 23:45:42 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 327.078598] erofs: options -> [ 327.083665] erofs: root inode @ nid 36 [ 327.083702] erofs: options -> [ 327.087953] erofs: bogus i_mode (0) @ nid 36 [ 327.108080] erofs: root inode @ nid 36 [ 327.113888] erofs: mounted on /dev/loop3 with opts: . [ 327.119422] erofs: unmounted for /dev/loop3 [ 327.227388] FAULT_INJECTION: forcing a failure. [ 327.227388] name failslab, interval 1, probability 0, space 0, times 0 [ 327.241280] CPU: 0 PID: 19277 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 327.249196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.258546] Call Trace: [ 327.261152] dump_stack+0x1fc/0x2ef [ 327.264811] should_fail.cold+0xa/0xf [ 327.268628] ? setup_fault_attr+0x200/0x200 [ 327.273126] ? lock_acquire+0x170/0x3c0 [ 327.277098] __should_failslab+0x115/0x180 [ 327.281327] should_failslab+0x5/0x10 [ 327.285119] kmem_cache_alloc+0x277/0x370 [ 327.289257] __alloc_file+0x21/0x340 [ 327.292969] alloc_empty_file+0x6d/0x170 [ 327.297029] alloc_file+0x5e/0x4d0 [ 327.300577] alloc_file_pseudo+0x165/0x250 [ 327.304815] ? alloc_file+0x4d0/0x4d0 [ 327.308622] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 327.314338] ? shmem_get_inode+0x44c/0x8d0 [ 327.318563] __shmem_file_setup.part.0+0x102/0x2b0 [ 327.323496] shmem_file_setup+0x61/0x90 [ 327.327488] __se_sys_memfd_create+0x26b/0x440 [ 327.332080] ? memfd_file_seals_ptr+0x150/0x150 [ 327.336772] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 327.342131] ? trace_hardirqs_off_caller+0x6e/0x210 [ 327.347148] ? do_syscall_64+0x21/0x620 [ 327.351129] do_syscall_64+0xf9/0x620 [ 327.354929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.360103] RIP: 0033:0x7f1733ddd109 23:45:42 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 5) [ 327.363996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 327.383440] RSP: 002b:00007f1732751f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 327.391164] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f1733ddd109 [ 327.398527] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f1733e361be [ 327.405949] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f17327521d0 [ 327.413222] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 327.420489] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:42 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:42 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 327.481757] FAULT_INJECTION: forcing a failure. [ 327.481757] name failslab, interval 1, probability 0, space 0, times 0 [ 327.521917] CPU: 0 PID: 19281 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 327.529825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.539180] Call Trace: [ 327.541802] dump_stack+0x1fc/0x2ef [ 327.545451] should_fail.cold+0xa/0xf [ 327.549274] ? setup_fault_attr+0x200/0x200 [ 327.553602] ? lock_acquire+0x170/0x3c0 [ 327.557595] __should_failslab+0x115/0x180 [ 327.557719] erofs: read_super, device -> /dev/loop5 [ 327.562062] should_failslab+0x5/0x10 [ 327.562090] kmem_cache_alloc_trace+0x284/0x380 [ 327.562114] apparmor_file_alloc_security+0x394/0xad0 [ 327.562141] ? apparmor_file_receive+0x160/0x160 [ 327.584987] erofs: options -> [ 327.585632] ? __alloc_file+0x21/0x340 [ 327.585656] security_file_alloc+0x40/0x90 [ 327.585677] __alloc_file+0xd8/0x340 [ 327.589328] erofs: root inode @ nid 36 [ 327.592745] alloc_empty_file+0x6d/0x170 [ 327.592764] alloc_file+0x5e/0x4d0 [ 327.592782] alloc_file_pseudo+0x165/0x250 [ 327.592796] ? alloc_file+0x4d0/0x4d0 [ 327.592810] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 327.592825] ? shmem_get_inode+0x44c/0x8d0 [ 327.592843] __shmem_file_setup.part.0+0x102/0x2b0 [ 327.609256] erofs: bogus i_mode (0) @ nid 36 [ 327.612231] shmem_file_setup+0x61/0x90 [ 327.612249] __se_sys_memfd_create+0x26b/0x440 [ 327.612262] ? memfd_file_seals_ptr+0x150/0x150 [ 327.612277] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 327.612292] ? trace_hardirqs_off_caller+0x6e/0x210 [ 327.612308] ? do_syscall_64+0x21/0x620 [ 327.667144] do_syscall_64+0xf9/0x620 [ 327.670962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.676153] RIP: 0033:0x7f1733ddd109 [ 327.679873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 327.698907] RSP: 002b:00007f1732751f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 327.706622] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f1733ddd109 [ 327.713971] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f1733e361be [ 327.721240] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f17327521d0 [ 327.728596] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 23:45:42 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 6) [ 327.735862] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 327.746899] erofs: read_super, device -> /dev/loop2 [ 327.763792] FAULT_INJECTION: forcing a failure. [ 327.763792] name failslab, interval 1, probability 0, space 0, times 0 [ 327.773117] erofs: options -> [ 327.788166] erofs: cannot find valid erofs superblock [ 327.797944] CPU: 1 PID: 19287 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 [ 327.805945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.815307] Call Trace: [ 327.817909] dump_stack+0x1fc/0x2ef [ 327.821626] should_fail.cold+0xa/0xf [ 327.824733] FAULT_INJECTION: forcing a failure. [ 327.824733] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 327.825442] ? setup_fault_attr+0x200/0x200 [ 327.825459] ? lock_downgrade+0x720/0x720 [ 327.825476] ? check_preemption_disabled+0x41/0x280 [ 327.825497] __should_failslab+0x115/0x180 [ 327.825515] should_failslab+0x5/0x10 [ 327.825528] kmem_cache_alloc+0x277/0x370 [ 327.825543] ext4_mb_new_blocks+0x60a/0x4370 [ 327.825567] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 327.872347] ? ext4_cache_extents+0x68/0x2d0 [ 327.876762] ? ext4_find_extent+0x9bb/0xc70 [ 327.881101] ? ext4_discard_preallocations+0xfb0/0xfb0 [ 327.886376] ? ext4_ext_search_right+0x2c7/0xb60 [ 327.891241] ? ext4_inode_to_goal_block+0x2d2/0x3e0 [ 327.896265] ext4_ext_map_blocks+0x2aa2/0x7390 [ 327.900862] ? __lock_acquire+0x6de/0x3ff0 [ 327.905120] ? mark_held_locks+0xf0/0xf0 [ 327.909209] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 327.914582] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 327.919785] ? mark_held_locks+0xf0/0xf0 [ 327.923859] ? ext4_mark_iloc_dirty+0x1b0d/0x2b30 [ 327.928714] ? ext4_es_lookup_extent+0x375/0xb60 [ 327.933480] ? ext4_map_blocks+0x59f/0x1a50 [ 327.937845] ext4_map_blocks+0x7a2/0x1a50 23:45:43 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 64) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async, rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000000c0)=0x0) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0xcd, 0x7f, 0x3f, 0x2, 0x0, 0x9, 0x90012, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x10001, 0x8000000000000000}, 0x10880, 0x8, 0x6, 0x1, 0x8001, 0x0, 0x8, 0x0, 0x805c, 0x0, 0x9}, r2, 0x1, r4, 0x3) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) ioctl$BTRFS_IOC_SPACE_INFO(r5, 0xc0109414, &(0x7f0000000200)={0xc5b, 0x6, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) [ 327.942003] ? check_preemption_disabled+0x41/0x280 [ 327.947120] ? ext4_issue_zeroout+0x160/0x160 [ 327.951621] ? __brelse+0x84/0xa0 [ 327.955087] ? __ext4_new_inode+0x2eb/0x5a20 [ 327.959507] ext4_getblk+0xad/0x4f0 [ 327.963140] ? ext4_iomap_begin+0xe00/0xe00 [ 327.967497] ? ext4_free_inode+0x1780/0x1780 [ 327.971920] ? debug_check_no_obj_freed+0x201/0x490 [ 327.976946] ? __dquot_initialize+0x298/0xb70 [ 327.981459] ext4_bread+0x7c/0x210 [ 327.985104] ? ext4_getblk+0x4f0/0x4f0 [ 327.989009] ? dquot_initialize_needed+0x290/0x290 [ 327.993957] ? trace_hardirqs_off+0x64/0x200 [ 327.998369] ext4_append+0x155/0x370 [ 328.002089] ext4_mkdir+0x5bd/0xe10 [ 328.005730] ? ext4_init_dot_dotdot+0x600/0x600 [ 328.010400] ? generic_permission+0x116/0x4d0 [ 328.014898] ? inode_permission.part.0+0x10c/0x450 [ 328.019832] vfs_mkdir+0x508/0x7a0 [ 328.023388] do_mkdirat+0x262/0x2d0 [ 328.027012] ? __ia32_sys_mknod+0x120/0x120 [ 328.031334] ? trace_hardirqs_off_caller+0x6e/0x210 [ 328.036347] ? do_syscall_64+0x21/0x620 [ 328.040320] do_syscall_64+0xf9/0x620 [ 328.044150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.049343] RIP: 0033:0x7fc00fa83217 [ 328.053058] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 328.072127] RSP: 002b:00007fc00e3f8f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 328.080010] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc00fa83217 [ 328.087281] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 328.094550] RBP: 00007fc00e3f91d0 R08: 0000000000000000 R09: 00007fc00e3f91d0 [ 328.101818] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 328.109092] R13: 0000000020000100 R14: 00007fc00e3f8fe0 R15: 0000000020010a00 [ 328.116380] CPU: 0 PID: 19302 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 [ 328.124283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.133724] Call Trace: [ 328.136315] dump_stack+0x1fc/0x2ef [ 328.139957] should_fail.cold+0xa/0xf [ 328.143775] ? lock_acquire+0x170/0x3c0 [ 328.147766] ? setup_fault_attr+0x200/0x200 [ 328.152110] __alloc_pages_nodemask+0x239/0x2890 [ 328.156871] ? __lock_acquire+0x6de/0x3ff0 [ 328.161094] ? static_obj+0x50/0x50 [ 328.164814] ? __lock_acquire+0x6de/0x3ff0 [ 328.169037] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 328.173870] ? __lock_acquire+0x6de/0x3ff0 [ 328.178093] ? mark_held_locks+0xf0/0xf0 [ 328.182144] ? unwind_next_frame+0xeee/0x1400 [ 328.186646] ? mark_held_locks+0xf0/0xf0 [ 328.190692] ? deref_stack_reg+0x134/0x1d0 [ 328.194911] ? get_reg+0x176/0x1f0 [ 328.198551] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 328.204538] alloc_pages_vma+0xf2/0x780 [ 328.208516] shmem_alloc_page+0x11c/0x1f0 [ 328.212654] ? shmem_swapin+0x220/0x220 [ 328.216633] ? percpu_counter_add_batch+0x126/0x180 [ 328.221635] ? __vm_enough_memory+0x316/0x650 [ 328.226133] shmem_alloc_and_acct_page+0x15a/0x850 [ 328.231060] shmem_getpage_gfp+0x4e9/0x37f0 [ 328.235379] ? shmem_alloc_and_acct_page+0x850/0x850 [ 328.240487] ? mark_held_locks+0xa6/0xf0 [ 328.244537] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 328.249712] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 328.254902] shmem_write_begin+0xff/0x1e0 [ 328.259062] generic_perform_write+0x1f8/0x4d0 [ 328.263646] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 328.268302] ? current_time+0x1c0/0x1c0 [ 328.272268] ? lock_acquire+0x170/0x3c0 [ 328.276316] __generic_file_write_iter+0x24b/0x610 [ 328.281241] generic_file_write_iter+0x3f8/0x730 [ 328.286015] __vfs_write+0x51b/0x770 [ 328.289724] ? kernel_read+0x110/0x110 [ 328.293605] ? check_preemption_disabled+0x41/0x280 [ 328.298615] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 328.303726] vfs_write+0x1f3/0x540 [ 328.307270] __x64_sys_pwrite64+0x1f7/0x250 [ 328.311582] ? ksys_pwrite64+0x1a0/0x1a0 [ 328.315853] ? trace_hardirqs_off_caller+0x6e/0x210 [ 328.320943] ? do_syscall_64+0x21/0x620 [ 328.324908] do_syscall_64+0xf9/0x620 [ 328.328696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.333869] RIP: 0033:0x7f1733d900d7 [ 328.337566] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 328.356459] RSP: 002b:00007f1732751f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 328.364158] RAX: ffffffffffffffda RBX: 00007f1733e26a20 RCX: 00007f1733d900d7 [ 328.371413] RDX: 000000000000000f RSI: 0000000020010000 RDI: 0000000000000005 [ 328.378671] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f17327521d0 [ 328.385948] R10: 0000000000000400 R11: 0000000000000293 R12: 0000000000000005 23:45:43 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.393309] R13: 0000000000000005 R14: 0000000020000200 R15: 0000000000000000 [ 328.419196] erofs: read_super, device -> /dev/loop3 23:45:43 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.448251] erofs: options -> [ 328.452416] erofs: root inode @ nid 36 [ 328.460003] erofs: mounted on /dev/loop3 with opts: . [ 328.473847] erofs: unmounted for /dev/loop3 23:45:43 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e80300000000000000000000020000000000000000000000e831acc8d29f4b20bbe8359d20ed4b3f", 0x40, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:43 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.494508] erofs: read_super, device -> /dev/loop1 [ 328.515591] erofs: options -> [ 328.524013] erofs: cannot find valid erofs superblock 23:45:43 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.666335] erofs: read_super, device -> /dev/loop4 [ 328.701007] erofs: options -> [ 328.725172] erofs: root inode @ nid 36 [ 328.736005] erofs: mounted on /dev/loop4 with opts: . [ 328.750835] erofs: read_super, device -> /dev/loop5 23:45:43 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.779529] erofs: read_super, device -> /dev/loop3 [ 328.799469] erofs: options -> [ 328.800526] erofs: read_super, device -> /dev/loop2 [ 328.806044] erofs: root inode @ nid 36 [ 328.817124] erofs: options -> [ 328.817139] erofs: unmounted for /dev/loop4 [ 328.820383] erofs: options -> [ 328.825388] erofs: bogus i_mode (0) @ nid 36 [ 328.831521] erofs: read_super, device -> /dev/loop1 [ 328.837727] erofs: options -> [ 328.838335] erofs: cannot find valid erofs superblock [ 328.847567] erofs: root inode @ nid 36 [ 328.852573] erofs: mounted on /dev/loop3 with opts: . [ 328.858670] erofs: root inode @ nid 36 [ 328.863656] erofs: mounted on /dev/loop1 with opts: . [ 328.870626] erofs: unmounted for /dev/loop3 23:45:43 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 328.895279] erofs: unmounted for /dev/loop1 23:45:43 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c9, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:44 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, 0x0) [ 329.017382] erofs: read_super, device -> /dev/loop4 [ 329.029636] erofs: options -> [ 329.039562] erofs: root inode @ nid 36 [ 329.045493] erofs: mounted on /dev/loop4 with opts: . 23:45:44 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.089352] erofs: read_super, device -> /dev/loop5 [ 329.104313] erofs: options -> 23:45:44 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.160279] erofs: read_super, device -> /dev/loop3 [ 329.164675] erofs: cannot find valid erofs superblock [ 329.176182] erofs: options -> [ 329.179658] erofs: unmounted for /dev/loop4 [ 329.190225] erofs: root inode @ nid 36 [ 329.195738] erofs: mounted on /dev/loop3 with opts: . [ 329.203809] erofs: unmounted for /dev/loop3 23:45:44 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async, rerun: 32) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 32) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000000c0)=0x0) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) (async, rerun: 64) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0xcd, 0x7f, 0x3f, 0x2, 0x0, 0x9, 0x90012, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x10001, 0x8000000000000000}, 0x10880, 0x8, 0x6, 0x1, 0x8001, 0x0, 0x8, 0x0, 0x805c, 0x0, 0x9}, r2, 0x1, r4, 0x3) (rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) ioctl$BTRFS_IOC_SPACE_INFO(r5, 0xc0109414, &(0x7f0000000200)={0xc5b, 0x6, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) 23:45:44 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, 0x0) 23:45:44 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3ca, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:44 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.353512] erofs: read_super, device -> /dev/loop1 [ 329.363846] erofs: options -> [ 329.367564] erofs: root inode @ nid 36 [ 329.379632] erofs: read_super, device -> /dev/loop4 [ 329.396006] erofs: mounted on /dev/loop1 with opts: . 23:45:44 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setreuid(0x0, r1) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1bb, 0x3, &(0x7f0000001280)=[{&(0x7f0000000200)="6483b0a7c2b368233680f44a015c1fda1aa28df7cf2750f20b1abf377ec376b1ef5a98abe27868062341fa742ae1c585490f26e917799adafd83da057966de9f446e284b44eeda78392168", 0x4b, 0x8000000000000001}, {&(0x7f0000000280)="56a6b7c4be6a54fe059519857dd2f8aa469bf131749dfa5849433c36413bd89fa2c0aa0234ee24e5fca069ce44f5761d8471868b8f1c2b7a7985c7c8d4f0de327310f1b1bbf917c220ebc485b690c43275aae3095a3b1c5a5e57f89804552920d40f8215c9937e0efff1a435ee341d394c33b64de0a0f50b495c96608f7ea9c3e16eb955459b53d0a6712c00a005e798f26c7e5b42ad27c8b449d27c957768d0356cfb93f757eb140e13cb9943211469d6756f4dbaf208f59f425703c03110c79147d5b673b8c5e0241bec565d5922b446d0387cc7c76b097ee5ff233d0f5070f2d53492fdb208c4e6fa69be983503f9af9a7df4db4b91ad304cf5a38f6e439a79c11e35c027f0f63f1bf985eefe0cb19ab115f327f8db8ba9f49ea4ace6d612071827c559fc81f76cce012c86b7aaaed442893b28059128fa67068719944d0751c9971f28a3556f2197c80a7c14b6d014cccec50c69515516df5b079b437462cd32a106ad1263f2fa3ac2167e308553eca31f836bb957ad9a3d615f50bda0cc58b752313d8a7d882e7fd68863f61c1f33d9a48fb9326c65e4d611a5b62549530172f9e9e497a5c7a96ba2b55ee5abcafd1bf99808f652f1bb771d07e6348bd2036d937e9356c8fc71b2efd3da062991916eea7cd622f5daf0451c7e72bd40a565869b017dfcd9179136048dad01bf82087971ce2d0a1c08ef5447634357c71b8a608b7d972e26e1e3149859273f16064ee2e455b5b471f2535ff613287bf5dcd9eaa3200de62f5a4e20a68efe4591b98b6f1f4b075371abd932544b3bada0c1276f1c86bf030a0b8ed9074bf541e091f62b42d140911e11dc8b3fb24567690c76cc908d30616756ea3064d9d993eebafebf6415a3a76aac353670035156d0281397a65472909f534d040ba654c7da253ede42e14d6905f60df548aa7942288f30258a6089d0f58d50a95cc7367a57befee57c532401f1031ea203a60b88057fd97f30c32c860552e260ad0c3b046dd705b9bb741e8861115908137f5283c90bff4bc3301829f39b4b1d46bc8459553312e3e2ddafa5c48e6163b2990516d2f4ef030c6825181f2a1bbaed8a8557c19e91faae466f9f23c5243b17598b3707a74d2498580d7b95960d3fb6536d4a303cac11676ae879efad404e43e39d4eb5838ec0021dfd0f1757a542f0ed813fa7505ba564f8d251b03b58847c96ba39dc5952146102f831885d2cd5102eb0521803bd8cbfb7850bed114b89d411bfb0a6f5d32684bd11249fd77b3763f7bafc05a46a9cd3ce5904b89abb548b253ba1ce2cefd5fe6b85a3d9268ed600c5be2f123d5cffea97cada250c6dacb1f80baadd25f19feb296588f3ec3ee1b881d791dbf222f9039c7d83349f8f44bffec9dbd1c68f58ebf9fe9b108f912f9176756ea3fde4a4db7c62858ed8725dc2fde1cdad57a60bcdc774556c6ef90419117fb0e1cf10e89c155e770adba239c1d4bf102ac50b2578419c379c9478130ef15fb5c9991638a16f7a025585dc29be2810adf095c24813e466c29181e444dcf1e55dd1bdfd008e3028191706abeda53344485b31b0e722fb26f832934ff0dea3d6d0402b3c376a17b76a24dbbd23e938aaa52ff2ed61adcd9db4663c31f118d35651693165f3718b1083d07809cf839ea45bbe2c13862392d164104773c29f81661c33c45831a73efda3b4b5b1cd88452c283c8909ec8c1af83131103cd2858a8bf965dce455b58ed1d0352922afe40ad8a7b9ee8ac84e762c1cd681a39aeb13c5a4010fa5d13a386203921e85dada0ab89efed4226f05644d5712df81cf24f978398cab3c225ff2c866588b11fcab2599842fbb4e41abc89b64caec3b4f46fcd82de8307fc79996c9fe49f69d8b93607528c0c8e4d968b9986e9ea1a322e6428166e10279a525c2892b50f2e497dee108b752c0c10a68b349484433c199782b8b06e6ec2c5e2e929b49bd56ce674969dbdd778d4fd58f78934d01311b74765683dae1db0355cc95468d62a68a75d5b6220cd5f7f267106f9b28da76baf9bc04de4cab19d1777ef5e3819f68cbf05859bb437686d9ba34a0708501e18ac2fc3898452cf915c9a31126e6427c9a10e3453a31ee39026912c7b370a7b06086a69e07dd4b238b5d97a77ae5b691d52fc027b594d0f0e4a43dbfdb3c2920f4859f993acbdb5ad30c06cf3f7363808c32c72fa4565e7e4b284cc57abc52976cc97d82b6747652b552dd284cd0035930fb4d0fd8a9f477896ac09832da8ddb252e0208ce1925a56dc056ca3e274610fe6620c7102ebe870e476d9a17f69949f6fea85d91e98762a95d1fc72b5323e66d836d373bb6cbf211a5a0cbc938de366adc58a91fa4768ec6f0440a7be9d3dd5bd99c87047370a42316393358d70e47eb6667bb13f3c9d2f880983889b32f8663602d014d397e5c01f373a5ed1515ef59aa942e29fb6eb2bd44d1ec0a9461bf0473faa7dec737195bc29641c68d22746eb2e43a96a463532c74f5234a83e8b17fe4254bfac5095faaaeef680b8a2c2a5475b12643e85829218ce33a6390f1dbee7ccbccc17655e5466027ff017083a05211bd5229093243d300b61e96afe5754650d456296f63011a03c80a452251a7f41c0e13b4d9b99949c3a2239cc4f913b50038bba7cced48147325a4225107c8df235f98009ddafbaa6e3936017081aa45a22342e2c0a5d5a45426bb2bf53f5f36b380466424e64ab9ab3b69c9132e7bc2fd3dced1e06d5b682ea9dd79198a7600411c1eeee576ea4a49d9c35ea8caf2dec9476f7265b48bdc6033e180cde6f020db8bb8073426aabb30850feeab6be356a3146f0ca189be874dbc65390bc67c337bca7e81c0a33b6e2758ddce2933adea436906466b9c55bb3ce3904c25faa3ab3be90397a6dfdbd729a4d3eaabf3f71aacce6c6ab96e32e3552c53c065717c9deab56312ed6f6baeea724ee544ec1eb13557f884174235ade6c76a8e3d6045fcecefdb347493ef5eb2aa42effcb427d7b443c4a784ca9d3e86837e5fc6e4ed98559972878226c0541b42641786d194fba65304ee5f1b2623f633b4f25407ee74c324d9b759125a28827d728b2f4f705a83c358f0599c6fb47a436d4457ee53aac4050be7f785db1cbef9e805c02a88dc20092d4dac6d8431b7e3f0baf8f2c1f18726d959f9c85de9fc285f35a4b454738d13c76fd227374f5bfb4f47cde1d5c0af4c3314832f4faecc58374e0ce92156d003cef1f264c752a85ab0b4dc701e1451ff7cfa103e94d554756c447bac5d04d83d363d1502e0cf4ace91e8009b4ca2aedbf868d86b2c76b44137e8212475f09891932b4907cb2e452b38db08b85bd19570ed9ce86b6fa9a20a12ee77efdf2a2138e9a03ed43d9e4e1ab6cd1b26099c88db86adffadec2a21c1e60f50a1d36a63225ae9dc686d217c1a43d59b2623a6b9f97c0d20a3ef27da14c964d7c94d3e481a4d491b5a2d5df08cc395dcd7438c69967732a9f2e532579de0323d6aa453e380acd8d43f9a4e41631c390c8809ab3cb809cb27a717f26beee4603ba3386314c90999ffcf6cb10fb754557504ea07f3d478ec551de1e28bc5c4637549a3d3fe7e1e1382df977d58a9d151d882e96372eef1b468dcaf102b6cb8597fcf4fe85cc171e2ae9b1bf50935f63a2a6bcc398f91446b63c0be11545abd3c54e4f2f0b61ee89af197f379321a7b43ae9e58f1ba161353cf8476f28622f9620fb5a39e3a9bb759383d27ab8c335637e81b9a1b1324d0907f19ab6642210562c11341b66bf545401b3290415674814c80cc3fbe20c734475848165793caff87c2bad859fdb17d94505550d6ef44a307c41dc63a2e244fc2dc0ab8df08337cbf4a04aff8cf2e3dfbfd47316cb6d6fda6172b02faed56082ffe9594b590a67aa20aa184b0fe40a669e64ecb0e2620e038682917fb87ee8162ac59f7ee2f824284a4e55f6eca4cc5d188c5d15b26f8091b52c9f368d90a6516995dfb567740ae917b615f096ca03b9e22ed0e67f41b26b14c40c0d60f351b6baa0b84171d686b9aee7fdf5a4c570017929a0f190ca4a18a1e2aa5a23ce9336bca4145bfd26a68872cd0f428f4890805b897d61e4c37d7d6d32ecaf59eb795c797cd137b21f877d1e3451f73584961e69260e8f634d40a06fe0db5ef91645d1eac48a845838d5da370f6bcd750b3f37d4f24765b82cca508401d8b6dc9ea4e6600c0fef3e101321bf6a447e77318c48d971aa907fabf0198e653a138d356db3da9e971522d9de54d48ea95651c473fe5976cb611cfd47b16c92d473da97a4ec70cd675a523ef85b802b6686016d5379cbcd9b7e87bf2181f5ce872c804417f6ec46df829f9072b4785f61dd6e985e23a5533ac3cba9379bb1a850c9bc2766b63463ae07955d97c625484a4d5a018cf1a3b17bd94ce72bde09ed886d32ec4435634747d9bdfd10717d3c2fda3205afcb54a61bf9e69a3bc410a16336716e53e70e268a7018b059156a6221626b70f9a4463b3c21db11732a23daf7faf059cb5c4a651713d50f1115eeaf0fd6b0e7afe4fb59fc1db60fed10b41c9e777ed6307c202c516fd7e7c2eb5bde3bcc609814387a4276b8b2737391b3691bf5a0b43a844a74280eb280021c2ac27090c2d1996f66f3a2bc8c7afe9651a87a8b62d508f982daec34adbcf5c3dd0a18744ef270f9f1d5dad64eac7f749d5c8f09785659814a775b8bf1bf8b263230be042f6423d7cb6f5daaefff6ae427288f00b2cf1b5e1d0eae93de23536845c9e350bdc68df52b1114806993512e48c6c802cc3217a7b743305ec1610f762c6fd47511ff395cc1b05cfa494e8ec59e1c72bd6ad8671961345b836df173537a26920a0075284605df0cf9c1db1b7dd9767f9255bd27b444fe8cae0861db121211d0acb0605b4485fb66b7ee2f17c2f898f923a5541e5c891fb5f9446c886fedc36f1db00f569c059d9e46334555301e387d95a7e9e49db54b7a38d839e091c60550418a46d293ba49038b5bf32061fcf61179b708b38423e1880ae562453595bd75ef86920cedebca30a461681d79c5b5c0e502e3d8d0f5f1c508e661de2eeee1db063af4af32f2e507db37f1c9098b6c443b399d17fe7652747084be543f62c08ed0d526bd64d4d87fbb9115d4bffb1a3dbdf862a30ec2926b76cf61fed159bf4cd9602fbbe37552b1b80df2f2f534a39c64b929e62593a132fc8acbf307250ff9e145c8fc1c6c9bf8272c958d24fbdaf05e21673b5ca9b3d69247599130c613b3c9a3e2aedb75b0d7c995344fd50faa8f038904a5ce8bcdd514a4fe90950f28732b39552f6302a509ac83702099014109d08c13f664b2901db6f69c6abf924f9ae906a18e3ac8e17d555a4b64147cce0040ab55932cf8c16cd88a7d091f010cdcd25156fdbeee200f3e0ad272f9522434e4c5c71e2d1a4d2a088c244369580172218d272c53136cba777c69f38187fad77bca7588e9a71af3ba5b3a0de3cbfc0d171cd30c8ef2290f00eb8344b5e7ed5be1b5de10404fb10d1d7896e9b1ca138e7ca0695c94d4ad68ba233ed69c3de8c8c52fc9a0f65ad0eeb37789192535f2a7bbd8dd01a194e14c12ebe5a01a2fb410aca06127192b1b3fc64a7ffdc2eeef2bae14bf6c666dbe444035a887ea078e26800bbb9a661ea61f993a94aa6c44e41f90f2c261677ee8b82e5333c43eb171d5ddf3906e80975e38679e06d3aacfa34b0a55a459fc43bf89ef92120a443601d1f0962e55d329459f75b7255d86364d6ab0b1069a29286f894", 0x1000, 0x100000001}, {&(0x7f00000000c0)="67fb376ce9429439a934250ccb141e4f42c5323caa8836d5dd16461a1d5971a0b61b4e", 0x23, 0x1}], 0x8, &(0x7f0000001300)={[{@resuid={'resuid', 0x3d, r1}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5eadfbf8}}, {@lazytime}, {@delalloc}, {@data_journal}, {@noacl}], [{@fowner_lt={'fowner<', 0xee01}}, {@smackfshat}, {@measure}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@subj_user={'subj_user', 0x3d, '^\\!$'}}, {@subj_user={'subj_user', 0x3d, '{.*'}}, {@dont_hash}, {@smackfsfloor}]}) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 329.412078] erofs: options -> [ 329.420531] erofs: root inode @ nid 36 [ 329.429554] erofs: unmounted for /dev/loop1 [ 329.443561] erofs: mounted on /dev/loop4 with opts: . 23:45:44 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setreuid(0x0, r1) (async) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1bb, 0x3, &(0x7f0000001280)=[{&(0x7f0000000200)="6483b0a7c2b368233680f44a015c1fda1aa28df7cf2750f20b1abf377ec376b1ef5a98abe27868062341fa742ae1c585490f26e917799adafd83da057966de9f446e284b44eeda78392168", 0x4b, 0x8000000000000001}, {&(0x7f0000000280)="56a6b7c4be6a54fe059519857dd2f8aa469bf131749dfa5849433c36413bd89fa2c0aa0234ee24e5fca069ce44f5761d8471868b8f1c2b7a7985c7c8d4f0de327310f1b1bbf917c220ebc485b690c43275aae3095a3b1c5a5e57f89804552920d40f8215c9937e0efff1a435ee341d394c33b64de0a0f50b495c96608f7ea9c3e16eb955459b53d0a6712c00a005e798f26c7e5b42ad27c8b449d27c957768d0356cfb93f757eb140e13cb9943211469d6756f4dbaf208f59f425703c03110c79147d5b673b8c5e0241bec565d5922b446d0387cc7c76b097ee5ff233d0f5070f2d53492fdb208c4e6fa69be983503f9af9a7df4db4b91ad304cf5a38f6e439a79c11e35c027f0f63f1bf985eefe0cb19ab115f327f8db8ba9f49ea4ace6d612071827c559fc81f76cce012c86b7aaaed442893b28059128fa67068719944d0751c9971f28a3556f2197c80a7c14b6d014cccec50c69515516df5b079b437462cd32a106ad1263f2fa3ac2167e308553eca31f836bb957ad9a3d615f50bda0cc58b752313d8a7d882e7fd68863f61c1f33d9a48fb9326c65e4d611a5b62549530172f9e9e497a5c7a96ba2b55ee5abcafd1bf99808f652f1bb771d07e6348bd2036d937e9356c8fc71b2efd3da062991916eea7cd622f5daf0451c7e72bd40a565869b017dfcd9179136048dad01bf82087971ce2d0a1c08ef5447634357c71b8a608b7d972e26e1e3149859273f16064ee2e455b5b471f2535ff613287bf5dcd9eaa3200de62f5a4e20a68efe4591b98b6f1f4b075371abd932544b3bada0c1276f1c86bf030a0b8ed9074bf541e091f62b42d140911e11dc8b3fb24567690c76cc908d30616756ea3064d9d993eebafebf6415a3a76aac353670035156d0281397a65472909f534d040ba654c7da253ede42e14d6905f60df548aa7942288f30258a6089d0f58d50a95cc7367a57befee57c532401f1031ea203a60b88057fd97f30c32c860552e260ad0c3b046dd705b9bb741e8861115908137f5283c90bff4bc3301829f39b4b1d46bc8459553312e3e2ddafa5c48e6163b2990516d2f4ef030c6825181f2a1bbaed8a8557c19e91faae466f9f23c5243b17598b3707a74d2498580d7b95960d3fb6536d4a303cac11676ae879efad404e43e39d4eb5838ec0021dfd0f1757a542f0ed813fa7505ba564f8d251b03b58847c96ba39dc5952146102f831885d2cd5102eb0521803bd8cbfb7850bed114b89d411bfb0a6f5d32684bd11249fd77b3763f7bafc05a46a9cd3ce5904b89abb548b253ba1ce2cefd5fe6b85a3d9268ed600c5be2f123d5cffea97cada250c6dacb1f80baadd25f19feb296588f3ec3ee1b881d791dbf222f9039c7d83349f8f44bffec9dbd1c68f58ebf9fe9b108f912f9176756ea3fde4a4db7c62858ed8725dc2fde1cdad57a60bcdc774556c6ef90419117fb0e1cf10e89c155e770adba239c1d4bf102ac50b2578419c379c9478130ef15fb5c9991638a16f7a025585dc29be2810adf095c24813e466c29181e444dcf1e55dd1bdfd008e3028191706abeda53344485b31b0e722fb26f832934ff0dea3d6d0402b3c376a17b76a24dbbd23e938aaa52ff2ed61adcd9db4663c31f118d35651693165f3718b1083d07809cf839ea45bbe2c13862392d164104773c29f81661c33c45831a73efda3b4b5b1cd88452c283c8909ec8c1af83131103cd2858a8bf965dce455b58ed1d0352922afe40ad8a7b9ee8ac84e762c1cd681a39aeb13c5a4010fa5d13a386203921e85dada0ab89efed4226f05644d5712df81cf24f978398cab3c225ff2c866588b11fcab2599842fbb4e41abc89b64caec3b4f46fcd82de8307fc79996c9fe49f69d8b93607528c0c8e4d968b9986e9ea1a322e6428166e10279a525c2892b50f2e497dee108b752c0c10a68b349484433c199782b8b06e6ec2c5e2e929b49bd56ce674969dbdd778d4fd58f78934d01311b74765683dae1db0355cc95468d62a68a75d5b6220cd5f7f267106f9b28da76baf9bc04de4cab19d1777ef5e3819f68cbf05859bb437686d9ba34a0708501e18ac2fc3898452cf915c9a31126e6427c9a10e3453a31ee39026912c7b370a7b06086a69e07dd4b238b5d97a77ae5b691d52fc027b594d0f0e4a43dbfdb3c2920f4859f993acbdb5ad30c06cf3f7363808c32c72fa4565e7e4b284cc57abc52976cc97d82b6747652b552dd284cd0035930fb4d0fd8a9f477896ac09832da8ddb252e0208ce1925a56dc056ca3e274610fe6620c7102ebe870e476d9a17f69949f6fea85d91e98762a95d1fc72b5323e66d836d373bb6cbf211a5a0cbc938de366adc58a91fa4768ec6f0440a7be9d3dd5bd99c87047370a42316393358d70e47eb6667bb13f3c9d2f880983889b32f8663602d014d397e5c01f373a5ed1515ef59aa942e29fb6eb2bd44d1ec0a9461bf0473faa7dec737195bc29641c68d22746eb2e43a96a463532c74f5234a83e8b17fe4254bfac5095faaaeef680b8a2c2a5475b12643e85829218ce33a6390f1dbee7ccbccc17655e5466027ff017083a05211bd5229093243d300b61e96afe5754650d456296f63011a03c80a452251a7f41c0e13b4d9b99949c3a2239cc4f913b50038bba7cced48147325a4225107c8df235f98009ddafbaa6e3936017081aa45a22342e2c0a5d5a45426bb2bf53f5f36b380466424e64ab9ab3b69c9132e7bc2fd3dced1e06d5b682ea9dd79198a7600411c1eeee576ea4a49d9c35ea8caf2dec9476f7265b48bdc6033e180cde6f020db8bb8073426aabb30850feeab6be356a3146f0ca189be874dbc65390bc67c337bca7e81c0a33b6e2758ddce2933adea436906466b9c55bb3ce3904c25faa3ab3be90397a6dfdbd729a4d3eaabf3f71aacce6c6ab96e32e3552c53c065717c9deab56312ed6f6baeea724ee544ec1eb13557f884174235ade6c76a8e3d6045fcecefdb347493ef5eb2aa42effcb427d7b443c4a784ca9d3e86837e5fc6e4ed98559972878226c0541b42641786d194fba65304ee5f1b2623f633b4f25407ee74c324d9b759125a28827d728b2f4f705a83c358f0599c6fb47a436d4457ee53aac4050be7f785db1cbef9e805c02a88dc20092d4dac6d8431b7e3f0baf8f2c1f18726d959f9c85de9fc285f35a4b454738d13c76fd227374f5bfb4f47cde1d5c0af4c3314832f4faecc58374e0ce92156d003cef1f264c752a85ab0b4dc701e1451ff7cfa103e94d554756c447bac5d04d83d363d1502e0cf4ace91e8009b4ca2aedbf868d86b2c76b44137e8212475f09891932b4907cb2e452b38db08b85bd19570ed9ce86b6fa9a20a12ee77efdf2a2138e9a03ed43d9e4e1ab6cd1b26099c88db86adffadec2a21c1e60f50a1d36a63225ae9dc686d217c1a43d59b2623a6b9f97c0d20a3ef27da14c964d7c94d3e481a4d491b5a2d5df08cc395dcd7438c69967732a9f2e532579de0323d6aa453e380acd8d43f9a4e41631c390c8809ab3cb809cb27a717f26beee4603ba3386314c90999ffcf6cb10fb754557504ea07f3d478ec551de1e28bc5c4637549a3d3fe7e1e1382df977d58a9d151d882e96372eef1b468dcaf102b6cb8597fcf4fe85cc171e2ae9b1bf50935f63a2a6bcc398f91446b63c0be11545abd3c54e4f2f0b61ee89af197f379321a7b43ae9e58f1ba161353cf8476f28622f9620fb5a39e3a9bb759383d27ab8c335637e81b9a1b1324d0907f19ab6642210562c11341b66bf545401b3290415674814c80cc3fbe20c734475848165793caff87c2bad859fdb17d94505550d6ef44a307c41dc63a2e244fc2dc0ab8df08337cbf4a04aff8cf2e3dfbfd47316cb6d6fda6172b02faed56082ffe9594b590a67aa20aa184b0fe40a669e64ecb0e2620e038682917fb87ee8162ac59f7ee2f824284a4e55f6eca4cc5d188c5d15b26f8091b52c9f368d90a6516995dfb567740ae917b615f096ca03b9e22ed0e67f41b26b14c40c0d60f351b6baa0b84171d686b9aee7fdf5a4c570017929a0f190ca4a18a1e2aa5a23ce9336bca4145bfd26a68872cd0f428f4890805b897d61e4c37d7d6d32ecaf59eb795c797cd137b21f877d1e3451f73584961e69260e8f634d40a06fe0db5ef91645d1eac48a845838d5da370f6bcd750b3f37d4f24765b82cca508401d8b6dc9ea4e6600c0fef3e101321bf6a447e77318c48d971aa907fabf0198e653a138d356db3da9e971522d9de54d48ea95651c473fe5976cb611cfd47b16c92d473da97a4ec70cd675a523ef85b802b6686016d5379cbcd9b7e87bf2181f5ce872c804417f6ec46df829f9072b4785f61dd6e985e23a5533ac3cba9379bb1a850c9bc2766b63463ae07955d97c625484a4d5a018cf1a3b17bd94ce72bde09ed886d32ec4435634747d9bdfd10717d3c2fda3205afcb54a61bf9e69a3bc410a16336716e53e70e268a7018b059156a6221626b70f9a4463b3c21db11732a23daf7faf059cb5c4a651713d50f1115eeaf0fd6b0e7afe4fb59fc1db60fed10b41c9e777ed6307c202c516fd7e7c2eb5bde3bcc609814387a4276b8b2737391b3691bf5a0b43a844a74280eb280021c2ac27090c2d1996f66f3a2bc8c7afe9651a87a8b62d508f982daec34adbcf5c3dd0a18744ef270f9f1d5dad64eac7f749d5c8f09785659814a775b8bf1bf8b263230be042f6423d7cb6f5daaefff6ae427288f00b2cf1b5e1d0eae93de23536845c9e350bdc68df52b1114806993512e48c6c802cc3217a7b743305ec1610f762c6fd47511ff395cc1b05cfa494e8ec59e1c72bd6ad8671961345b836df173537a26920a0075284605df0cf9c1db1b7dd9767f9255bd27b444fe8cae0861db121211d0acb0605b4485fb66b7ee2f17c2f898f923a5541e5c891fb5f9446c886fedc36f1db00f569c059d9e46334555301e387d95a7e9e49db54b7a38d839e091c60550418a46d293ba49038b5bf32061fcf61179b708b38423e1880ae562453595bd75ef86920cedebca30a461681d79c5b5c0e502e3d8d0f5f1c508e661de2eeee1db063af4af32f2e507db37f1c9098b6c443b399d17fe7652747084be543f62c08ed0d526bd64d4d87fbb9115d4bffb1a3dbdf862a30ec2926b76cf61fed159bf4cd9602fbbe37552b1b80df2f2f534a39c64b929e62593a132fc8acbf307250ff9e145c8fc1c6c9bf8272c958d24fbdaf05e21673b5ca9b3d69247599130c613b3c9a3e2aedb75b0d7c995344fd50faa8f038904a5ce8bcdd514a4fe90950f28732b39552f6302a509ac83702099014109d08c13f664b2901db6f69c6abf924f9ae906a18e3ac8e17d555a4b64147cce0040ab55932cf8c16cd88a7d091f010cdcd25156fdbeee200f3e0ad272f9522434e4c5c71e2d1a4d2a088c244369580172218d272c53136cba777c69f38187fad77bca7588e9a71af3ba5b3a0de3cbfc0d171cd30c8ef2290f00eb8344b5e7ed5be1b5de10404fb10d1d7896e9b1ca138e7ca0695c94d4ad68ba233ed69c3de8c8c52fc9a0f65ad0eeb37789192535f2a7bbd8dd01a194e14c12ebe5a01a2fb410aca06127192b1b3fc64a7ffdc2eeef2bae14bf6c666dbe444035a887ea078e26800bbb9a661ea61f993a94aa6c44e41f90f2c261677ee8b82e5333c43eb171d5ddf3906e80975e38679e06d3aacfa34b0a55a459fc43bf89ef92120a443601d1f0962e55d329459f75b7255d86364d6ab0b1069a29286f894", 0x1000, 0x100000001}, {&(0x7f00000000c0)="67fb376ce9429439a934250ccb141e4f42c5323caa8836d5dd16461a1d5971a0b61b4e", 0x23, 0x1}], 0x8, &(0x7f0000001300)={[{@resuid={'resuid', 0x3d, r1}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5eadfbf8}}, {@lazytime}, {@delalloc}, {@data_journal}, {@noacl}], [{@fowner_lt={'fowner<', 0xee01}}, {@smackfshat}, {@measure}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@subj_user={'subj_user', 0x3d, '^\\!$'}}, {@subj_user={'subj_user', 0x3d, '{.*'}}, {@dont_hash}, {@smackfsfloor}]}) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:44 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, 0x0) 23:45:44 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.536952] erofs: read_super, device -> /dev/loop3 [ 329.542319] erofs: options -> [ 329.545759] erofs: root inode @ nid 36 [ 329.561311] erofs: read_super, device -> /dev/loop5 [ 329.574140] erofs: mounted on /dev/loop3 with opts: . [ 329.577705] erofs: options -> [ 329.579896] erofs: unmounted for /dev/loop4 23:45:44 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.587077] erofs: cannot find valid erofs superblock [ 329.598061] erofs: unmounted for /dev/loop3 23:45:44 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.728334] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 329.736359] erofs: read_super, device -> /dev/loop1 [ 329.750778] erofs: options -> [ 329.756154] erofs: root inode @ nid 36 [ 329.761271] erofs: mounted on /dev/loop1 with opts: . [ 329.774692] erofs: unmounted for /dev/loop1 [ 329.801353] erofs: read_super, device -> /dev/loop4 23:45:44 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setreuid(0x0, r1) (async) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1bb, 0x3, &(0x7f0000001280)=[{&(0x7f0000000200)="6483b0a7c2b368233680f44a015c1fda1aa28df7cf2750f20b1abf377ec376b1ef5a98abe27868062341fa742ae1c585490f26e917799adafd83da057966de9f446e284b44eeda78392168", 0x4b, 0x8000000000000001}, {&(0x7f0000000280)="56a6b7c4be6a54fe059519857dd2f8aa469bf131749dfa5849433c36413bd89fa2c0aa0234ee24e5fca069ce44f5761d8471868b8f1c2b7a7985c7c8d4f0de327310f1b1bbf917c220ebc485b690c43275aae3095a3b1c5a5e57f89804552920d40f8215c9937e0efff1a435ee341d394c33b64de0a0f50b495c96608f7ea9c3e16eb955459b53d0a6712c00a005e798f26c7e5b42ad27c8b449d27c957768d0356cfb93f757eb140e13cb9943211469d6756f4dbaf208f59f425703c03110c79147d5b673b8c5e0241bec565d5922b446d0387cc7c76b097ee5ff233d0f5070f2d53492fdb208c4e6fa69be983503f9af9a7df4db4b91ad304cf5a38f6e439a79c11e35c027f0f63f1bf985eefe0cb19ab115f327f8db8ba9f49ea4ace6d612071827c559fc81f76cce012c86b7aaaed442893b28059128fa67068719944d0751c9971f28a3556f2197c80a7c14b6d014cccec50c69515516df5b079b437462cd32a106ad1263f2fa3ac2167e308553eca31f836bb957ad9a3d615f50bda0cc58b752313d8a7d882e7fd68863f61c1f33d9a48fb9326c65e4d611a5b62549530172f9e9e497a5c7a96ba2b55ee5abcafd1bf99808f652f1bb771d07e6348bd2036d937e9356c8fc71b2efd3da062991916eea7cd622f5daf0451c7e72bd40a565869b017dfcd9179136048dad01bf82087971ce2d0a1c08ef5447634357c71b8a608b7d972e26e1e3149859273f16064ee2e455b5b471f2535ff613287bf5dcd9eaa3200de62f5a4e20a68efe4591b98b6f1f4b075371abd932544b3bada0c1276f1c86bf030a0b8ed9074bf541e091f62b42d140911e11dc8b3fb24567690c76cc908d30616756ea3064d9d993eebafebf6415a3a76aac353670035156d0281397a65472909f534d040ba654c7da253ede42e14d6905f60df548aa7942288f30258a6089d0f58d50a95cc7367a57befee57c532401f1031ea203a60b88057fd97f30c32c860552e260ad0c3b046dd705b9bb741e8861115908137f5283c90bff4bc3301829f39b4b1d46bc8459553312e3e2ddafa5c48e6163b2990516d2f4ef030c6825181f2a1bbaed8a8557c19e91faae466f9f23c5243b17598b3707a74d2498580d7b95960d3fb6536d4a303cac11676ae879efad404e43e39d4eb5838ec0021dfd0f1757a542f0ed813fa7505ba564f8d251b03b58847c96ba39dc5952146102f831885d2cd5102eb0521803bd8cbfb7850bed114b89d411bfb0a6f5d32684bd11249fd77b3763f7bafc05a46a9cd3ce5904b89abb548b253ba1ce2cefd5fe6b85a3d9268ed600c5be2f123d5cffea97cada250c6dacb1f80baadd25f19feb296588f3ec3ee1b881d791dbf222f9039c7d83349f8f44bffec9dbd1c68f58ebf9fe9b108f912f9176756ea3fde4a4db7c62858ed8725dc2fde1cdad57a60bcdc774556c6ef90419117fb0e1cf10e89c155e770adba239c1d4bf102ac50b2578419c379c9478130ef15fb5c9991638a16f7a025585dc29be2810adf095c24813e466c29181e444dcf1e55dd1bdfd008e3028191706abeda53344485b31b0e722fb26f832934ff0dea3d6d0402b3c376a17b76a24dbbd23e938aaa52ff2ed61adcd9db4663c31f118d35651693165f3718b1083d07809cf839ea45bbe2c13862392d164104773c29f81661c33c45831a73efda3b4b5b1cd88452c283c8909ec8c1af83131103cd2858a8bf965dce455b58ed1d0352922afe40ad8a7b9ee8ac84e762c1cd681a39aeb13c5a4010fa5d13a386203921e85dada0ab89efed4226f05644d5712df81cf24f978398cab3c225ff2c866588b11fcab2599842fbb4e41abc89b64caec3b4f46fcd82de8307fc79996c9fe49f69d8b93607528c0c8e4d968b9986e9ea1a322e6428166e10279a525c2892b50f2e497dee108b752c0c10a68b349484433c199782b8b06e6ec2c5e2e929b49bd56ce674969dbdd778d4fd58f78934d01311b74765683dae1db0355cc95468d62a68a75d5b6220cd5f7f267106f9b28da76baf9bc04de4cab19d1777ef5e3819f68cbf05859bb437686d9ba34a0708501e18ac2fc3898452cf915c9a31126e6427c9a10e3453a31ee39026912c7b370a7b06086a69e07dd4b238b5d97a77ae5b691d52fc027b594d0f0e4a43dbfdb3c2920f4859f993acbdb5ad30c06cf3f7363808c32c72fa4565e7e4b284cc57abc52976cc97d82b6747652b552dd284cd0035930fb4d0fd8a9f477896ac09832da8ddb252e0208ce1925a56dc056ca3e274610fe6620c7102ebe870e476d9a17f69949f6fea85d91e98762a95d1fc72b5323e66d836d373bb6cbf211a5a0cbc938de366adc58a91fa4768ec6f0440a7be9d3dd5bd99c87047370a42316393358d70e47eb6667bb13f3c9d2f880983889b32f8663602d014d397e5c01f373a5ed1515ef59aa942e29fb6eb2bd44d1ec0a9461bf0473faa7dec737195bc29641c68d22746eb2e43a96a463532c74f5234a83e8b17fe4254bfac5095faaaeef680b8a2c2a5475b12643e85829218ce33a6390f1dbee7ccbccc17655e5466027ff017083a05211bd5229093243d300b61e96afe5754650d456296f63011a03c80a452251a7f41c0e13b4d9b99949c3a2239cc4f913b50038bba7cced48147325a4225107c8df235f98009ddafbaa6e3936017081aa45a22342e2c0a5d5a45426bb2bf53f5f36b380466424e64ab9ab3b69c9132e7bc2fd3dced1e06d5b682ea9dd79198a7600411c1eeee576ea4a49d9c35ea8caf2dec9476f7265b48bdc6033e180cde6f020db8bb8073426aabb30850feeab6be356a3146f0ca189be874dbc65390bc67c337bca7e81c0a33b6e2758ddce2933adea436906466b9c55bb3ce3904c25faa3ab3be90397a6dfdbd729a4d3eaabf3f71aacce6c6ab96e32e3552c53c065717c9deab56312ed6f6baeea724ee544ec1eb13557f884174235ade6c76a8e3d6045fcecefdb347493ef5eb2aa42effcb427d7b443c4a784ca9d3e86837e5fc6e4ed98559972878226c0541b42641786d194fba65304ee5f1b2623f633b4f25407ee74c324d9b759125a28827d728b2f4f705a83c358f0599c6fb47a436d4457ee53aac4050be7f785db1cbef9e805c02a88dc20092d4dac6d8431b7e3f0baf8f2c1f18726d959f9c85de9fc285f35a4b454738d13c76fd227374f5bfb4f47cde1d5c0af4c3314832f4faecc58374e0ce92156d003cef1f264c752a85ab0b4dc701e1451ff7cfa103e94d554756c447bac5d04d83d363d1502e0cf4ace91e8009b4ca2aedbf868d86b2c76b44137e8212475f09891932b4907cb2e452b38db08b85bd19570ed9ce86b6fa9a20a12ee77efdf2a2138e9a03ed43d9e4e1ab6cd1b26099c88db86adffadec2a21c1e60f50a1d36a63225ae9dc686d217c1a43d59b2623a6b9f97c0d20a3ef27da14c964d7c94d3e481a4d491b5a2d5df08cc395dcd7438c69967732a9f2e532579de0323d6aa453e380acd8d43f9a4e41631c390c8809ab3cb809cb27a717f26beee4603ba3386314c90999ffcf6cb10fb754557504ea07f3d478ec551de1e28bc5c4637549a3d3fe7e1e1382df977d58a9d151d882e96372eef1b468dcaf102b6cb8597fcf4fe85cc171e2ae9b1bf50935f63a2a6bcc398f91446b63c0be11545abd3c54e4f2f0b61ee89af197f379321a7b43ae9e58f1ba161353cf8476f28622f9620fb5a39e3a9bb759383d27ab8c335637e81b9a1b1324d0907f19ab6642210562c11341b66bf545401b3290415674814c80cc3fbe20c734475848165793caff87c2bad859fdb17d94505550d6ef44a307c41dc63a2e244fc2dc0ab8df08337cbf4a04aff8cf2e3dfbfd47316cb6d6fda6172b02faed56082ffe9594b590a67aa20aa184b0fe40a669e64ecb0e2620e038682917fb87ee8162ac59f7ee2f824284a4e55f6eca4cc5d188c5d15b26f8091b52c9f368d90a6516995dfb567740ae917b615f096ca03b9e22ed0e67f41b26b14c40c0d60f351b6baa0b84171d686b9aee7fdf5a4c570017929a0f190ca4a18a1e2aa5a23ce9336bca4145bfd26a68872cd0f428f4890805b897d61e4c37d7d6d32ecaf59eb795c797cd137b21f877d1e3451f73584961e69260e8f634d40a06fe0db5ef91645d1eac48a845838d5da370f6bcd750b3f37d4f24765b82cca508401d8b6dc9ea4e6600c0fef3e101321bf6a447e77318c48d971aa907fabf0198e653a138d356db3da9e971522d9de54d48ea95651c473fe5976cb611cfd47b16c92d473da97a4ec70cd675a523ef85b802b6686016d5379cbcd9b7e87bf2181f5ce872c804417f6ec46df829f9072b4785f61dd6e985e23a5533ac3cba9379bb1a850c9bc2766b63463ae07955d97c625484a4d5a018cf1a3b17bd94ce72bde09ed886d32ec4435634747d9bdfd10717d3c2fda3205afcb54a61bf9e69a3bc410a16336716e53e70e268a7018b059156a6221626b70f9a4463b3c21db11732a23daf7faf059cb5c4a651713d50f1115eeaf0fd6b0e7afe4fb59fc1db60fed10b41c9e777ed6307c202c516fd7e7c2eb5bde3bcc609814387a4276b8b2737391b3691bf5a0b43a844a74280eb280021c2ac27090c2d1996f66f3a2bc8c7afe9651a87a8b62d508f982daec34adbcf5c3dd0a18744ef270f9f1d5dad64eac7f749d5c8f09785659814a775b8bf1bf8b263230be042f6423d7cb6f5daaefff6ae427288f00b2cf1b5e1d0eae93de23536845c9e350bdc68df52b1114806993512e48c6c802cc3217a7b743305ec1610f762c6fd47511ff395cc1b05cfa494e8ec59e1c72bd6ad8671961345b836df173537a26920a0075284605df0cf9c1db1b7dd9767f9255bd27b444fe8cae0861db121211d0acb0605b4485fb66b7ee2f17c2f898f923a5541e5c891fb5f9446c886fedc36f1db00f569c059d9e46334555301e387d95a7e9e49db54b7a38d839e091c60550418a46d293ba49038b5bf32061fcf61179b708b38423e1880ae562453595bd75ef86920cedebca30a461681d79c5b5c0e502e3d8d0f5f1c508e661de2eeee1db063af4af32f2e507db37f1c9098b6c443b399d17fe7652747084be543f62c08ed0d526bd64d4d87fbb9115d4bffb1a3dbdf862a30ec2926b76cf61fed159bf4cd9602fbbe37552b1b80df2f2f534a39c64b929e62593a132fc8acbf307250ff9e145c8fc1c6c9bf8272c958d24fbdaf05e21673b5ca9b3d69247599130c613b3c9a3e2aedb75b0d7c995344fd50faa8f038904a5ce8bcdd514a4fe90950f28732b39552f6302a509ac83702099014109d08c13f664b2901db6f69c6abf924f9ae906a18e3ac8e17d555a4b64147cce0040ab55932cf8c16cd88a7d091f010cdcd25156fdbeee200f3e0ad272f9522434e4c5c71e2d1a4d2a088c244369580172218d272c53136cba777c69f38187fad77bca7588e9a71af3ba5b3a0de3cbfc0d171cd30c8ef2290f00eb8344b5e7ed5be1b5de10404fb10d1d7896e9b1ca138e7ca0695c94d4ad68ba233ed69c3de8c8c52fc9a0f65ad0eeb37789192535f2a7bbd8dd01a194e14c12ebe5a01a2fb410aca06127192b1b3fc64a7ffdc2eeef2bae14bf6c666dbe444035a887ea078e26800bbb9a661ea61f993a94aa6c44e41f90f2c261677ee8b82e5333c43eb171d5ddf3906e80975e38679e06d3aacfa34b0a55a459fc43bf89ef92120a443601d1f0962e55d329459f75b7255d86364d6ab0b1069a29286f894", 0x1000, 0x100000001}, {&(0x7f00000000c0)="67fb376ce9429439a934250ccb141e4f42c5323caa8836d5dd16461a1d5971a0b61b4e", 0x23, 0x1}], 0x8, &(0x7f0000001300)={[{@resuid={'resuid', 0x3d, r1}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5eadfbf8}}, {@lazytime}, {@delalloc}, {@data_journal}, {@noacl}], [{@fowner_lt={'fowner<', 0xee01}}, {@smackfshat}, {@measure}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@subj_user={'subj_user', 0x3d, '^\\!$'}}, {@subj_user={'subj_user', 0x3d, '{.*'}}, {@dont_hash}, {@smackfsfloor}]}) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:44 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cb, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:44 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.823734] erofs: options -> [ 329.832981] erofs: root inode @ nid 36 [ 329.837112] erofs: mounted on /dev/loop4 with opts: . 23:45:44 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:45 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 329.945972] erofs: unmounted for /dev/loop4 [ 329.976466] erofs: read_super, device -> /dev/loop5 [ 329.985619] erofs: read_super, device -> /dev/loop2 [ 329.990661] erofs: options -> [ 329.992819] erofs: options -> [ 329.997753] erofs: cannot find valid erofs superblock [ 330.003364] erofs: root inode @ nid 36 [ 330.018152] erofs: read_super, device -> /dev/loop3 23:45:45 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 330.028540] erofs: options -> [ 330.035391] erofs: mounted on /dev/loop2 with opts: . [ 330.042195] erofs: root inode @ nid 36 [ 330.046374] erofs: mounted on /dev/loop3 with opts: . [ 330.054520] erofs: unmounted for /dev/loop2 [ 330.058313] erofs: unmounted for /dev/loop3 23:45:45 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 1) [ 330.153101] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 330.160296] erofs: read_super, device -> /dev/loop4 [ 330.160479] erofs: read_super, device -> /dev/loop1 [ 330.166156] erofs: options -> [ 330.174485] erofs: options -> [ 330.177788] erofs: root inode @ nid 36 [ 330.183358] erofs: read_super, device -> /dev/loop5 [ 330.188503] erofs: root inode @ nid 36 [ 330.194049] erofs: options -> [ 330.197437] erofs: mounted on /dev/loop4 with opts: . 23:45:45 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cc, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:45 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 330.207423] erofs: mounted on /dev/loop1 with opts: . [ 330.215551] erofs: cannot find valid erofs superblock [ 330.226460] erofs: unmounted for /dev/loop1 [ 330.237573] FAULT_INJECTION: forcing a failure. [ 330.237573] name failslab, interval 1, probability 0, space 0, times 0 23:45:45 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:45 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e759324700521c62323c1fe18af2b3f5eff88f6e94372b5ff7f0000399e4316593b069b0543879ece6ee0217064e99962c036164d2d9e191ee54ed65d76385e8925c3c10a"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000340)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020075705f69643d5f2daa197e4acce276277282354797edeb0070ceb98f8d126c06dedb8e89454607ab2f8dbb6a0ed7ef3773490e7597508cb05719bf9244558809d258", @ANYRESDEC=0x0]) [ 330.272053] erofs: unmounted for /dev/loop4 23:45:45 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 330.304992] CPU: 0 PID: 19475 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 330.312907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.322267] Call Trace: [ 330.324872] dump_stack+0x1fc/0x2ef [ 330.328523] should_fail.cold+0xa/0xf [ 330.332340] ? setup_fault_attr+0x200/0x200 [ 330.336669] ? lock_acquire+0x170/0x3c0 [ 330.340664] __should_failslab+0x115/0x180 [ 330.344905] should_failslab+0x5/0x10 [ 330.348702] __kmalloc+0x2ab/0x3c0 [ 330.352269] ? __se_sys_memfd_create+0xf8/0x440 [ 330.356941] __se_sys_memfd_create+0xf8/0x440 [ 330.361433] ? memfd_file_seals_ptr+0x150/0x150 [ 330.366098] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 330.371456] ? trace_hardirqs_off_caller+0x6e/0x210 [ 330.376482] ? do_syscall_64+0x21/0x620 [ 330.380461] do_syscall_64+0xf9/0x620 [ 330.384263] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 330.389444] RIP: 0033:0x7f865cea2109 [ 330.393183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 330.412260] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 330.419963] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea2109 [ 330.427235] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f865cefb1be [ 330.434499] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f865b8171d0 [ 330.441842] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 23:45:45 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 2) [ 330.449099] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 330.522167] erofs: read_super, device -> /dev/loop3 [ 330.527215] erofs: options -> [ 330.545344] erofs: read_super, device -> /dev/loop4 [ 330.550399] erofs: options -> [ 330.560742] erofs: root inode @ nid 36 [ 330.568278] erofs: mounted on /dev/loop3 with opts: . [ 330.575118] FAULT_INJECTION: forcing a failure. [ 330.575118] name failslab, interval 1, probability 0, space 0, times 0 [ 330.577134] erofs: unmounted for /dev/loop3 [ 330.591816] erofs: root inode @ nid 36 [ 330.597542] erofs: read_super, device -> /dev/loop1 [ 330.612356] erofs: mounted on /dev/loop4 with opts: . [ 330.620164] CPU: 1 PID: 19495 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 330.623240] erofs: options -> [ 330.628066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.628073] Call Trace: [ 330.628100] dump_stack+0x1fc/0x2ef [ 330.628121] should_fail.cold+0xa/0xf [ 330.628139] ? setup_fault_attr+0x200/0x200 [ 330.628153] ? lock_acquire+0x170/0x3c0 [ 330.628172] __should_failslab+0x115/0x180 [ 330.644584] erofs: root inode @ nid 36 [ 330.647010] should_failslab+0x5/0x10 [ 330.647028] kmem_cache_alloc+0x277/0x370 [ 330.647046] ? shmem_destroy_callback+0xb0/0xb0 [ 330.647061] shmem_alloc_inode+0x18/0x40 [ 330.647073] ? shmem_destroy_callback+0xb0/0xb0 [ 330.647090] alloc_inode+0x5d/0x180 [ 330.659093] erofs: mounted on /dev/loop1 with opts: . [ 330.659164] new_inode+0x1d/0xf0 [ 330.665233] erofs: unmounted for /dev/loop1 [ 330.667370] shmem_get_inode+0x96/0x8d0 [ 330.667395] __shmem_file_setup.part.0+0x7a/0x2b0 [ 330.667421] shmem_file_setup+0x61/0x90 [ 330.667439] __se_sys_memfd_create+0x26b/0x440 23:45:45 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e759324700521c62323c1fe18af2b3f5eff88f6e94372b5ff7f0000399e4316593b069b0543879ece6ee0217064e99962c036164d2d9e191ee54ed65d76385e8925c3c10a"], 0x15) (async) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000340)={0x18}, 0x18) (async) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020075705f69643d5f2daa197e4acce276277282354797edeb0070ceb98f8d126c06dedb8e89454607ab2f8dbb6a0ed7ef3773490e7597508cb05719bf9244558809d258", @ANYRESDEC=0x0]) [ 330.722686] ? memfd_file_seals_ptr+0x150/0x150 [ 330.727366] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 330.732744] ? trace_hardirqs_off_caller+0x6e/0x210 [ 330.737770] ? do_syscall_64+0x21/0x620 [ 330.741755] do_syscall_64+0xf9/0x620 [ 330.745569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 330.750763] RIP: 0033:0x7f865cea2109 [ 330.754481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:45:45 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 3) [ 330.773391] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 330.781105] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea2109 [ 330.788360] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f865cefb1be [ 330.795624] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f865b8171d0 [ 330.802893] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 330.810147] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 330.885647] erofs: read_super, device -> /dev/loop5 [ 330.890996] erofs: options -> [ 330.901015] erofs: cannot find valid erofs superblock 23:45:45 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cd, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:45 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:46 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 330.955091] erofs: unmounted for /dev/loop4 23:45:46 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:46 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e759324700521c62323c1fe18af2b3f5eff88f6e94372b5ff7f0000399e4316593b069b0543879ece6ee0217064e99962c036164d2d9e191ee54ed65d76385e8925c3c10a"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000340)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020075705f69643d5f2daa197e4acce276277282354797edeb0070ceb98f8d126c06dedb8e89454607ab2f8dbb6a0ed7ef3773490e7597508cb05719bf9244558809d258", @ANYRESDEC=0x0]) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) pipe2$9p(&(0x7f0000000240), 0x0) (async) write$P9_RVERSION(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e759324700521c62323c1fe18af2b3f5eff88f6e94372b5ff7f0000399e4316593b069b0543879ece6ee0217064e99962c036164d2d9e191ee54ed65d76385e8925c3c10a"], 0x15) (async) dup(r2) (async) write$FUSE_BMAP(r3, &(0x7f0000000340)={0x18}, 0x18) (async) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) (async) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0) (async) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020075705f69643d5f2daa197e4acce276277282354797edeb0070ceb98f8d126c06dedb8e89454607ab2f8dbb6a0ed7ef3773490e7597508cb05719bf9244558809d258", @ANYRESDEC=0x0]) (async) [ 331.039238] FAULT_INJECTION: forcing a failure. [ 331.039238] name failslab, interval 1, probability 0, space 0, times 0 [ 331.047776] erofs: read_super, device -> /dev/loop1 [ 331.057357] erofs: options -> [ 331.064579] erofs: root inode @ nid 36 [ 331.075203] erofs: mounted on /dev/loop1 with opts: . [ 331.089306] erofs: unmounted for /dev/loop1 [ 331.095309] CPU: 0 PID: 19524 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 331.103215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.112572] Call Trace: [ 331.115181] dump_stack+0x1fc/0x2ef [ 331.118826] should_fail.cold+0xa/0xf [ 331.122643] ? setup_fault_attr+0x200/0x200 [ 331.126985] ? lock_acquire+0x170/0x3c0 [ 331.130981] __should_failslab+0x115/0x180 [ 331.135234] should_failslab+0x5/0x10 [ 331.139047] kmem_cache_alloc+0x277/0x370 [ 331.143214] __d_alloc+0x2b/0xa10 [ 331.146691] d_alloc_pseudo+0x19/0x70 [ 331.150520] alloc_file_pseudo+0xc6/0x250 [ 331.154698] ? alloc_file+0x4d0/0x4d0 [ 331.158509] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 331.164263] ? shmem_get_inode+0x44c/0x8d0 [ 331.168524] __shmem_file_setup.part.0+0x102/0x2b0 [ 331.173482] shmem_file_setup+0x61/0x90 [ 331.177518] __se_sys_memfd_create+0x26b/0x440 [ 331.182120] ? memfd_file_seals_ptr+0x150/0x150 [ 331.186800] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 331.192172] ? trace_hardirqs_off_caller+0x6e/0x210 [ 331.197190] ? do_syscall_64+0x21/0x620 [ 331.201177] do_syscall_64+0xf9/0x620 [ 331.204968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.210143] RIP: 0033:0x7f865cea2109 [ 331.213859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:45:46 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 4) [ 331.233276] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 331.240984] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea2109 [ 331.248277] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f865cefb1be [ 331.255552] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f865b8171d0 [ 331.262828] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 331.270180] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:46 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ptrace$cont(0x9, r0, 0x7ff, 0x96) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) setxattr$incfs_size(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0)=0x5, 0x8, 0x3) [ 331.301889] erofs: read_super, device -> /dev/loop4 [ 331.306939] erofs: options -> [ 331.310185] erofs: root inode @ nid 36 [ 331.342074] erofs: read_super, device -> /dev/loop3 [ 331.342668] erofs: read_super, device -> /dev/loop5 23:45:46 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 331.355689] erofs: options -> [ 331.378675] erofs: options -> [ 331.381374] erofs: root inode @ nid 36 [ 331.393824] erofs: cannot find valid erofs superblock [ 331.397517] erofs: mounted on /dev/loop4 with opts: . [ 331.409084] erofs: mounted on /dev/loop3 with opts: . [ 331.429032] FAULT_INJECTION: forcing a failure. [ 331.429032] name failslab, interval 1, probability 0, space 0, times 0 [ 331.441131] CPU: 1 PID: 19574 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 331.441798] erofs: unmounted for /dev/loop3 [ 331.449026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.449032] Call Trace: [ 331.449058] dump_stack+0x1fc/0x2ef [ 331.449077] should_fail.cold+0xa/0xf [ 331.449097] ? setup_fault_attr+0x200/0x200 [ 331.477421] ? lock_acquire+0x170/0x3c0 [ 331.481540] __should_failslab+0x115/0x180 [ 331.485867] should_failslab+0x5/0x10 [ 331.489654] kmem_cache_alloc+0x277/0x370 [ 331.493813] __alloc_file+0x21/0x340 [ 331.497543] alloc_empty_file+0x6d/0x170 [ 331.501625] alloc_file+0x5e/0x4d0 [ 331.505192] alloc_file_pseudo+0x165/0x250 [ 331.509416] ? alloc_file+0x4d0/0x4d0 [ 331.513216] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 331.518836] ? shmem_get_inode+0x44c/0x8d0 [ 331.523097] __shmem_file_setup.part.0+0x102/0x2b0 [ 331.528157] shmem_file_setup+0x61/0x90 [ 331.532150] __se_sys_memfd_create+0x26b/0x440 [ 331.536735] ? memfd_file_seals_ptr+0x150/0x150 [ 331.541394] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 331.546778] ? trace_hardirqs_off_caller+0x6e/0x210 [ 331.551804] ? do_syscall_64+0x21/0x620 [ 331.555780] do_syscall_64+0xf9/0x620 [ 331.559584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.564864] RIP: 0033:0x7f865cea2109 [ 331.568671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 331.587584] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 331.595398] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea2109 [ 331.602675] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f865cefb1be [ 331.609948] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f865b8171d0 [ 331.617210] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 331.624477] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:45:46 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:46 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 5) 23:45:46 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:46 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 331.665585] erofs: read_super, device -> /dev/loop1 [ 331.671667] erofs: options -> [ 331.686973] erofs: unmounted for /dev/loop4 [ 331.708144] erofs: root inode @ nid 36 23:45:46 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) ptrace$cont(0x9, r0, 0x7ff, 0x96) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) setxattr$incfs_size(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0)=0x5, 0x8, 0x3) [ 331.722527] erofs: mounted on /dev/loop1 with opts: . [ 331.734685] erofs: unmounted for /dev/loop1 23:45:46 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 331.779909] FAULT_INJECTION: forcing a failure. [ 331.779909] name failslab, interval 1, probability 0, space 0, times 0 [ 331.815407] erofs: read_super, device -> /dev/loop4 [ 331.820547] erofs: options -> [ 331.838766] erofs: root inode @ nid 36 [ 331.850961] CPU: 0 PID: 19586 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 331.852346] erofs: mounted on /dev/loop4 with opts: . [ 331.858915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.858922] Call Trace: [ 331.858948] dump_stack+0x1fc/0x2ef [ 331.858968] should_fail.cold+0xa/0xf [ 331.858988] ? setup_fault_attr+0x200/0x200 23:45:46 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 331.887919] ? lock_acquire+0x170/0x3c0 [ 331.891913] __should_failslab+0x115/0x180 [ 331.896179] should_failslab+0x5/0x10 [ 331.899992] kmem_cache_alloc_trace+0x284/0x380 [ 331.904680] apparmor_file_alloc_security+0x394/0xad0 [ 331.909892] ? apparmor_file_receive+0x160/0x160 [ 331.914673] ? __alloc_file+0x21/0x340 [ 331.918584] security_file_alloc+0x40/0x90 [ 331.922841] __alloc_file+0xd8/0x340 [ 331.926570] alloc_empty_file+0x6d/0x170 [ 331.930637] alloc_file+0x5e/0x4d0 [ 331.934170] alloc_file_pseudo+0x165/0x250 [ 331.938394] ? alloc_file+0x4d0/0x4d0 [ 331.942180] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 331.947789] ? shmem_get_inode+0x44c/0x8d0 [ 331.952132] __shmem_file_setup.part.0+0x102/0x2b0 [ 331.957063] shmem_file_setup+0x61/0x90 [ 331.961171] __se_sys_memfd_create+0x26b/0x440 [ 331.965750] ? memfd_file_seals_ptr+0x150/0x150 [ 331.970423] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 331.975784] ? trace_hardirqs_off_caller+0x6e/0x210 [ 331.980791] ? do_syscall_64+0x21/0x620 [ 331.984757] do_syscall_64+0xf9/0x620 [ 331.988562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.993763] RIP: 0033:0x7f865cea2109 [ 331.997479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 332.016479] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 332.024201] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea2109 [ 332.031459] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f865cefb1be 23:45:47 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ptrace$cont(0x9, r0, 0x7ff, 0x96) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) setxattr$incfs_size(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0)=0x5, 0x8, 0x3) [ 332.038733] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f865b8171d0 [ 332.045989] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 332.053421] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 332.061209] erofs: unmounted for /dev/loop4 [ 332.078615] erofs: read_super, device -> /dev/loop5 23:45:47 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 6) [ 332.101816] erofs: read_super, device -> /dev/loop1 [ 332.106858] erofs: options -> [ 332.113531] erofs: read_super, device -> /dev/loop3 [ 332.124703] erofs: options -> [ 332.131327] erofs: options -> [ 332.136201] FAULT_INJECTION: forcing a failure. [ 332.136201] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 332.140881] erofs: root inode @ nid 36 23:45:47 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 332.148359] erofs: cannot find valid erofs superblock [ 332.161079] erofs: root inode @ nid 36 [ 332.170335] erofs: mounted on /dev/loop3 with opts: . [ 332.185440] CPU: 0 PID: 19613 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 332.193607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.202960] Call Trace: [ 332.205546] dump_stack+0x1fc/0x2ef [ 332.209164] should_fail.cold+0xa/0xf [ 332.212953] ? lock_acquire+0x170/0x3c0 [ 332.216930] ? setup_fault_attr+0x200/0x200 [ 332.221246] __alloc_pages_nodemask+0x239/0x2890 [ 332.225989] ? __lock_acquire+0x6de/0x3ff0 [ 332.230216] ? static_obj+0x50/0x50 [ 332.233834] ? __lock_acquire+0x6de/0x3ff0 [ 332.238064] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 332.242895] ? __lock_acquire+0x6de/0x3ff0 [ 332.247127] ? mark_held_locks+0xf0/0xf0 [ 332.251183] ? unwind_next_frame+0xeee/0x1400 [ 332.255753] ? mark_held_locks+0xf0/0xf0 [ 332.260075] ? deref_stack_reg+0x134/0x1d0 [ 332.264300] ? get_reg+0x176/0x1f0 [ 332.267830] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 332.273702] alloc_pages_vma+0xf2/0x780 [ 332.277772] shmem_alloc_page+0x11c/0x1f0 [ 332.281911] ? shmem_swapin+0x220/0x220 [ 332.285890] ? percpu_counter_add_batch+0x126/0x180 [ 332.290894] ? __vm_enough_memory+0x316/0x650 [ 332.295381] shmem_alloc_and_acct_page+0x15a/0x850 [ 332.300308] shmem_getpage_gfp+0x4e9/0x37f0 [ 332.304630] ? shmem_alloc_and_acct_page+0x850/0x850 [ 332.309729] ? mark_held_locks+0xa6/0xf0 [ 332.313778] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 332.318954] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 332.324135] shmem_write_begin+0xff/0x1e0 [ 332.328277] generic_perform_write+0x1f8/0x4d0 [ 332.332862] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 332.337534] ? current_time+0x1c0/0x1c0 [ 332.341499] ? lock_acquire+0x170/0x3c0 [ 332.345467] __generic_file_write_iter+0x24b/0x610 [ 332.350406] generic_file_write_iter+0x3f8/0x730 [ 332.355154] __vfs_write+0x51b/0x770 [ 332.358884] ? kernel_read+0x110/0x110 [ 332.362768] ? check_preemption_disabled+0x41/0x280 [ 332.367779] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 332.372786] vfs_write+0x1f3/0x540 [ 332.376344] __x64_sys_pwrite64+0x1f7/0x250 [ 332.380665] ? ksys_pwrite64+0x1a0/0x1a0 [ 332.384745] ? trace_hardirqs_off_caller+0x6e/0x210 [ 332.389755] ? do_syscall_64+0x21/0x620 [ 332.393723] do_syscall_64+0xf9/0x620 [ 332.397518] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 332.402696] RIP: 0033:0x7f865ce550d7 [ 332.406486] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 332.425376] RSP: 002b:00007f865b816f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 332.433075] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865ce550d7 [ 332.440334] RDX: 000000000000000f RSI: 0000000020010000 RDI: 0000000000000005 23:45:47 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 332.447682] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f865b8171d0 [ 332.454936] R10: 0000000000000400 R11: 0000000000000293 R12: 0000000000000005 [ 332.462198] R13: 0000000000000005 R14: 0000000020000200 R15: 0000000000000000 [ 332.489724] erofs: mounted on /dev/loop1 with opts: . [ 332.493106] erofs: unmounted for /dev/loop3 23:45:47 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) signalfd(r1, &(0x7f0000000000)={[0x1]}, 0x8) r2 = syz_open_dev$vcsn(&(0x7f0000000040), 0xf9, 0x0) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x101443, 0x1b1) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 332.522890] erofs: unmounted for /dev/loop1 23:45:47 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x600, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:47 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 332.647804] erofs: read_super, device -> /dev/loop2 [ 332.653154] erofs: read_super, device -> /dev/loop4 [ 332.672701] erofs: options -> [ 332.682219] erofs: options -> [ 332.685719] erofs: cannot find valid erofs superblock [ 332.703511] erofs: root inode @ nid 36 [ 332.725357] erofs: mounted on /dev/loop4 with opts: . 23:45:47 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 7) [ 332.765741] erofs: read_super, device -> /dev/loop3 [ 332.771212] erofs: options -> [ 332.771974] erofs: read_super, device -> /dev/loop5 [ 332.779783] erofs: read_super, device -> /dev/loop1 [ 332.782470] erofs: options -> [ 332.802188] erofs: cannot find valid erofs superblock 23:45:47 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x23, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:47 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) signalfd(r1, &(0x7f0000000000)={[0x1]}, 0x8) r2 = syz_open_dev$vcsn(&(0x7f0000000040), 0xf9, 0x0) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x101443, 0x1b1) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:47 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 332.822230] erofs: options -> [ 332.834124] erofs: unmounted for /dev/loop4 [ 332.836050] erofs: root inode @ nid 36 [ 332.844505] erofs: root inode @ nid 36 [ 332.855303] erofs: mounted on /dev/loop1 with opts: . [ 332.861146] erofs: mounted on /dev/loop3 with opts: . [ 332.867868] erofs: unmounted for /dev/loop1 [ 332.876109] erofs: unmounted for /dev/loop3 [ 332.901216] FAULT_INJECTION: forcing a failure. [ 332.901216] name failslab, interval 1, probability 0, space 0, times 0 [ 332.918210] CPU: 0 PID: 19660 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 332.926117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.935483] Call Trace: [ 332.938085] dump_stack+0x1fc/0x2ef [ 332.941731] should_fail.cold+0xa/0xf [ 332.945550] ? setup_fault_attr+0x200/0x200 [ 332.948727] erofs: read_super, device -> /dev/loop4 [ 332.949880] ? lock_acquire+0x170/0x3c0 [ 332.949903] __should_failslab+0x115/0x180 [ 332.949922] should_failslab+0x5/0x10 [ 332.955069] erofs: options -> [ 332.958911] kmem_cache_alloc+0x277/0x370 [ 332.958934] getname_flags+0xce/0x590 [ 332.958949] do_sys_open+0x26c/0x520 [ 332.958965] ? filp_open+0x70/0x70 [ 332.969308] erofs: root inode @ nid 36 [ 332.970175] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 332.970200] ? trace_hardirqs_off_caller+0x6e/0x210 23:45:48 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 332.970217] ? do_syscall_64+0x21/0x620 [ 332.976603] erofs: mounted on /dev/loop4 with opts: . [ 332.978148] do_syscall_64+0xf9/0x620 [ 332.978169] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 332.978183] RIP: 0033:0x7f865ce55024 [ 333.021700] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 333.040764] RSP: 002b:00007f865b816eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 23:45:48 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) signalfd(r1, &(0x7f0000000000)={[0x1]}, 0x8) r2 = syz_open_dev$vcsn(&(0x7f0000000040), 0xf9, 0x0) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x101443, 0x1b1) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) signalfd(r1, &(0x7f0000000000)={[0x1]}, 0x8) (async) syz_open_dev$vcsn(&(0x7f0000000040), 0xf9, 0x0) (async) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x101443, 0x1b1) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) 23:45:48 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 8) [ 333.048582] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865ce55024 [ 333.055846] RDX: 0000000000000002 RSI: 00007f865b816fe0 RDI: 00000000ffffff9c [ 333.063130] RBP: 00007f865b816fe0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 333.070387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 333.077647] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 333.087907] erofs: unmounted for /dev/loop4 23:45:48 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:48 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 333.216223] erofs: read_super, device -> /dev/loop5 [ 333.221315] erofs: options -> [ 333.248654] erofs: cannot find valid erofs superblock [ 333.301928] FAULT_INJECTION: forcing a failure. [ 333.301928] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 333.313755] CPU: 1 PID: 19687 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 333.321642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.330996] Call Trace: [ 333.333593] dump_stack+0x1fc/0x2ef [ 333.337256] should_fail.cold+0xa/0xf [ 333.341069] ? setup_fault_attr+0x200/0x200 [ 333.345471] ? do_writepages+0x290/0x290 [ 333.349538] ? unlock_page+0x13d/0x230 [ 333.353426] __alloc_pages_nodemask+0x239/0x2890 [ 333.358174] ? lock_downgrade+0x720/0x720 [ 333.362318] ? check_preemption_disabled+0x41/0x280 [ 333.367327] ? __lock_acquire+0x6de/0x3ff0 [ 333.371559] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 333.376393] ? lock_downgrade+0x720/0x720 [ 333.380616] ? lock_acquire+0x170/0x3c0 [ 333.384607] ? up_write+0x18/0x150 [ 333.388136] ? generic_file_write_iter+0x381/0x730 [ 333.393053] ? iov_iter_init+0xb8/0x1d0 [ 333.397024] cache_grow_begin+0xa4/0x8a0 [ 333.401097] ? setup_fault_attr+0x200/0x200 [ 333.405420] ? lock_acquire+0x170/0x3c0 [ 333.409398] cache_alloc_refill+0x273/0x340 [ 333.413721] kmem_cache_alloc+0x346/0x370 [ 333.417862] getname_flags+0xce/0x590 [ 333.421692] do_sys_open+0x26c/0x520 [ 333.425424] ? filp_open+0x70/0x70 [ 333.428980] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 333.434353] ? trace_hardirqs_off_caller+0x6e/0x210 [ 333.439368] ? do_syscall_64+0x21/0x620 [ 333.443343] do_syscall_64+0xf9/0x620 [ 333.447168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 333.452383] RIP: 0033:0x7f865ce55024 [ 333.456092] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 333.475067] RSP: 002b:00007f865b816eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 333.482790] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865ce55024 [ 333.490047] RDX: 0000000000000002 RSI: 00007f865b816fe0 RDI: 00000000ffffff9c 23:45:48 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xceed, 0x4, &(0x7f0000000340)=[{&(0x7f0000000200)="e9add9e218a132aa8bac5670a0061226bd0dff46cb417bc476475ea59c7ae5aa24da6886d2317f76daaaa077091cccc8a0ea7c0d4e590b929e1614b46a43d7b62b0359f72cf91ea1625e70fb4418ede7dff470c5a3be405521cad2c64466496d00a0538a5ccbfb0680e3", 0x6a, 0x6}, {&(0x7f00000000c0)="80c353e3fcb922d24e95c7a7ab339b626a2c1b90feb5569ca9877699632ab01a0c6f9ac0544e", 0x26, 0x34e}, {&(0x7f0000000280)="d8d5ce7cb9dabb27903579166be630ed97fa53894f8b12c4126f807e3a93eec71a391cd91ff33625e713bbd03c394e1d52eb30f6fcb01b5893820d0cac5bbee10eafb3fee79b60f22026a14607ab68c67ae4b53cf5e1fa09a9a11faa4b7c53c08c295d82b54569133e1e2dd7ca62407e7fb1aeac360ea51e2c973bc6fb5ab64a02614605294f2a6f25ddf4922b8813a1572d59210073be31f055943a2d897523aba42f73c25455043a2059", 0xab, 0xfff}, {&(0x7f0000000140)="78f048b9aa75ba22f1b551cc21c03fac9dba4dac935267bdff76236e8e71ade60e2f495a58a1f66bf69ccd63629b0a50ed47b10d3d2e92bc9f7c", 0x3a, 0x6}], 0x80040, &(0x7f00000003c0)={[{@check_relaxed}, {@gid}, {@map_normal}, {@map_off}, {@mode={'mode', 0x3d, 0x10001}}, {@overriderock}, {@check_relaxed}], [{@uid_gt={'uid>', 0xee01}}]}) symlinkat(0x0, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 333.497305] RBP: 00007f865b816fe0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 333.504565] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 333.511830] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:48 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024000000000000000000e803000000000000", 0x20, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 333.575923] erofs: read_super, device -> /dev/loop3 [ 333.581711] erofs: read_super, device -> /dev/loop2 [ 333.581881] erofs: options -> [ 333.586747] erofs: options -> [ 333.600206] erofs: read_super, device -> /dev/loop1 [ 333.603260] erofs: root inode @ nid 36 [ 333.605993] erofs: read_super, device -> /dev/loop4 [ 333.614760] erofs: mounted on /dev/loop3 with opts: . [ 333.620286] erofs: unmounted for /dev/loop3 [ 333.625355] erofs: options -> [ 333.629244] erofs: options -> [ 333.632723] erofs: root inode @ nid 36 [ 333.642886] erofs: root inode @ nid 36 [ 333.644118] erofs: mounted on /dev/loop2 with opts: . [ 333.658648] erofs: root inode @ nid 36 [ 333.668605] erofs: mounted on /dev/loop1 with opts: . 23:45:48 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x900, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 333.676262] erofs: unmounted for /dev/loop2 [ 333.680867] erofs: mounted on /dev/loop4 with opts: . [ 333.698722] erofs: unmounted for /dev/loop1 23:45:48 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:48 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 9) [ 333.728194] ====================================================== [ 333.728194] WARNING: the mand mount option is being deprecated and [ 333.728194] will be removed in v5.15! [ 333.728194] ====================================================== [ 333.751524] erofs: unmounted for /dev/loop4 [ 333.774134] erofs: read_super, device -> /dev/loop5 [ 333.785642] erofs: options -> [ 333.789360] erofs: root inode @ nid 36 [ 333.801192] erofs: mounted on /dev/loop5 with opts: . [ 333.808570] erofs: unmounted for /dev/loop5 [ 333.820557] FAULT_INJECTION: forcing a failure. [ 333.820557] name failslab, interval 1, probability 0, space 0, times 0 [ 333.832471] CPU: 0 PID: 19738 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 333.840365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.849813] Call Trace: [ 333.852537] dump_stack+0x1fc/0x2ef [ 333.856162] should_fail.cold+0xa/0xf [ 333.860242] ? setup_fault_attr+0x200/0x200 [ 333.864561] ? lock_acquire+0x170/0x3c0 [ 333.868527] __should_failslab+0x115/0x180 [ 333.872756] should_failslab+0x5/0x10 [ 333.876542] kmem_cache_alloc_trace+0x284/0x380 [ 333.881202] apparmor_file_alloc_security+0x394/0xad0 [ 333.886383] ? apparmor_file_receive+0x160/0x160 [ 333.891139] ? __alloc_file+0x21/0x340 [ 333.895031] security_file_alloc+0x40/0x90 [ 333.899257] __alloc_file+0xd8/0x340 [ 333.903012] alloc_empty_file+0x6d/0x170 [ 333.907073] path_openat+0xe9/0x2df0 [ 333.910775] ? __lock_acquire+0x6de/0x3ff0 [ 333.915007] ? path_lookupat+0x8d0/0x8d0 [ 333.919062] ? mark_held_locks+0xf0/0xf0 [ 333.923120] ? mark_held_locks+0xf0/0xf0 [ 333.927176] do_filp_open+0x18c/0x3f0 [ 333.930976] ? may_open_dev+0xf0/0xf0 [ 333.934783] ? __alloc_fd+0x28d/0x570 [ 333.938576] ? lock_downgrade+0x720/0x720 [ 333.942721] ? lock_acquire+0x170/0x3c0 [ 333.946692] ? __alloc_fd+0x34/0x570 [ 333.950399] ? do_raw_spin_unlock+0x171/0x230 [ 333.954907] ? _raw_spin_unlock+0x29/0x40 [ 333.959064] ? __alloc_fd+0x28d/0x570 [ 333.962860] do_sys_open+0x3b3/0x520 [ 333.966575] ? filp_open+0x70/0x70 [ 333.970105] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 333.975467] ? trace_hardirqs_off_caller+0x6e/0x210 [ 333.980482] ? do_syscall_64+0x21/0x620 [ 333.984457] do_syscall_64+0xf9/0x620 [ 333.988249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 333.993425] RIP: 0033:0x7f865ce55024 [ 333.997126] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 334.016031] RSP: 002b:00007f865b816eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 334.023727] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865ce55024 [ 334.030984] RDX: 0000000000000002 RSI: 00007f865b816fe0 RDI: 00000000ffffff9c [ 334.038243] RBP: 00007f865b816fe0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 334.045526] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 334.052792] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 334.072527] erofs: read_super, device -> /dev/loop3 23:45:49 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x383, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:49 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 10) 23:45:49 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xceed, 0x4, &(0x7f0000000340)=[{&(0x7f0000000200)="e9add9e218a132aa8bac5670a0061226bd0dff46cb417bc476475ea59c7ae5aa24da6886d2317f76daaaa077091cccc8a0ea7c0d4e590b929e1614b46a43d7b62b0359f72cf91ea1625e70fb4418ede7dff470c5a3be405521cad2c64466496d00a0538a5ccbfb0680e3", 0x6a, 0x6}, {&(0x7f00000000c0)="80c353e3fcb922d24e95c7a7ab339b626a2c1b90feb5569ca9877699632ab01a0c6f9ac0544e", 0x26, 0x34e}, {&(0x7f0000000280)="d8d5ce7cb9dabb27903579166be630ed97fa53894f8b12c4126f807e3a93eec71a391cd91ff33625e713bbd03c394e1d52eb30f6fcb01b5893820d0cac5bbee10eafb3fee79b60f22026a14607ab68c67ae4b53cf5e1fa09a9a11faa4b7c53c08c295d82b54569133e1e2dd7ca62407e7fb1aeac360ea51e2c973bc6fb5ab64a02614605294f2a6f25ddf4922b8813a1572d59210073be31f055943a2d897523aba42f73c25455043a2059", 0xab, 0xfff}, {&(0x7f0000000140)="78f048b9aa75ba22f1b551cc21c03fac9dba4dac935267bdff76236e8e71ade60e2f495a58a1f66bf69ccd63629b0a50ed47b10d3d2e92bc9f7c", 0x3a, 0x6}], 0x80040, &(0x7f00000003c0)={[{@check_relaxed}, {@gid}, {@map_normal}, {@map_off}, {@mode={'mode', 0x3d, 0x10001}}, {@overriderock}, {@check_relaxed}], [{@uid_gt={'uid>', 0xee01}}]}) symlinkat(0x0, r1, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:49 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 334.077576] erofs: options -> [ 334.093042] erofs: root inode @ nid 36 [ 334.105411] erofs: mounted on /dev/loop3 with opts: . [ 334.120951] erofs: unmounted for /dev/loop3 [ 334.170613] FAULT_INJECTION: forcing a failure. [ 334.170613] name failslab, interval 1, probability 0, space 0, times 0 [ 334.182224] CPU: 0 PID: 19748 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 334.190119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.199660] Call Trace: [ 334.202264] dump_stack+0x1fc/0x2ef [ 334.205920] should_fail.cold+0xa/0xf [ 334.209738] ? setup_fault_attr+0x200/0x200 [ 334.214085] ? lock_acquire+0x170/0x3c0 [ 334.218089] __should_failslab+0x115/0x180 [ 334.222348] should_failslab+0x5/0x10 [ 334.226168] kmem_cache_alloc_trace+0x284/0x380 [ 334.230856] apparmor_file_alloc_security+0x394/0xad0 [ 334.236068] ? apparmor_file_receive+0x160/0x160 [ 334.240846] ? __alloc_file+0x21/0x340 [ 334.242558] erofs: read_super, device -> /dev/loop5 [ 334.244750] security_file_alloc+0x40/0x90 [ 334.244772] __alloc_file+0xd8/0x340 [ 334.244788] alloc_empty_file+0x6d/0x170 [ 334.244807] path_openat+0xe9/0x2df0 [ 334.249955] erofs: options -> [ 334.254144] ? __lock_acquire+0x6de/0x3ff0 [ 334.254172] ? path_lookupat+0x8d0/0x8d0 [ 334.254189] ? mark_held_locks+0xf0/0xf0 [ 334.254208] do_filp_open+0x18c/0x3f0 [ 334.254220] ? may_open_dev+0xf0/0xf0 [ 334.254234] ? __alloc_fd+0x28d/0x570 [ 334.254251] ? lock_downgrade+0x720/0x720 [ 334.254274] ? lock_acquire+0x170/0x3c0 [ 334.273419] erofs: cannot find valid erofs superblock [ 334.277172] ? __alloc_fd+0x34/0x570 [ 334.277194] ? do_raw_spin_unlock+0x171/0x230 [ 334.277210] ? _raw_spin_unlock+0x29/0x40 [ 334.277223] ? __alloc_fd+0x28d/0x570 [ 334.277247] do_sys_open+0x3b3/0x520 [ 334.325822] ? filp_open+0x70/0x70 [ 334.329381] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 334.334757] ? trace_hardirqs_off_caller+0x6e/0x210 [ 334.339786] ? do_syscall_64+0x21/0x620 [ 334.343752] do_syscall_64+0xf9/0x620 [ 334.347551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 334.352729] RIP: 0033:0x7f865ce55024 [ 334.356430] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 334.375320] RSP: 002b:00007f865b816eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 334.383015] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865ce55024 [ 334.390284] RDX: 0000000000000002 RSI: 00007f865b816fe0 RDI: 00000000ffffff9c [ 334.397551] RBP: 00007f865b816fe0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 334.404893] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 334.412151] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:49 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 11) [ 334.441993] erofs: read_super, device -> /dev/loop1 [ 334.451568] erofs: read_super, device -> /dev/loop4 [ 334.456609] erofs: options -> [ 334.459857] erofs: root inode @ nid 36 23:45:49 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:49 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 334.496758] erofs: options -> [ 334.504758] erofs: mounted on /dev/loop4 with opts: . [ 334.510755] erofs: root inode @ nid 36 [ 334.523468] erofs: mounted on /dev/loop1 with opts: . [ 334.540427] FAULT_INJECTION: forcing a failure. 23:45:49 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xceed, 0x4, &(0x7f0000000340)=[{&(0x7f0000000200)="e9add9e218a132aa8bac5670a0061226bd0dff46cb417bc476475ea59c7ae5aa24da6886d2317f76daaaa077091cccc8a0ea7c0d4e590b929e1614b46a43d7b62b0359f72cf91ea1625e70fb4418ede7dff470c5a3be405521cad2c64466496d00a0538a5ccbfb0680e3", 0x6a, 0x6}, {&(0x7f00000000c0)="80c353e3fcb922d24e95c7a7ab339b626a2c1b90feb5569ca9877699632ab01a0c6f9ac0544e", 0x26, 0x34e}, {&(0x7f0000000280)="d8d5ce7cb9dabb27903579166be630ed97fa53894f8b12c4126f807e3a93eec71a391cd91ff33625e713bbd03c394e1d52eb30f6fcb01b5893820d0cac5bbee10eafb3fee79b60f22026a14607ab68c67ae4b53cf5e1fa09a9a11faa4b7c53c08c295d82b54569133e1e2dd7ca62407e7fb1aeac360ea51e2c973bc6fb5ab64a02614605294f2a6f25ddf4922b8813a1572d59210073be31f055943a2d897523aba42f73c25455043a2059", 0xab, 0xfff}, {&(0x7f0000000140)="78f048b9aa75ba22f1b551cc21c03fac9dba4dac935267bdff76236e8e71ade60e2f495a58a1f66bf69ccd63629b0a50ed47b10d3d2e92bc9f7c", 0x3a, 0x6}], 0x80040, &(0x7f00000003c0)={[{@check_relaxed}, {@gid}, {@map_normal}, {@map_off}, {@mode={'mode', 0x3d, 0x10001}}, {@overriderock}, {@check_relaxed}], [{@uid_gt={'uid>', 0xee01}}]}) symlinkat(0x0, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 334.540427] name failslab, interval 1, probability 0, space 0, times 0 [ 334.556734] erofs: unmounted for /dev/loop1 [ 334.558900] CPU: 1 PID: 19770 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 334.568950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.578440] Call Trace: [ 334.581019] dump_stack+0x1fc/0x2ef [ 334.584636] should_fail.cold+0xa/0xf [ 334.588427] ? setup_fault_attr+0x200/0x200 [ 334.592738] ? lock_acquire+0x170/0x3c0 [ 334.596703] __should_failslab+0x115/0x180 [ 334.600943] should_failslab+0x5/0x10 [ 334.604737] kmem_cache_alloc+0x277/0x370 [ 334.608886] __kernfs_new_node+0xd2/0x680 [ 334.613040] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 334.617785] ? _raw_spin_unlock_irq+0x5a/0x80 [ 334.622287] ? __cpu_to_node+0x7b/0xa0 [ 334.626253] ? mark_held_locks+0xf0/0xf0 [ 334.630306] ? io_schedule_timeout+0x140/0x140 [ 334.634893] ? enqueue_entity+0xf86/0x3850 [ 334.639119] ? set_user_nice.part.0+0x3b9/0xab0 [ 334.643780] kernfs_create_dir_ns+0x9e/0x230 [ 334.648186] internal_create_group+0x1c1/0xb20 [ 334.652762] ? sysfs_remove_link_from_group+0x70/0x70 [ 334.657988] ? lock_downgrade+0x720/0x720 [ 334.662138] lo_ioctl+0xf7c/0x20e0 [ 334.665664] ? loop_set_status64+0x110/0x110 [ 334.670060] blkdev_ioctl+0x5cb/0x1a80 [ 334.673941] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 334.679293] ? blkpg_ioctl+0x9d0/0x9d0 [ 334.683164] ? mark_held_locks+0xf0/0xf0 [ 334.687218] ? mark_held_locks+0xf0/0xf0 [ 334.691267] ? debug_check_no_obj_freed+0x201/0x490 [ 334.696269] ? lock_downgrade+0x720/0x720 [ 334.700412] block_ioctl+0xe9/0x130 [ 334.704027] ? blkdev_fallocate+0x3f0/0x3f0 [ 334.708330] do_vfs_ioctl+0xcdb/0x12e0 [ 334.712205] ? lock_downgrade+0x720/0x720 [ 334.716342] ? check_preemption_disabled+0x41/0x280 [ 334.721351] ? ioctl_preallocate+0x200/0x200 [ 334.725754] ? __fget+0x356/0x510 [ 334.729208] ? do_dup2+0x450/0x450 [ 334.732735] ? do_sys_open+0x2bf/0x520 [ 334.736621] ksys_ioctl+0x9b/0xc0 [ 334.740059] __x64_sys_ioctl+0x6f/0xb0 [ 334.743929] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 334.748496] do_syscall_64+0xf9/0x620 [ 334.752287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 334.757805] RIP: 0033:0x7f865cea1ec7 [ 334.761506] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 334.780402] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 334.788091] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 23:45:49 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 334.795343] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 334.802695] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 334.809952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 334.817209] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 334.856695] erofs: unmounted for /dev/loop4 [ 334.863097] erofs: read_super, device -> /dev/loop5 [ 334.868498] erofs: read_super, device -> /dev/loop2 [ 334.873803] erofs: options -> [ 334.883318] erofs: options -> [ 334.886699] erofs: cannot find valid erofs superblock [ 334.897680] erofs: root inode @ nid 36 23:45:49 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 334.906006] erofs: mounted on /dev/loop2 with opts: . [ 334.915378] erofs: unmounted for /dev/loop2 [ 334.973518] erofs: read_super, device -> /dev/loop3 [ 334.978560] erofs: options -> [ 334.987117] erofs: root inode @ nid 36 [ 334.993710] erofs: mounted on /dev/loop3 with opts: . [ 334.999199] erofs: unmounted for /dev/loop3 [ 335.018128] erofs: read_super, device -> /dev/loop4 23:45:50 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:50 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) ptrace(0x8, r0) [ 335.034192] erofs: options -> 23:45:50 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 12) 23:45:50 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 335.056004] erofs: root inode @ nid 36 [ 335.070673] erofs: read_super, device -> /dev/loop1 [ 335.079256] erofs: options -> [ 335.087560] erofs: mounted on /dev/loop4 with opts: . [ 335.097567] erofs: root inode @ nid 36 23:45:50 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3bf, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 335.118113] erofs: mounted on /dev/loop1 with opts: . 23:45:50 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) ptrace(0x8, r0) [ 335.139747] erofs: unmounted for /dev/loop1 [ 335.140745] erofs: unmounted for /dev/loop4 [ 335.212471] FAULT_INJECTION: forcing a failure. [ 335.212471] name failslab, interval 1, probability 0, space 0, times 0 [ 335.223907] CPU: 1 PID: 19816 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 335.231841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.241182] Call Trace: [ 335.243790] dump_stack+0x1fc/0x2ef [ 335.247429] should_fail.cold+0xa/0xf [ 335.251225] ? setup_fault_attr+0x200/0x200 [ 335.255547] ? lock_acquire+0x170/0x3c0 [ 335.259525] __should_failslab+0x115/0x180 [ 335.263777] should_failslab+0x5/0x10 [ 335.267573] kmem_cache_alloc+0x277/0x370 [ 335.271716] __kernfs_new_node+0xd2/0x680 [ 335.275857] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 335.280599] ? __cpu_to_node+0x7b/0xa0 [ 335.284483] ? account_entity_enqueue+0x2e5/0x440 [ 335.289318] ? mark_held_locks+0xf0/0xf0 [ 335.293364] ? enqueue_entity+0xf86/0x3850 [ 335.297592] ? set_user_nice.part.0+0x3b9/0xab0 [ 335.302474] kernfs_create_dir_ns+0x9e/0x230 [ 335.306882] internal_create_group+0x1c1/0xb20 [ 335.311466] ? sysfs_remove_link_from_group+0x70/0x70 [ 335.316662] ? lock_downgrade+0x720/0x720 [ 335.320816] lo_ioctl+0xf7c/0x20e0 [ 335.324355] ? loop_set_status64+0x110/0x110 [ 335.328768] blkdev_ioctl+0x5cb/0x1a80 [ 335.332659] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 335.338007] ? blkpg_ioctl+0x9d0/0x9d0 [ 335.341907] ? mark_held_locks+0xf0/0xf0 [ 335.345971] ? mark_held_locks+0xf0/0xf0 [ 335.350037] ? debug_check_no_obj_freed+0x201/0x490 [ 335.355059] ? lock_downgrade+0x720/0x720 [ 335.359190] block_ioctl+0xe9/0x130 [ 335.362991] ? blkdev_fallocate+0x3f0/0x3f0 [ 335.367308] do_vfs_ioctl+0xcdb/0x12e0 [ 335.371182] ? lock_downgrade+0x720/0x720 [ 335.375315] ? check_preemption_disabled+0x41/0x280 [ 335.380320] ? ioctl_preallocate+0x200/0x200 [ 335.384742] ? __fget+0x356/0x510 [ 335.388195] ? do_dup2+0x450/0x450 [ 335.391726] ? do_sys_open+0x2bf/0x520 [ 335.395603] ksys_ioctl+0x9b/0xc0 [ 335.399042] __x64_sys_ioctl+0x6f/0xb0 [ 335.402922] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 335.407501] do_syscall_64+0xf9/0x620 [ 335.411300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 335.416484] RIP: 0033:0x7f865cea1ec7 [ 335.420193] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 335.439219] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.447010] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 335.454270] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 335.461678] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 335.468945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 335.476318] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 335.498576] erofs: read_super, device -> /dev/loop3 [ 335.503943] erofs: options -> [ 335.508830] erofs: read_super, device -> /dev/loop2 23:45:50 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x600, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 335.514307] erofs: read_super, device -> /dev/loop5 [ 335.519336] erofs: options -> [ 335.534422] erofs: options -> [ 335.538007] erofs: root inode @ nid 36 [ 335.547164] erofs: mounted on /dev/loop3 with opts: . [ 335.553571] erofs: cannot find valid erofs superblock 23:45:50 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) ptrace(0x8, r0) 23:45:50 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2735, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 335.566043] erofs: unmounted for /dev/loop3 [ 335.567280] erofs: root inode @ nid 36 [ 335.595912] erofs: mounted on /dev/loop2 with opts: . [ 335.605773] erofs: unmounted for /dev/loop2 23:45:50 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c002400", 0x10, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:50 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 13) [ 335.691926] erofs: read_super, device -> /dev/loop4 [ 335.697936] erofs: read_super, device -> /dev/loop1 [ 335.715273] erofs: options -> [ 335.718941] erofs: options -> [ 335.754437] erofs: root inode @ nid 36 [ 335.763243] erofs: root inode @ nid 36 [ 335.779507] erofs: mounted on /dev/loop1 with opts: . [ 335.785686] erofs: mounted on /dev/loop4 with opts: . [ 335.792602] erofs: read_super, device -> /dev/loop5 [ 335.798536] erofs: unmounted for /dev/loop1 [ 335.803900] erofs: options -> [ 335.810684] erofs: root inode @ nid 36 [ 335.817261] erofs: read_super, device -> /dev/loop3 [ 335.823320] erofs: options -> [ 335.827188] erofs: mounted on /dev/loop5 with opts: . [ 335.835201] erofs: root inode @ nid 36 [ 335.846286] erofs: mounted on /dev/loop3 with opts: . 23:45:50 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) fsetxattr$security_evm(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6f150f8ca93c0f1bb119a0b9b0103d17e69ba9"}, 0x14, 0x1) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:50 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 335.847996] erofs: unmounted for /dev/loop5 23:45:50 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:50 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) fsetxattr$security_evm(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6f150f8ca93c0f1bb119a0b9b0103d17e69ba9"}, 0x14, 0x1) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) fsetxattr$security_evm(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6f150f8ca93c0f1bb119a0b9b0103d17e69ba9"}, 0x14, 0x1) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 335.883963] erofs: unmounted for /dev/loop3 [ 335.893838] erofs: unmounted for /dev/loop4 [ 335.894280] FAULT_INJECTION: forcing a failure. [ 335.894280] name failslab, interval 1, probability 0, space 0, times 0 [ 335.914729] CPU: 1 PID: 19866 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 335.922636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.931998] Call Trace: [ 335.934674] dump_stack+0x1fc/0x2ef [ 335.938303] should_fail.cold+0xa/0xf [ 335.942121] ? setup_fault_attr+0x200/0x200 [ 335.946440] ? lock_acquire+0x170/0x3c0 [ 335.950416] __should_failslab+0x115/0x180 [ 335.954668] should_failslab+0x5/0x10 [ 335.958474] kmem_cache_alloc+0x277/0x370 [ 335.962784] __kernfs_new_node+0xd2/0x680 [ 335.966932] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 335.971684] ? kernfs_activate+0x2c/0x1d0 [ 335.975829] ? lock_downgrade+0x720/0x720 [ 335.979968] ? kernfs_add_one+0x51/0x4c0 [ 335.984042] ? mutex_trylock+0x1a0/0x1a0 [ 335.988107] ? __mutex_unlock_slowpath+0xea/0x610 [ 335.993001] kernfs_new_node+0x92/0x120 [ 335.996992] __kernfs_create_file+0x51/0x340 [ 336.001406] sysfs_add_file_mode_ns+0x226/0x540 [ 336.006080] internal_create_group+0x355/0xb20 [ 336.010655] ? sysfs_remove_link_from_group+0x70/0x70 [ 336.015840] ? lock_downgrade+0x720/0x720 [ 336.020001] lo_ioctl+0xf7c/0x20e0 [ 336.023535] ? loop_set_status64+0x110/0x110 [ 336.027947] blkdev_ioctl+0x5cb/0x1a80 [ 336.031837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.037194] ? blkpg_ioctl+0x9d0/0x9d0 [ 336.041138] ? mark_held_locks+0xf0/0xf0 [ 336.045190] ? mark_held_locks+0xf0/0xf0 [ 336.049240] ? debug_check_no_obj_freed+0x201/0x490 [ 336.054243] ? lock_downgrade+0x720/0x720 [ 336.058384] block_ioctl+0xe9/0x130 [ 336.061999] ? blkdev_fallocate+0x3f0/0x3f0 [ 336.066309] do_vfs_ioctl+0xcdb/0x12e0 [ 336.070183] ? lock_downgrade+0x720/0x720 [ 336.074320] ? check_preemption_disabled+0x41/0x280 [ 336.079317] ? ioctl_preallocate+0x200/0x200 [ 336.083712] ? __fget+0x356/0x510 [ 336.087148] ? do_dup2+0x450/0x450 [ 336.090686] ? do_sys_open+0x2bf/0x520 [ 336.094572] ksys_ioctl+0x9b/0xc0 [ 336.098026] __x64_sys_ioctl+0x6f/0xb0 [ 336.101907] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 336.106482] do_syscall_64+0xf9/0x620 [ 336.110294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.115464] RIP: 0033:0x7f865cea1ec7 [ 336.119249] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 336.138137] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.145838] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 336.153095] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 336.160357] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 336.167641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 336.174956] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:51 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3527, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:51 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c002400", 0x10, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 336.234587] erofs: read_super, device -> /dev/loop2 [ 336.239721] erofs: options -> [ 336.250801] erofs: root inode @ nid 36 [ 336.285349] erofs: mounted on /dev/loop2 with opts: . [ 336.303333] erofs: unmounted for /dev/loop2 [ 336.310693] erofs: read_super, device -> /dev/loop1 [ 336.315776] erofs: read_super, device -> /dev/loop4 [ 336.315784] erofs: options -> [ 336.320033] erofs: root inode @ nid 36 [ 336.325620] erofs: options -> 23:45:51 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 14) 23:45:51 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c1, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 336.344982] erofs: root inode @ nid 36 [ 336.345023] erofs: mounted on /dev/loop4 with opts: . [ 336.356995] erofs: mounted on /dev/loop1 with opts: . [ 336.365597] erofs: unmounted for /dev/loop1 23:45:51 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) fsetxattr$security_evm(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6f150f8ca93c0f1bb119a0b9b0103d17e69ba9"}, 0x14, 0x1) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) fsetxattr$security_evm(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6f150f8ca93c0f1bb119a0b9b0103d17e69ba9"}, 0x14, 0x1) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 336.402743] erofs: unmounted for /dev/loop4 [ 336.414184] erofs: read_super, device -> /dev/loop5 [ 336.419521] erofs: read_super, device -> /dev/loop3 [ 336.430197] erofs: options -> [ 336.440936] erofs: options -> 23:45:51 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 336.450012] erofs: root inode @ nid 36 [ 336.454785] erofs: root inode @ nid 36 [ 336.459508] erofs: mounted on /dev/loop5 with opts: . [ 336.481168] erofs: mounted on /dev/loop3 with opts: . [ 336.493796] erofs: unmounted for /dev/loop3 [ 336.498538] erofs: unmounted for /dev/loop5 23:45:51 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703ac00, 0x4, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x80000000, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000200)="88e6975023fe3793a2ce01ebdc46d433baf9b1af8ab1f73fc9dae3aaf64bb14b25511ad268f8f8ebe649ab47720040baec7f61d573a242f60092762262e64abb6c63cf920b9df4a9840b9eb2845a8246402156acf377e97ab146fdb7b507cd7d7044c39e5303e0bc0c1dab5bbd2a85851ba823771448da9aa7359910934f6067e84b685a0d78a027f9ef23fc6fb451", 0x8f}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 336.515025] FAULT_INJECTION: forcing a failure. [ 336.515025] name failslab, interval 1, probability 0, space 0, times 0 [ 336.534647] CPU: 0 PID: 19916 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 336.542558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.551921] Call Trace: [ 336.554522] dump_stack+0x1fc/0x2ef [ 336.558174] should_fail.cold+0xa/0xf [ 336.562361] ? setup_fault_attr+0x200/0x200 [ 336.566772] ? lock_acquire+0x170/0x3c0 [ 336.570743] __should_failslab+0x115/0x180 [ 336.575098] should_failslab+0x5/0x10 [ 336.578896] kmem_cache_alloc+0x277/0x370 [ 336.583034] __kernfs_new_node+0xd2/0x680 [ 336.587169] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 336.592396] ? __mutex_unlock_slowpath+0xea/0x610 [ 336.597233] ? wait_for_completion_io+0x10/0x10 [ 336.601895] ? kernfs_next_descendant_post+0x19c/0x290 [ 336.607164] kernfs_new_node+0x92/0x120 [ 336.611148] __kernfs_create_file+0x51/0x340 [ 336.615555] sysfs_add_file_mode_ns+0x226/0x540 [ 336.620213] internal_create_group+0x355/0xb20 [ 336.624790] ? sysfs_remove_link_from_group+0x70/0x70 [ 336.629964] ? lock_downgrade+0x720/0x720 [ 336.634112] lo_ioctl+0xf7c/0x20e0 [ 336.637643] ? loop_set_status64+0x110/0x110 [ 336.642047] blkdev_ioctl+0x5cb/0x1a80 [ 336.645922] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.651277] ? blkpg_ioctl+0x9d0/0x9d0 [ 336.655157] ? mark_held_locks+0xf0/0xf0 [ 336.659207] ? mark_held_locks+0xf0/0xf0 [ 336.663259] ? debug_check_no_obj_freed+0x201/0x490 [ 336.668271] ? lock_downgrade+0x720/0x720 [ 336.672415] block_ioctl+0xe9/0x130 [ 336.676033] ? blkdev_fallocate+0x3f0/0x3f0 [ 336.680364] do_vfs_ioctl+0xcdb/0x12e0 [ 336.684239] ? lock_downgrade+0x720/0x720 [ 336.688395] ? check_preemption_disabled+0x41/0x280 [ 336.693410] ? ioctl_preallocate+0x200/0x200 [ 336.697811] ? __fget+0x356/0x510 [ 336.701254] ? do_dup2+0x450/0x450 [ 336.704783] ? do_sys_open+0x2bf/0x520 [ 336.708657] ksys_ioctl+0x9b/0xc0 [ 336.712098] __x64_sys_ioctl+0x6f/0xb0 [ 336.715969] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 336.720541] do_syscall_64+0xf9/0x620 [ 336.724338] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.729513] RIP: 0033:0x7f865cea1ec7 [ 336.733683] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 336.752663] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.760824] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 336.768092] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 336.775359] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 336.782617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 336.789989] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:51 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 336.819851] erofs: read_super, device -> /dev/loop2 [ 336.832018] erofs: options -> [ 336.836127] erofs: root inode @ nid 36 [ 336.840641] erofs: mounted on /dev/loop2 with opts: . [ 336.851136] erofs: read_super, device -> /dev/loop4 [ 336.857305] erofs: options -> [ 336.860754] erofs: read_super, device -> /dev/loop1 23:45:51 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:51 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703ac00, 0x4, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x80000000, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000200)="88e6975023fe3793a2ce01ebdc46d433baf9b1af8ab1f73fc9dae3aaf64bb14b25511ad268f8f8ebe649ab47720040baec7f61d573a242f60092762262e64abb6c63cf920b9df4a9840b9eb2845a8246402156acf377e97ab146fdb7b507cd7d7044c39e5303e0bc0c1dab5bbd2a85851ba823771448da9aa7359910934f6067e84b685a0d78a027f9ef23fc6fb451", 0x8f}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703ac00, 0x4, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x80000000, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000200)="88e6975023fe3793a2ce01ebdc46d433baf9b1af8ab1f73fc9dae3aaf64bb14b25511ad268f8f8ebe649ab47720040baec7f61d573a242f60092762262e64abb6c63cf920b9df4a9840b9eb2845a8246402156acf377e97ab146fdb7b507cd7d7044c39e5303e0bc0c1dab5bbd2a85851ba823771448da9aa7359910934f6067e84b685a0d78a027f9ef23fc6fb451", 0x8f}) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 336.874601] erofs: options -> [ 336.878525] erofs: root inode @ nid 36 [ 336.879379] erofs: unmounted for /dev/loop2 [ 336.889163] erofs: mounted on /dev/loop4 with opts: . [ 336.897897] erofs: root inode @ nid 36 [ 336.917390] erofs: mounted on /dev/loop1 with opts: . [ 336.935927] erofs: unmounted for /dev/loop1 23:45:52 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:52 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:52 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 15) [ 336.983937] erofs: read_super, device -> /dev/loop5 [ 336.989059] erofs: options -> [ 337.000487] erofs: cannot find valid erofs superblock [ 337.016743] erofs: unmounted for /dev/loop4 23:45:52 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703ac00, 0x4, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x80000000, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000200)="88e6975023fe3793a2ce01ebdc46d433baf9b1af8ab1f73fc9dae3aaf64bb14b25511ad268f8f8ebe649ab47720040baec7f61d573a242f60092762262e64abb6c63cf920b9df4a9840b9eb2845a8246402156acf377e97ab146fdb7b507cd7d7044c39e5303e0bc0c1dab5bbd2a85851ba823771448da9aa7359910934f6067e84b685a0d78a027f9ef23fc6fb451", 0x8f}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703ac00, 0x4, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x80000000, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000200)="88e6975023fe3793a2ce01ebdc46d433baf9b1af8ab1f73fc9dae3aaf64bb14b25511ad268f8f8ebe649ab47720040baec7f61d573a242f60092762262e64abb6c63cf920b9df4a9840b9eb2845a8246402156acf377e97ab146fdb7b507cd7d7044c39e5303e0bc0c1dab5bbd2a85851ba823771448da9aa7359910934f6067e84b685a0d78a027f9ef23fc6fb451", 0x8f}) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) 23:45:52 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 337.134228] erofs: read_super, device -> /dev/loop1 [ 337.134573] erofs: read_super, device -> /dev/loop3 [ 337.147221] erofs: options -> [ 337.153614] erofs: options -> [ 337.165872] erofs: root inode @ nid 36 [ 337.165901] erofs: read_super, device -> /dev/loop4 [ 337.186056] erofs: root inode @ nid 36 [ 337.192183] FAULT_INJECTION: forcing a failure. [ 337.192183] name failslab, interval 1, probability 0, space 0, times 0 [ 337.200286] erofs: mounted on /dev/loop1 with opts: . [ 337.206970] erofs: mounted on /dev/loop3 with opts: . [ 337.225235] erofs: options -> [ 337.237973] erofs: unmounted for /dev/loop1 [ 337.240349] CPU: 1 PID: 19981 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 337.250327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.259694] Call Trace: [ 337.262292] dump_stack+0x1fc/0x2ef [ 337.265916] should_fail.cold+0xa/0xf [ 337.269711] ? setup_fault_attr+0x200/0x200 [ 337.274032] ? lock_acquire+0x170/0x3c0 [ 337.277998] __should_failslab+0x115/0x180 [ 337.282237] should_failslab+0x5/0x10 [ 337.286136] kmem_cache_alloc+0x277/0x370 [ 337.290288] __kernfs_new_node+0xd2/0x680 [ 337.294434] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 337.299184] ? __mutex_unlock_slowpath+0xea/0x610 [ 337.304038] ? wait_for_completion_io+0x10/0x10 [ 337.308721] ? kernfs_next_descendant_post+0x19c/0x290 [ 337.314003] kernfs_new_node+0x92/0x120 [ 337.318078] __kernfs_create_file+0x51/0x340 [ 337.322478] sysfs_add_file_mode_ns+0x226/0x540 [ 337.327138] internal_create_group+0x355/0xb20 [ 337.331711] ? sysfs_remove_link_from_group+0x70/0x70 [ 337.336902] ? lock_downgrade+0x720/0x720 [ 337.341152] lo_ioctl+0xf7c/0x20e0 [ 337.344688] ? loop_set_status64+0x110/0x110 [ 337.349085] blkdev_ioctl+0x5cb/0x1a80 [ 337.352967] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 337.358314] ? blkpg_ioctl+0x9d0/0x9d0 [ 337.362187] ? mark_held_locks+0xf0/0xf0 [ 337.366237] ? mark_held_locks+0xf0/0xf0 [ 337.370397] ? debug_check_no_obj_freed+0x201/0x490 [ 337.375465] ? lock_downgrade+0x720/0x720 [ 337.379607] block_ioctl+0xe9/0x130 [ 337.383243] ? blkdev_fallocate+0x3f0/0x3f0 [ 337.387566] do_vfs_ioctl+0xcdb/0x12e0 [ 337.391457] ? lock_downgrade+0x720/0x720 [ 337.395623] ? check_preemption_disabled+0x41/0x280 [ 337.400635] ? ioctl_preallocate+0x200/0x200 [ 337.405055] ? __fget+0x356/0x510 [ 337.408505] ? do_dup2+0x450/0x450 [ 337.412037] ? do_sys_open+0x2bf/0x520 [ 337.415929] ksys_ioctl+0x9b/0xc0 [ 337.419370] __x64_sys_ioctl+0x6f/0xb0 [ 337.423245] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 337.427813] do_syscall_64+0xf9/0x620 [ 337.431752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 337.437734] RIP: 0033:0x7f865cea1ec7 [ 337.441440] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 337.460687] RSP: 002b:00007f865b7f5f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 337.468466] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 337.475806] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 23:45:52 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) syz_genetlink_get_family_id$nl80211(0x0, r2) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 337.483156] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b7f61d0 [ 337.490496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 337.497904] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 337.515925] erofs: root inode @ nid 36 [ 337.521384] erofs: unmounted for /dev/loop3 [ 337.530265] erofs: mounted on /dev/loop4 with opts: . 23:45:52 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:52 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 337.596610] erofs: read_super, device -> /dev/loop5 [ 337.609902] erofs: read_super, device -> /dev/loop2 [ 337.615749] erofs: options -> [ 337.619127] erofs: root inode @ nid 36 [ 337.623623] erofs: mounted on /dev/loop2 with opts: . [ 337.625823] erofs: options -> [ 337.629077] erofs: unmounted for /dev/loop2 [ 337.640275] erofs: cannot find valid erofs superblock [ 337.669429] erofs: unmounted for /dev/loop4 23:45:52 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:52 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:52 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 16) [ 337.816263] erofs: read_super, device -> /dev/loop3 [ 337.825887] erofs: options -> [ 337.830559] erofs: root inode @ nid 36 [ 337.843328] erofs: mounted on /dev/loop3 with opts: . [ 337.859330] erofs: read_super, device -> /dev/loop4 [ 337.916068] erofs: read_super, device -> /dev/loop1 [ 337.922311] erofs: options -> [ 337.926273] erofs: root inode @ nid 36 [ 337.930960] erofs: mounted on /dev/loop1 with opts: . [ 337.940887] erofs: unmounted for /dev/loop1 [ 337.954500] erofs: unmounted for /dev/loop3 [ 337.969564] erofs: options -> [ 337.982644] erofs: read_super, device -> /dev/loop5 [ 337.996772] erofs: options -> [ 338.002025] erofs: root inode @ nid 36 [ 338.002397] FAULT_INJECTION: forcing a failure. [ 338.002397] name failslab, interval 1, probability 0, space 0, times 0 23:45:53 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8303, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 338.017009] erofs: mounted on /dev/loop4 with opts: . [ 338.025348] erofs: cannot find valid erofs superblock [ 338.031846] CPU: 1 PID: 20035 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 338.040257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.049605] Call Trace: [ 338.052193] dump_stack+0x1fc/0x2ef [ 338.055824] should_fail.cold+0xa/0xf [ 338.059715] ? setup_fault_attr+0x200/0x200 [ 338.064033] ? lock_acquire+0x170/0x3c0 [ 338.068008] __should_failslab+0x115/0x180 [ 338.072252] should_failslab+0x5/0x10 [ 338.076151] kmem_cache_alloc+0x277/0x370 [ 338.080295] __kernfs_new_node+0xd2/0x680 [ 338.084435] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 338.089182] ? __mutex_unlock_slowpath+0xea/0x610 [ 338.094025] ? wait_for_completion_io+0x10/0x10 [ 338.098801] ? kernfs_next_descendant_post+0x19c/0x290 [ 338.104108] kernfs_new_node+0x92/0x120 [ 338.108076] __kernfs_create_file+0x51/0x340 [ 338.112490] sysfs_add_file_mode_ns+0x226/0x540 [ 338.117164] internal_create_group+0x355/0xb20 [ 338.121761] ? sysfs_remove_link_from_group+0x70/0x70 [ 338.126943] ? lock_downgrade+0x720/0x720 [ 338.131091] lo_ioctl+0xf7c/0x20e0 [ 338.134649] ? loop_set_status64+0x110/0x110 [ 338.139139] blkdev_ioctl+0x5cb/0x1a80 [ 338.143013] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.148445] ? blkpg_ioctl+0x9d0/0x9d0 [ 338.152325] ? mark_held_locks+0xf0/0xf0 [ 338.156408] ? mark_held_locks+0xf0/0xf0 [ 338.160483] ? debug_check_no_obj_freed+0x201/0x490 [ 338.165608] ? lock_downgrade+0x720/0x720 [ 338.169748] block_ioctl+0xe9/0x130 [ 338.173374] ? blkdev_fallocate+0x3f0/0x3f0 [ 338.177702] do_vfs_ioctl+0xcdb/0x12e0 [ 338.181600] ? lock_downgrade+0x720/0x720 [ 338.185748] ? check_preemption_disabled+0x41/0x280 [ 338.190782] ? ioctl_preallocate+0x200/0x200 [ 338.195193] ? __fget+0x356/0x510 [ 338.198635] ? do_dup2+0x450/0x450 [ 338.202169] ? do_sys_open+0x2bf/0x520 [ 338.206049] ksys_ioctl+0x9b/0xc0 [ 338.209496] __x64_sys_ioctl+0x6f/0xb0 [ 338.213389] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 338.217993] do_syscall_64+0xf9/0x620 [ 338.221894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.227079] RIP: 0033:0x7f865cea1ec7 [ 338.230781] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 338.249996] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.257694] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 338.264976] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 338.272367] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 338.279638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 338.286895] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 338.323104] erofs: read_super, device -> /dev/loop2 [ 338.328616] erofs: options -> [ 338.332665] erofs: root inode @ nid 36 [ 338.337150] erofs: mounted on /dev/loop2 with opts: . [ 338.343122] erofs: unmounted for /dev/loop2 23:45:53 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:53 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:53 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5cf9, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:53 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 17) 23:45:53 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async, rerun: 32) ptrace(0x10, r0) (async, rerun: 32) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, r2) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 338.417458] erofs: unmounted for /dev/loop4 [ 338.548142] erofs: read_super, device -> /dev/loop1 [ 338.553647] erofs: read_super, device -> /dev/loop5 [ 338.558905] erofs: options -> [ 338.562899] erofs: options -> [ 338.578371] erofs: root inode @ nid 36 [ 338.588727] erofs: blksize 1 isn't supported on this platform [ 338.605481] erofs: mounted on /dev/loop1 with opts: . [ 338.613507] erofs: read_super, device -> /dev/loop4 [ 338.631910] erofs: read_super, device -> /dev/loop3 [ 338.651445] erofs: options -> [ 338.669808] erofs: options -> [ 338.677645] erofs: unmounted for /dev/loop1 [ 338.678536] erofs: root inode @ nid 36 [ 338.690284] FAULT_INJECTION: forcing a failure. [ 338.690284] name failslab, interval 1, probability 0, space 0, times 0 [ 338.693729] erofs: root inode @ nid 36 [ 338.711327] erofs: mounted on /dev/loop4 with opts: . 23:45:53 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 338.715963] CPU: 1 PID: 20065 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 338.722785] erofs: mounted on /dev/loop3 with opts: . [ 338.724409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.724415] Call Trace: [ 338.724439] dump_stack+0x1fc/0x2ef [ 338.724460] should_fail.cold+0xa/0xf [ 338.724475] ? setup_fault_attr+0x200/0x200 [ 338.724495] ? lock_acquire+0x170/0x3c0 [ 338.730836] erofs: unmounted for /dev/loop3 [ 338.739030] __should_failslab+0x115/0x180 [ 338.739047] should_failslab+0x5/0x10 [ 338.739060] kmem_cache_alloc+0x277/0x370 [ 338.739078] __kernfs_new_node+0xd2/0x680 [ 338.739098] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 338.739116] ? __mutex_unlock_slowpath+0xea/0x610 [ 338.739131] ? wait_for_completion_io+0x10/0x10 [ 338.739146] ? kernfs_next_descendant_post+0x19c/0x290 [ 338.739165] kernfs_new_node+0x92/0x120 [ 338.739182] __kernfs_create_file+0x51/0x340 [ 338.739200] sysfs_add_file_mode_ns+0x226/0x540 [ 338.810719] internal_create_group+0x355/0xb20 [ 338.815310] ? sysfs_remove_link_from_group+0x70/0x70 [ 338.820499] ? lock_downgrade+0x720/0x720 [ 338.824647] lo_ioctl+0xf7c/0x20e0 [ 338.828197] ? loop_set_status64+0x110/0x110 [ 338.832602] blkdev_ioctl+0x5cb/0x1a80 [ 338.836483] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.841835] ? blkpg_ioctl+0x9d0/0x9d0 [ 338.845715] ? mark_held_locks+0xf0/0xf0 [ 338.849771] ? mark_held_locks+0xf0/0xf0 [ 338.853853] ? debug_check_no_obj_freed+0x201/0x490 [ 338.858861] ? lock_downgrade+0x720/0x720 [ 338.862999] block_ioctl+0xe9/0x130 [ 338.866611] ? blkdev_fallocate+0x3f0/0x3f0 [ 338.870931] do_vfs_ioctl+0xcdb/0x12e0 [ 338.874818] ? lock_downgrade+0x720/0x720 [ 338.878952] ? check_preemption_disabled+0x41/0x280 [ 338.883978] ? ioctl_preallocate+0x200/0x200 [ 338.888390] ? __fget+0x356/0x510 [ 338.891904] ? do_dup2+0x450/0x450 [ 338.895446] ? do_sys_open+0x2bf/0x520 [ 338.899327] ksys_ioctl+0x9b/0xc0 [ 338.902779] __x64_sys_ioctl+0x6f/0xb0 [ 338.906655] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 338.911233] do_syscall_64+0xf9/0x620 [ 338.915049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.920240] RIP: 0033:0x7f865cea1ec7 [ 338.923942] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 338.942833] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.950533] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 338.957958] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 338.965216] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 338.972478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 338.979736] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:54 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:54 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.023103] erofs: read_super, device -> /dev/loop2 [ 339.036186] erofs: options -> [ 339.041915] erofs: root inode @ nid 36 [ 339.051900] erofs: mounted on /dev/loop2 with opts: . [ 339.057923] erofs: unmounted for /dev/loop2 [ 339.063189] erofs: unmounted for /dev/loop4 23:45:54 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xedc0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.132150] erofs: read_super, device -> /dev/loop5 23:45:54 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 18) [ 339.165911] erofs: options -> [ 339.175265] erofs: blksize 1 isn't supported on this platform 23:45:54 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e", 0x8, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.293439] erofs: read_super, device -> /dev/loop4 [ 339.298479] erofs: options -> [ 339.302354] erofs: read_super, device -> /dev/loop3 [ 339.312807] erofs: options -> [ 339.316272] FAULT_INJECTION: forcing a failure. [ 339.316272] name failslab, interval 1, probability 0, space 0, times 0 [ 339.319330] erofs: root inode @ nid 36 [ 339.331392] CPU: 0 PID: 20093 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 339.339202] erofs: mounted on /dev/loop4 with opts: . [ 339.339618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.350114] erofs: root inode @ nid 36 [ 339.354137] Call Trace: [ 339.354160] dump_stack+0x1fc/0x2ef [ 339.354178] should_fail.cold+0xa/0xf [ 339.354195] ? setup_fault_attr+0x200/0x200 [ 339.354209] ? lock_acquire+0x170/0x3c0 [ 339.354228] __should_failslab+0x115/0x180 [ 339.354245] should_failslab+0x5/0x10 [ 339.354273] kmem_cache_alloc+0x277/0x370 [ 339.354292] __kernfs_new_node+0xd2/0x680 [ 339.354309] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 339.354327] ? __mutex_unlock_slowpath+0xea/0x610 [ 339.354342] ? wait_for_completion_io+0x10/0x10 [ 339.354356] ? kernfs_next_descendant_post+0x19c/0x290 [ 339.354376] kernfs_new_node+0x92/0x120 [ 339.361460] erofs: mounted on /dev/loop3 with opts: . [ 339.364448] __kernfs_create_file+0x51/0x340 [ 339.364469] sysfs_add_file_mode_ns+0x226/0x540 [ 339.364489] internal_create_group+0x355/0xb20 [ 339.364509] ? sysfs_remove_link_from_group+0x70/0x70 [ 339.364523] ? lock_downgrade+0x720/0x720 [ 339.364548] lo_ioctl+0xf7c/0x20e0 [ 339.364566] ? loop_set_status64+0x110/0x110 [ 339.364581] blkdev_ioctl+0x5cb/0x1a80 [ 339.364603] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 339.369738] erofs: unmounted for /dev/loop3 [ 339.372686] ? blkpg_ioctl+0x9d0/0x9d0 [ 339.372701] ? mark_held_locks+0xf0/0xf0 [ 339.372715] ? mark_held_locks+0xf0/0xf0 [ 339.372731] ? debug_check_no_obj_freed+0x201/0x490 [ 339.372749] ? lock_downgrade+0x720/0x720 [ 339.372764] block_ioctl+0xe9/0x130 [ 339.372776] ? blkdev_fallocate+0x3f0/0x3f0 [ 339.372791] do_vfs_ioctl+0xcdb/0x12e0 [ 339.372806] ? lock_downgrade+0x720/0x720 [ 339.372822] ? check_preemption_disabled+0x41/0x280 [ 339.372835] ? ioctl_preallocate+0x200/0x200 [ 339.372855] ? __fget+0x356/0x510 [ 339.515918] ? do_dup2+0x450/0x450 [ 339.519475] ? do_sys_open+0x2bf/0x520 [ 339.523351] ksys_ioctl+0x9b/0xc0 [ 339.526815] __x64_sys_ioctl+0x6f/0xb0 [ 339.530713] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 339.535385] do_syscall_64+0xf9/0x620 [ 339.539176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 339.544450] RIP: 0033:0x7f865cea1ec7 [ 339.548157] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 339.567345] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 339.575042] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 339.582306] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 339.589566] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 339.596848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 339.604107] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 339.630352] erofs: read_super, device -> /dev/loop1 23:45:54 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.647173] erofs: read_super, device -> /dev/loop2 [ 339.658725] erofs: options -> [ 339.665320] erofs: root inode @ nid 36 [ 339.669444] erofs: mounted on /dev/loop2 with opts: . [ 339.682544] erofs: unmounted for /dev/loop4 [ 339.687217] erofs: unmounted for /dev/loop2 23:45:54 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8503, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.697380] erofs: options -> [ 339.715747] erofs: root inode @ nid 36 [ 339.722520] erofs: mounted on /dev/loop1 with opts: . [ 339.728186] erofs: unmounted for /dev/loop1 23:45:54 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) sched_setparam(0x0, 0x0) (rerun: 32) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 32) symlinkat(0x0, 0xffffffffffffffff, 0x0) (rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async, rerun: 32) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async, rerun: 32) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, r2) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:45:54 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:54 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 19) [ 339.831278] erofs: read_super, device -> /dev/loop5 [ 339.836329] erofs: options -> [ 339.843340] erofs: blksize 1 isn't supported on this platform [ 339.859842] erofs: read_super, device -> /dev/loop3 [ 339.868356] erofs: options -> 23:45:54 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 339.882310] erofs: read_super, device -> /dev/loop4 [ 339.937540] erofs: root inode @ nid 36 [ 339.941159] FAULT_INJECTION: forcing a failure. [ 339.941159] name failslab, interval 1, probability 0, space 0, times 0 [ 339.949550] erofs: options -> [ 339.964383] erofs: mounted on /dev/loop3 with opts: . [ 339.972341] CPU: 1 PID: 20133 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 339.978783] erofs: root inode @ nid 36 [ 339.980335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.980340] Call Trace: [ 339.980372] dump_stack+0x1fc/0x2ef [ 339.980410] should_fail.cold+0xa/0xf [ 339.989765] erofs: unmounted for /dev/loop3 [ 339.993640] ? setup_fault_attr+0x200/0x200 [ 339.993658] ? lock_acquire+0x170/0x3c0 [ 339.993679] ? dev_uevent_filter+0xd0/0xd0 [ 339.993690] __should_failslab+0x115/0x180 [ 339.993705] should_failslab+0x5/0x10 [ 339.993718] kmem_cache_alloc_trace+0x284/0x380 [ 339.993733] ? dev_uevent_filter+0xd0/0xd0 [ 339.993747] kobject_uevent_env+0x236/0x1480 [ 339.993770] lo_ioctl+0xff9/0x20e0 [ 339.993788] ? loop_set_status64+0x110/0x110 [ 339.993802] blkdev_ioctl+0x5cb/0x1a80 [ 339.993817] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 339.993833] ? blkpg_ioctl+0x9d0/0x9d0 [ 340.007451] erofs: mounted on /dev/loop4 with opts: . [ 340.008264] ? mark_held_locks+0xf0/0xf0 [ 340.008281] ? mark_held_locks+0xf0/0xf0 [ 340.008302] ? debug_check_no_obj_freed+0x201/0x490 [ 340.081638] ? lock_downgrade+0x720/0x720 [ 340.085824] block_ioctl+0xe9/0x130 [ 340.089457] ? blkdev_fallocate+0x3f0/0x3f0 [ 340.093793] do_vfs_ioctl+0xcdb/0x12e0 [ 340.097698] ? lock_downgrade+0x720/0x720 [ 340.101870] ? check_preemption_disabled+0x41/0x280 [ 340.106898] ? ioctl_preallocate+0x200/0x200 [ 340.111322] ? __fget+0x356/0x510 [ 340.114784] ? do_dup2+0x450/0x450 [ 340.118505] ? do_sys_open+0x2bf/0x520 [ 340.122412] ksys_ioctl+0x9b/0xc0 [ 340.125882] __x64_sys_ioctl+0x6f/0xb0 [ 340.129777] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 340.134361] do_syscall_64+0xf9/0x620 [ 340.138162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.143351] RIP: 0033:0x7f865cea1ec7 [ 340.147062] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 340.165963] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.173680] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 340.180957] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 340.188317] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 340.196563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 340.203931] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:55 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x8}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r3, &(0x7f0000000140)={0xffffffffffffffff, r2, 0x4}) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x0, 0x40, 0x1, 0x6, 0x0, 0x8, 0x106, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_bp, 0x8021, 0x0, 0x5, 0x5, 0x8, 0x3, 0x0, 0x0, 0x9, 0x0, 0x9}, r0, 0x2, 0xffffffffffffffff, 0x9e78b6c14766b2ab) [ 340.273103] erofs: read_super, device -> /dev/loop2 23:45:55 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:55 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 340.317029] erofs: options -> [ 340.323864] erofs: unmounted for /dev/loop4 [ 340.328736] erofs: read_super, device -> /dev/loop5 [ 340.331340] erofs: read_super, device -> /dev/loop1 [ 340.334291] erofs: options -> [ 340.338832] erofs: options -> [ 340.355485] erofs: root inode @ nid 36 [ 340.360257] erofs: root inode @ nid 36 23:45:55 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 20) [ 340.367087] erofs: mounted on /dev/loop2 with opts: . [ 340.373511] erofs: mounted on /dev/loop1 with opts: . [ 340.374563] erofs: blksize 1 isn't supported on this platform [ 340.379045] erofs: unmounted for /dev/loop2 [ 340.390872] erofs: unmounted for /dev/loop1 23:45:55 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1fffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 340.545654] FAULT_INJECTION: forcing a failure. [ 340.545654] name failslab, interval 1, probability 0, space 0, times 0 [ 340.558661] CPU: 1 PID: 20187 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 340.566551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.575906] Call Trace: [ 340.578595] dump_stack+0x1fc/0x2ef [ 340.582215] should_fail.cold+0xa/0xf [ 340.586026] ? setup_fault_attr+0x200/0x200 [ 340.590459] ? lock_acquire+0x170/0x3c0 [ 340.594526] __should_failslab+0x115/0x180 [ 340.598765] should_failslab+0x5/0x10 [ 340.602556] kmem_cache_alloc_node+0x245/0x3b0 [ 340.607138] __alloc_skb+0x71/0x560 [ 340.610757] alloc_uevent_skb+0x7b/0x210 [ 340.614844] kobject_uevent_env+0xa90/0x1480 [ 340.619259] lo_ioctl+0xff9/0x20e0 [ 340.622803] ? loop_set_status64+0x110/0x110 [ 340.627221] blkdev_ioctl+0x5cb/0x1a80 [ 340.631123] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.636490] ? blkpg_ioctl+0x9d0/0x9d0 [ 340.640365] ? mark_held_locks+0xf0/0xf0 [ 340.644423] ? mark_held_locks+0xf0/0xf0 [ 340.648483] ? debug_check_no_obj_freed+0x201/0x490 [ 340.653507] ? lock_downgrade+0x720/0x720 [ 340.657658] block_ioctl+0xe9/0x130 [ 340.661295] ? blkdev_fallocate+0x3f0/0x3f0 [ 340.665626] do_vfs_ioctl+0xcdb/0x12e0 [ 340.669519] ? lock_downgrade+0x720/0x720 [ 340.673675] ? check_preemption_disabled+0x41/0x280 [ 340.678700] ? ioctl_preallocate+0x200/0x200 [ 340.683117] ? __fget+0x356/0x510 [ 340.686571] ? do_dup2+0x450/0x450 [ 340.690099] ? do_sys_open+0x2bf/0x520 [ 340.693992] ksys_ioctl+0x9b/0xc0 [ 340.697447] __x64_sys_ioctl+0x6f/0xb0 [ 340.701341] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 340.705945] do_syscall_64+0xf9/0x620 [ 340.709750] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.714937] RIP: 0033:0x7f865cea1ec7 [ 340.718650] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 340.737539] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.745244] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 340.752517] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 340.759798] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 340.767060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 340.774586] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 340.810372] erofs: read_super, device -> /dev/loop4 [ 340.815865] erofs: options -> [ 340.821250] erofs: read_super, device -> /dev/loop3 [ 340.824995] erofs: root inode @ nid 36 [ 340.826276] erofs: options -> [ 340.826329] erofs: root inode @ nid 36 [ 340.826410] erofs: mounted on /dev/loop3 with opts: . [ 340.826525] erofs: unmounted for /dev/loop3 [ 340.833381] erofs: mounted on /dev/loop4 with opts: . 23:45:55 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:55 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 340.855430] erofs: read_super, device -> /dev/loop2 [ 340.865463] erofs: read_super, device -> /dev/loop1 [ 340.870633] erofs: options -> [ 340.875948] erofs: root inode @ nid 36 [ 340.896157] erofs: unmounted for /dev/loop4 [ 340.896628] erofs: mounted on /dev/loop1 with opts: . [ 340.911714] erofs: options -> [ 340.919599] erofs: root inode @ nid 36 [ 340.924832] erofs: unmounted for /dev/loop1 [ 340.929486] erofs: mounted on /dev/loop2 with opts: . [ 340.938131] erofs: unmounted for /dev/loop2 23:45:56 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 21) 23:45:56 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc003, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:56 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.051289] erofs: read_super, device -> /dev/loop5 [ 341.068116] erofs: options -> [ 341.078653] erofs: blksize 1 isn't supported on this platform [ 341.101557] erofs: read_super, device -> /dev/loop4 23:45:56 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e01000000", 0xc, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.123589] erofs: options -> [ 341.137075] FAULT_INJECTION: forcing a failure. [ 341.137075] name failslab, interval 1, probability 0, space 0, times 0 [ 341.142454] erofs: root inode @ nid 36 [ 341.152753] CPU: 1 PID: 20216 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 341.160657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.170020] Call Trace: [ 341.172634] dump_stack+0x1fc/0x2ef [ 341.176282] should_fail.cold+0xa/0xf [ 341.180108] ? setup_fault_attr+0x200/0x200 [ 341.184454] ? lock_acquire+0x170/0x3c0 [ 341.188460] __should_failslab+0x115/0x180 [ 341.188997] erofs: mounted on /dev/loop4 with opts: . [ 341.192702] should_failslab+0x5/0x10 [ 341.192719] kmem_cache_alloc_node+0x245/0x3b0 [ 341.192738] __alloc_skb+0x71/0x560 [ 341.192756] alloc_uevent_skb+0x7b/0x210 [ 341.192773] kobject_uevent_env+0xa90/0x1480 [ 341.192798] lo_ioctl+0xff9/0x20e0 [ 341.192816] ? loop_set_status64+0x110/0x110 [ 341.192832] blkdev_ioctl+0x5cb/0x1a80 [ 341.192850] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.235765] ? blkpg_ioctl+0x9d0/0x9d0 [ 341.239668] ? mark_held_locks+0xf0/0xf0 [ 341.243736] ? mark_held_locks+0xf0/0xf0 [ 341.247946] ? debug_check_no_obj_freed+0x201/0x490 [ 341.252964] ? lock_downgrade+0x720/0x720 [ 341.257108] block_ioctl+0xe9/0x130 [ 341.260726] ? blkdev_fallocate+0x3f0/0x3f0 [ 341.265041] do_vfs_ioctl+0xcdb/0x12e0 [ 341.268922] ? lock_downgrade+0x720/0x720 [ 341.273083] ? check_preemption_disabled+0x41/0x280 [ 341.278239] ? ioctl_preallocate+0x200/0x200 [ 341.282655] ? __fget+0x356/0x510 [ 341.286125] ? do_dup2+0x450/0x450 [ 341.289786] ? do_sys_open+0x2bf/0x520 [ 341.293670] ksys_ioctl+0x9b/0xc0 [ 341.297120] __x64_sys_ioctl+0x6f/0xb0 [ 341.301004] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 341.305634] do_syscall_64+0xf9/0x620 [ 341.309428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.314611] RIP: 0033:0x7f865cea1ec7 [ 341.318321] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 341.337217] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.345173] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 341.352529] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 341.359811] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 341.367100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 23:45:56 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x8}, 0x10) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r3, &(0x7f0000000140)={0xffffffffffffffff, r2, 0x4}) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x0, 0x40, 0x1, 0x6, 0x0, 0x8, 0x106, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_bp, 0x8021, 0x0, 0x5, 0x5, 0x8, 0x3, 0x0, 0x0, 0x9, 0x0, 0x9}, r0, 0x2, 0xffffffffffffffff, 0x9e78b6c14766b2ab) 23:45:56 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3c9, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.374363] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 341.395568] erofs: read_super, device -> /dev/loop2 [ 341.414470] erofs: options -> [ 341.418278] erofs: unmounted for /dev/loop4 [ 341.422293] erofs: root inode @ nid 36 [ 341.431137] erofs: read_super, device -> /dev/loop3 [ 341.436179] erofs: options -> [ 341.439910] erofs: read_super, device -> /dev/loop1 [ 341.449690] erofs: options -> [ 341.457702] erofs: mounted on /dev/loop2 with opts: . [ 341.463470] erofs: root inode @ nid 36 [ 341.467611] erofs: root inode @ nid 36 [ 341.477469] erofs: mounted on /dev/loop3 with opts: . [ 341.497017] erofs: unmounted for /dev/loop2 [ 341.503283] erofs: mounted on /dev/loop1 with opts: . [ 341.516342] erofs: read_super, device -> /dev/loop5 23:45:56 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:56 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.526149] erofs: unmounted for /dev/loop1 [ 341.533898] erofs: options -> [ 341.534569] erofs: unmounted for /dev/loop3 [ 341.547459] erofs: blksize 1 isn't supported on this platform 23:45:56 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc103, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:56 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 22) 23:45:56 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3ca, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.619016] erofs: read_super, device -> /dev/loop4 [ 341.624426] erofs: options -> [ 341.630181] erofs: root inode @ nid 36 [ 341.639311] erofs: mounted on /dev/loop4 with opts: . 23:45:56 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 341.698008] erofs: unmounted for /dev/loop4 [ 341.709747] erofs: read_super, device -> /dev/loop5 [ 341.722785] erofs: options -> [ 341.728048] erofs: root inode @ nid 0 [ 341.733515] erofs: bogus i_mode (0) @ nid 0 [ 341.776335] erofs: read_super, device -> /dev/loop1 [ 341.786062] erofs: options -> [ 341.792011] FAULT_INJECTION: forcing a failure. [ 341.792011] name failslab, interval 1, probability 0, space 0, times 0 [ 341.801619] erofs: root inode @ nid 36 [ 341.804382] CPU: 0 PID: 20258 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 341.807741] erofs: mounted on /dev/loop1 with opts: . [ 341.815049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.815055] Call Trace: [ 341.815077] dump_stack+0x1fc/0x2ef [ 341.815094] should_fail.cold+0xa/0xf [ 341.815111] ? setup_fault_attr+0x200/0x200 [ 341.815125] ? lock_acquire+0x170/0x3c0 [ 341.815143] __should_failslab+0x115/0x180 [ 341.815159] should_failslab+0x5/0x10 [ 341.815173] kmem_cache_alloc+0x277/0x370 [ 341.815189] skb_clone+0x151/0x3d0 [ 341.815205] netlink_broadcast_filtered+0x8e5/0xbc0 [ 341.815226] netlink_broadcast+0x35/0x40 [ 341.815245] kobject_uevent_env+0xa56/0x1480 [ 341.815272] lo_ioctl+0xff9/0x20e0 [ 341.815291] ? loop_set_status64+0x110/0x110 [ 341.815307] blkdev_ioctl+0x5cb/0x1a80 [ 341.815321] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.815336] ? blkpg_ioctl+0x9d0/0x9d0 [ 341.833001] erofs: unmounted for /dev/loop1 [ 341.836043] ? mark_held_locks+0xf0/0xf0 [ 341.836056] ? mark_held_locks+0xf0/0xf0 [ 341.836074] ? debug_check_no_obj_freed+0x201/0x490 [ 341.915974] ? lock_downgrade+0x720/0x720 [ 341.920106] block_ioctl+0xe9/0x130 [ 341.923715] ? blkdev_fallocate+0x3f0/0x3f0 [ 341.928023] do_vfs_ioctl+0xcdb/0x12e0 [ 341.931898] ? lock_downgrade+0x720/0x720 [ 341.936033] ? check_preemption_disabled+0x41/0x280 [ 341.941045] ? ioctl_preallocate+0x200/0x200 [ 341.945441] ? __fget+0x356/0x510 [ 341.948877] ? do_dup2+0x450/0x450 [ 341.952401] ? do_sys_open+0x2bf/0x520 [ 341.956284] ksys_ioctl+0x9b/0xc0 [ 341.959724] __x64_sys_ioctl+0x6f/0xb0 [ 341.963951] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 341.968542] do_syscall_64+0xf9/0x620 [ 341.972365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.977642] RIP: 0033:0x7f865cea1ec7 [ 341.981340] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 342.000229] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 342.007934] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 342.015195] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 342.022465] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 342.029723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 342.036984] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:45:57 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cb, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 342.097519] erofs: read_super, device -> /dev/loop3 [ 342.102603] erofs: read_super, device -> /dev/loop2 [ 342.102611] erofs: options -> [ 342.102664] erofs: root inode @ nid 36 [ 342.102739] erofs: mounted on /dev/loop2 with opts: . [ 342.102840] erofs: unmounted for /dev/loop2 [ 342.108094] erofs: read_super, device -> /dev/loop4 [ 342.108102] erofs: options -> [ 342.108155] erofs: root inode @ nid 36 [ 342.108235] erofs: mounted on /dev/loop4 with opts: . [ 342.108783] erofs: options -> 23:45:57 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 342.159795] erofs: root inode @ nid 36 [ 342.163960] erofs: unmounted for /dev/loop4 [ 342.170301] erofs: mounted on /dev/loop3 with opts: . [ 342.179755] erofs: read_super, device -> /dev/loop5 [ 342.182996] erofs: unmounted for /dev/loop3 [ 342.207008] erofs: options -> [ 342.212193] erofs: root inode @ nid 0 [ 342.216440] erofs: bogus i_mode (0) @ nid 0 23:45:57 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:57 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc203, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 342.333708] erofs: read_super, device -> /dev/loop4 [ 342.338755] erofs: options -> [ 342.378696] erofs: root inode @ nid 36 [ 342.384516] erofs: mounted on /dev/loop4 with opts: . [ 342.429120] erofs: read_super, device -> /dev/loop3 [ 342.434961] erofs: unmounted for /dev/loop4 [ 342.440276] erofs: options -> [ 342.445684] erofs: root inode @ nid 36 [ 342.449776] erofs: mounted on /dev/loop3 with opts: . [ 342.456120] erofs: unmounted for /dev/loop3 [ 342.463108] erofs: read_super, device -> /dev/loop1 [ 342.468145] erofs: options -> [ 342.496549] erofs: root inode @ nid 36 [ 342.509037] erofs: mounted on /dev/loop1 with opts: . [ 342.516610] erofs: unmounted for /dev/loop1 23:45:59 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async, rerun: 32) r1 = gettid() (rerun: 32) r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async, rerun: 64) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (rerun: 64) sendfile(r3, r4, 0x0, 0x20000000d67) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x8}, 0x10) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r3, &(0x7f0000000140)={0xffffffffffffffff, r2, 0x4}) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x0, 0x40, 0x1, 0x6, 0x0, 0x8, 0x106, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_bp, 0x8021, 0x0, 0x5, 0x5, 0x8, 0x3, 0x0, 0x0, 0x9, 0x0, 0x9}, r0, 0x2, 0xffffffffffffffff, 0x9e78b6c14766b2ab) 23:45:59 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:59 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 23) 23:45:59 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cc, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:59 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc303, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:59 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 344.524295] erofs: read_super, device -> /dev/loop4 [ 344.547347] erofs: read_super, device -> /dev/loop3 [ 344.552246] erofs: options -> [ 344.559297] erofs: options -> [ 344.568957] erofs: read_super, device -> /dev/loop5 [ 344.574229] erofs: root inode @ nid 36 [ 344.574425] erofs: mounted on /dev/loop3 with opts: . [ 344.585292] erofs: options -> [ 344.589726] FAULT_INJECTION: forcing a failure. [ 344.589726] name failslab, interval 1, probability 0, space 0, times 0 [ 344.589978] erofs: root inode @ nid 36 [ 344.601221] CPU: 1 PID: 20323 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 344.601234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.615647] erofs: root inode @ nid 0 [ 344.622529] Call Trace: [ 344.622555] dump_stack+0x1fc/0x2ef [ 344.622576] should_fail.cold+0xa/0xf [ 344.622598] ? setup_fault_attr+0x200/0x200 [ 344.622612] ? lock_acquire+0x170/0x3c0 [ 344.622632] __should_failslab+0x115/0x180 [ 344.622648] should_failslab+0x5/0x10 [ 344.622662] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 344.622679] __kmalloc_node_track_caller+0x38/0x70 [ 344.622696] __alloc_skb+0xae/0x560 [ 344.622715] alloc_uevent_skb+0x7b/0x210 [ 344.622733] kobject_uevent_env+0xa90/0x1480 [ 344.622756] lo_ioctl+0xff9/0x20e0 [ 344.643189] erofs: unmounted for /dev/loop3 [ 344.644899] ? loop_set_status64+0x110/0x110 [ 344.644918] blkdev_ioctl+0x5cb/0x1a80 [ 344.644933] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.644948] ? blkpg_ioctl+0x9d0/0x9d0 [ 344.654947] erofs: bogus i_mode (0) @ nid 0 [ 344.658061] ? mark_held_locks+0xf0/0xf0 [ 344.658078] ? mark_held_locks+0xf0/0xf0 [ 344.658098] ? debug_check_no_obj_freed+0x201/0x490 [ 344.658114] ? lock_downgrade+0x720/0x720 [ 344.666738] erofs: mounted on /dev/loop4 with opts: . [ 344.670706] block_ioctl+0xe9/0x130 [ 344.670719] ? blkdev_fallocate+0x3f0/0x3f0 [ 344.670735] do_vfs_ioctl+0xcdb/0x12e0 [ 344.670750] ? lock_downgrade+0x720/0x720 [ 344.670766] ? check_preemption_disabled+0x41/0x280 [ 344.670779] ? ioctl_preallocate+0x200/0x200 [ 344.670796] ? __fget+0x356/0x510 [ 344.670809] ? do_dup2+0x450/0x450 [ 344.670824] ? do_sys_open+0x2bf/0x520 [ 344.670843] ksys_ioctl+0x9b/0xc0 [ 344.670856] __x64_sys_ioctl+0x6f/0xb0 [ 344.670871] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 344.776033] do_syscall_64+0xf9/0x620 [ 344.779840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.785027] RIP: 0033:0x7f865cea1ec7 [ 344.788739] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 344.807635] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 344.815343] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 344.822610] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 344.829895] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 344.837174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 344.844437] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 344.875036] erofs: read_super, device -> /dev/loop2 [ 344.891133] erofs: read_super, device -> /dev/loop1 [ 344.912968] erofs: options -> [ 344.920217] erofs: options -> 23:45:59 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3cd, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:59 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:45:59 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc403, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 344.930326] erofs: root inode @ nid 36 [ 344.934377] erofs: unmounted for /dev/loop4 [ 344.936614] erofs: root inode @ nid 36 [ 344.957881] erofs: mounted on /dev/loop2 with opts: . [ 344.966493] erofs: mounted on /dev/loop1 with opts: . [ 344.968424] erofs: unmounted for /dev/loop2 [ 344.978126] erofs: unmounted for /dev/loop1 23:46:00 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 24) 23:46:00 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 345.093620] erofs: read_super, device -> /dev/loop5 [ 345.094341] erofs: read_super, device -> /dev/loop3 [ 345.104201] erofs: options -> [ 345.107588] erofs: root inode @ nid 36 [ 345.116725] erofs: read_super, device -> /dev/loop4 [ 345.127422] erofs: mounted on /dev/loop5 with opts: . [ 345.132882] erofs: options -> [ 345.150265] erofs: unmounted for /dev/loop5 [ 345.150270] erofs: root inode @ nid 36 [ 345.150408] erofs: mounted on /dev/loop3 with opts: . [ 345.167109] erofs: options -> [ 345.174124] erofs: root inode @ nid 36 [ 345.179445] erofs: mounted on /dev/loop4 with opts: . [ 345.182737] erofs: unmounted for /dev/loop3 [ 345.202227] FAULT_INJECTION: forcing a failure. [ 345.202227] name failslab, interval 1, probability 0, space 0, times 0 [ 345.214193] CPU: 1 PID: 20358 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 345.222089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.231460] Call Trace: [ 345.234065] dump_stack+0x1fc/0x2ef [ 345.237710] should_fail.cold+0xa/0xf [ 345.241529] ? setup_fault_attr+0x200/0x200 [ 345.245860] ? lock_acquire+0x170/0x3c0 [ 345.249840] __should_failslab+0x115/0x180 [ 345.254084] should_failslab+0x5/0x10 [ 345.257893] kmem_cache_alloc_trace+0x284/0x380 [ 345.262562] ? wait_for_completion_io+0x10/0x10 [ 345.267225] ? kobj_ns_initial+0x90/0x90 [ 345.271287] call_usermodehelper_setup+0x84/0x300 [ 345.276145] kobject_uevent_env+0xe83/0x1480 [ 345.280564] lo_ioctl+0xff9/0x20e0 [ 345.284102] ? loop_set_status64+0x110/0x110 [ 345.288501] blkdev_ioctl+0x5cb/0x1a80 [ 345.292395] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.297777] ? blkpg_ioctl+0x9d0/0x9d0 [ 345.301663] ? mark_held_locks+0xf0/0xf0 [ 345.305713] ? mark_held_locks+0xf0/0xf0 [ 345.309785] ? debug_check_no_obj_freed+0x201/0x490 [ 345.314818] ? lock_downgrade+0x720/0x720 [ 345.318984] block_ioctl+0xe9/0x130 [ 345.322616] ? blkdev_fallocate+0x3f0/0x3f0 [ 345.326929] do_vfs_ioctl+0xcdb/0x12e0 [ 345.330827] ? lock_downgrade+0x720/0x720 [ 345.334978] ? check_preemption_disabled+0x41/0x280 [ 345.340006] ? ioctl_preallocate+0x200/0x200 [ 345.344408] ? __fget+0x356/0x510 [ 345.347851] ? do_dup2+0x450/0x450 [ 345.351389] ? do_sys_open+0x2bf/0x520 [ 345.355278] ksys_ioctl+0x9b/0xc0 [ 345.358749] __x64_sys_ioctl+0x6f/0xb0 [ 345.362653] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 345.367246] do_syscall_64+0xf9/0x620 [ 345.371056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.376250] RIP: 0033:0x7f865cea1ec7 [ 345.379978] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 345.398885] RSP: 002b:00007f865b816f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 345.406606] RAX: ffffffffffffffda RBX: 00007f865ceeba20 RCX: 00007f865cea1ec7 [ 345.413922] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 345.421288] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f865b8171d0 [ 345.428565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 345.435847] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:00 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3ce, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 345.461072] erofs: read_super, device -> /dev/loop1 [ 345.466748] erofs: read_super, device -> /dev/loop2 [ 345.475189] erofs: options -> [ 345.478812] erofs: options -> [ 345.483250] erofs: root inode @ nid 36 [ 345.488825] erofs: root inode @ nid 36 [ 345.494163] erofs: mounted on /dev/loop1 with opts: . [ 345.500443] erofs: mounted on /dev/loop2 with opts: . [ 345.506622] erofs: unmounted for /dev/loop4 [ 345.507093] erofs: unmounted for /dev/loop1 [ 345.517045] erofs: unmounted for /dev/loop2 23:46:00 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:00 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc503, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:00 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = getpgid(r0) ptrace$getregset(0x4204, r1, 0x3, &(0x7f0000001200)={&(0x7f0000000200)=""/4096, 0x1000}) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x0, 0xc17, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) 23:46:00 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:00 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 25) [ 345.606671] erofs: read_super, device -> /dev/loop4 [ 345.611937] erofs: options -> [ 345.615523] erofs: root inode @ nid 36 [ 345.620002] erofs: mounted on /dev/loop4 with opts: . 23:46:00 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 345.657032] erofs: read_super, device -> /dev/loop5 [ 345.665235] erofs: read_super, device -> /dev/loop3 [ 345.668164] erofs: options -> [ 345.675703] erofs: unmounted for /dev/loop4 [ 345.677962] erofs: options -> [ 345.695208] erofs: root inode @ nid 0 [ 345.697815] erofs: root inode @ nid 36 [ 345.700502] erofs: bogus i_mode (0) @ nid 0 [ 345.706703] erofs: mounted on /dev/loop3 with opts: . [ 345.716499] erofs: unmounted for /dev/loop3 [ 345.728855] FAULT_INJECTION: forcing a failure. [ 345.728855] name failslab, interval 1, probability 0, space 0, times 0 [ 345.744925] CPU: 1 PID: 20386 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 345.752825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.762189] Call Trace: [ 345.764789] dump_stack+0x1fc/0x2ef [ 345.768411] should_fail.cold+0xa/0xf [ 345.772203] ? setup_fault_attr+0x200/0x200 [ 345.776512] ? lock_acquire+0x170/0x3c0 [ 345.780476] __should_failslab+0x115/0x180 [ 345.784711] should_failslab+0x5/0x10 [ 345.788509] kmem_cache_alloc+0x277/0x370 [ 345.792651] getname_flags+0xce/0x590 [ 345.796566] do_mkdirat+0x8d/0x2d0 [ 345.800091] ? __ia32_sys_mknod+0x120/0x120 [ 345.804430] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 345.809856] ? trace_hardirqs_off_caller+0x6e/0x210 [ 345.814880] ? do_syscall_64+0x21/0x620 [ 345.818852] do_syscall_64+0xf9/0x620 [ 345.822658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.827926] RIP: 0033:0x7f865cea1217 [ 345.831694] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 345.850592] RSP: 002b:00007f865b816f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 345.858300] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea1217 [ 345.865574] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 345.872847] RBP: 00007f865b8171d0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 345.880112] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 345.887376] R13: 0000000020000100 R14: 00007f865b816fe0 R15: 0000000020010a00 [ 345.907575] erofs: read_super, device -> /dev/loop1 [ 345.913264] erofs: options -> [ 345.917027] erofs: root inode @ nid 36 [ 345.922106] erofs: mounted on /dev/loop1 with opts: . [ 345.927759] erofs: unmounted for /dev/loop1 [ 345.933180] erofs: read_super, device -> /dev/loop2 [ 345.939953] erofs: options -> [ 345.950080] erofs: root inode @ nid 36 23:46:01 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:01 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc603, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 345.954468] erofs: read_super, device -> /dev/loop4 [ 345.967167] erofs: options -> [ 345.978114] erofs: mounted on /dev/loop2 with opts: . [ 345.986181] erofs: unmounted for /dev/loop2 [ 345.991933] erofs: root inode @ nid 36 [ 345.997292] erofs: mounted on /dev/loop4 with opts: . 23:46:01 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 26) 23:46:01 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x600, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:01 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.043654] erofs: unmounted for /dev/loop4 [ 346.092314] erofs: read_super, device -> /dev/loop5 [ 346.097479] erofs: options -> [ 346.103330] erofs: read_super, device -> /dev/loop3 [ 346.109035] erofs: options -> [ 346.115459] erofs: root inode @ nid 0 [ 346.120307] erofs: bogus i_mode (0) @ nid 0 [ 346.130204] FAULT_INJECTION: forcing a failure. [ 346.130204] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.135378] erofs: root inode @ nid 36 [ 346.142031] CPU: 1 PID: 20423 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 346.142048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.142053] Call Trace: [ 346.142079] dump_stack+0x1fc/0x2ef [ 346.142099] should_fail.cold+0xa/0xf [ 346.142119] ? setup_fault_attr+0x200/0x200 [ 346.142133] ? wake_up_q+0x93/0xe0 [ 346.142148] ? __mutex_unlock_slowpath+0x2be/0x610 [ 346.142164] __alloc_pages_nodemask+0x239/0x2890 [ 346.142186] ? __lock_acquire+0x6de/0x3ff0 [ 346.142205] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 346.142218] ? blkdev_ioctl+0x11a/0x1a80 [ 346.142231] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 346.142245] ? blkpg_ioctl+0x9d0/0x9d0 [ 346.174937] erofs: mounted on /dev/loop3 with opts: . [ 346.177705] ? debug_check_no_obj_freed+0x201/0x490 [ 346.177724] ? lock_downgrade+0x720/0x720 [ 346.177743] cache_grow_begin+0xa4/0x8a0 [ 346.194896] erofs: unmounted for /dev/loop3 [ 346.195374] ? setup_fault_attr+0x200/0x200 [ 346.240635] ? lock_acquire+0x170/0x3c0 [ 346.244650] cache_alloc_refill+0x273/0x340 [ 346.248981] kmem_cache_alloc+0x346/0x370 [ 346.253129] getname_flags+0xce/0x590 [ 346.256930] do_mkdirat+0x8d/0x2d0 [ 346.260472] ? __ia32_sys_mknod+0x120/0x120 [ 346.264798] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 346.270179] ? trace_hardirqs_off_caller+0x6e/0x210 [ 346.275315] ? do_syscall_64+0x21/0x620 [ 346.279307] do_syscall_64+0xf9/0x620 [ 346.283128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 346.288319] RIP: 0033:0x7f865cea1217 [ 346.292037] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 346.310958] RSP: 002b:00007f865b816f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 346.318670] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea1217 [ 346.326107] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 346.333381] RBP: 00007f865b8171d0 R08: 0000000000000000 R09: 00007f865b8171d0 [ 346.340653] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 346.348010] R13: 0000000020000100 R14: 00007f865b816fe0 R15: 0000000020010a00 [ 346.391595] erofs: read_super, device -> /dev/loop4 [ 346.397040] erofs: read_super, device -> /dev/loop2 [ 346.397044] erofs: read_super, device -> /dev/loop1 [ 346.397054] erofs: options -> [ 346.428651] erofs: options -> [ 346.435710] erofs: options -> 23:46:01 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c00", 0xe, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.452505] erofs: root inode @ nid 36 23:46:01 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) r1 = getpgid(r0) ptrace$getregset(0x4204, r1, 0x3, &(0x7f0000001200)={&(0x7f0000000200)=""/4096, 0x1000}) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x0, 0xc17, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) 23:46:01 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc703, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.491583] erofs: root inode @ nid 36 [ 346.497107] erofs: mounted on /dev/loop4 with opts: . [ 346.507843] erofs: root inode @ nid 36 [ 346.522713] erofs: mounted on /dev/loop2 with opts: . 23:46:01 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.546680] erofs: mounted on /dev/loop1 with opts: . [ 346.565561] erofs: unmounted for /dev/loop2 [ 346.573428] erofs: unmounted for /dev/loop4 [ 346.573699] erofs: unmounted for /dev/loop1 [ 346.584978] erofs: read_super, device -> /dev/loop5 [ 346.585657] erofs: read_super, device -> /dev/loop3 23:46:01 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.604712] erofs: options -> [ 346.606721] erofs: options -> [ 346.621756] erofs: root inode @ nid 36 [ 346.633053] erofs: mounted on /dev/loop3 with opts: . [ 346.635419] erofs: root inode @ nid 0 [ 346.640013] erofs: unmounted for /dev/loop3 [ 346.655856] erofs: bogus i_mode (0) @ nid 0 23:46:01 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc803, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:01 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 27) 23:46:01 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.790872] erofs: read_super, device -> /dev/loop4 [ 346.796038] erofs: options -> [ 346.801232] erofs: read_super, device -> /dev/loop1 [ 346.819150] erofs: root inode @ nid 36 [ 346.825968] erofs: options -> [ 346.829678] erofs: root inode @ nid 36 [ 346.840020] erofs: mounted on /dev/loop1 with opts: . [ 346.849784] erofs: mounted on /dev/loop4 with opts: . [ 346.875213] erofs: unmounted for /dev/loop1 [ 346.883702] FAULT_INJECTION: forcing a failure. [ 346.883702] name failslab, interval 1, probability 0, space 0, times 0 [ 346.899301] CPU: 0 PID: 20469 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 [ 346.907209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.916663] Call Trace: [ 346.918707] erofs: read_super, device -> /dev/loop3 [ 346.919351] dump_stack+0x1fc/0x2ef [ 346.927981] should_fail.cold+0xa/0xf [ 346.931809] ? setup_fault_attr+0x200/0x200 [ 346.936149] ? lock_acquire+0x170/0x3c0 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 28) [ 346.940135] __should_failslab+0x115/0x180 [ 346.943700] erofs: read_super, device -> /dev/loop5 [ 346.944378] should_failslab+0x5/0x10 [ 346.944395] __kmalloc_track_caller+0x2a6/0x3c0 [ 346.944410] ? strndup_user+0x70/0x120 [ 346.944428] memdup_user+0x22/0xb0 [ 346.944443] strndup_user+0x70/0x120 [ 346.944460] ksys_mount+0x34/0x130 [ 346.944476] __x64_sys_mount+0xba/0x150 [ 346.944492] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 346.944507] do_syscall_64+0xf9/0x620 [ 346.944526] entry_SYSCALL_64_after_hwframe+0x49/0xbe 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.944538] RIP: 0033:0x7f865cea363a [ 346.944557] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 346.949666] erofs: options -> [ 346.953336] RSP: 002b:00007f865b816f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 346.953348] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f865cea363a [ 346.953356] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f865b816fe0 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 346.953362] RBP: 00007f865b817020 R08: 00007f865b817020 R09: 0000000020000000 [ 346.953369] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 346.953376] R13: 0000000020000100 R14: 00007f865b816fe0 R15: 0000000020010a00 [ 347.086748] erofs: unmounted for /dev/loop4 [ 347.091250] erofs: options -> [ 347.091313] erofs: root inode @ nid 36 [ 347.091391] erofs: mounted on /dev/loop3 with opts: . [ 347.109685] erofs: cannot find valid erofs superblock [ 347.110740] erofs: unmounted for /dev/loop3 [ 347.279200] erofs: read_super, device -> /dev/loop1 [ 347.290999] erofs: options -> [ 347.298262] erofs: root inode @ nid 36 [ 347.309798] erofs: mounted on /dev/loop1 with opts: . 23:46:02 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = getpgid(r0) ptrace$getregset(0x4204, r1, 0x3, &(0x7f0000001200)={&(0x7f0000000200)=""/4096, 0x1000}) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x0, 0xc17, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) getpgid(r0) (async) ptrace$getregset(0x4204, r1, 0x3, &(0x7f0000001200)={&(0x7f0000000200)=""/4096, 0x1000}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r2, r3, 0x0, 0x20000000d67) (async) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x0, 0xc17, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) (async) 23:46:02 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x900, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc903, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.357046] erofs: unmounted for /dev/loop1 [ 347.423621] erofs: read_super, device -> /dev/loop4 [ 347.428671] erofs: options -> [ 347.438196] erofs: read_super, device -> /dev/loop3 [ 347.443996] erofs: options -> [ 347.451062] erofs: root inode @ nid 36 [ 347.452372] erofs: read_super, device -> /dev/loop2 [ 347.462966] erofs: read_super, device -> /dev/loop5 23:46:02 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.478725] erofs: mounted on /dev/loop3 with opts: . [ 347.480659] erofs: options -> [ 347.487714] erofs: options -> [ 347.495276] erofs: unmounted for /dev/loop3 [ 347.510337] erofs: root inode @ nid 36 [ 347.512958] erofs: root inode @ nid 36 [ 347.516245] erofs: cannot find valid erofs superblock [ 347.519718] erofs: mounted on /dev/loop2 with opts: . [ 347.529771] erofs: unmounted for /dev/loop2 [ 347.537933] erofs: mounted on /dev/loop4 with opts: . 23:46:02 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xca03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.616746] erofs: read_super, device -> /dev/loop1 [ 347.632842] erofs: options -> [ 347.645924] erofs: root inode @ nid 36 23:46:02 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.666008] erofs: unmounted for /dev/loop4 [ 347.687795] erofs: mounted on /dev/loop1 with opts: . [ 347.694610] erofs: unmounted for /dev/loop1 23:46:02 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x83030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.762188] erofs: read_super, device -> /dev/loop3 [ 347.767930] erofs: options -> [ 347.774639] erofs: read_super, device -> /dev/loop4 [ 347.779798] erofs: options -> [ 347.790600] erofs: root inode @ nid 36 [ 347.791036] erofs: root inode @ nid 36 [ 347.797017] erofs: mounted on /dev/loop3 with opts: . [ 347.807156] erofs: read_super, device -> /dev/loop5 23:46:02 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) [ 347.807945] erofs: read_super, device -> /dev/loop2 [ 347.817546] erofs: options -> [ 347.817911] erofs: options -> [ 347.821195] erofs: cannot find valid erofs superblock [ 347.836856] erofs: root inode @ nid 36 [ 347.843291] erofs: unmounted for /dev/loop3 [ 347.848793] erofs: mounted on /dev/loop4 with opts: . [ 347.853873] erofs: mounted on /dev/loop2 with opts: . [ 347.859996] erofs: unmounted for /dev/loop2 23:46:02 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x4) 23:46:02 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:02 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.915302] erofs: unmounted for /dev/loop4 23:46:03 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) 23:46:03 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcb03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 347.959164] erofs: read_super, device -> /dev/loop1 [ 347.976260] erofs: options -> [ 348.010010] erofs: root inode @ nid 36 [ 348.017726] erofs: mounted on /dev/loop1 with opts: . [ 348.026696] erofs: unmounted for /dev/loop1 [ 348.032547] erofs: read_super, device -> /dev/loop4 [ 348.033071] erofs: read_super, device -> /dev/loop2 [ 348.043250] erofs: options -> [ 348.052217] erofs: root inode @ nid 36 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 64) pipe2(0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r1 = openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x4) 23:46:03 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.062729] erofs: options -> [ 348.064668] erofs: mounted on /dev/loop2 with opts: . [ 348.078589] erofs: root inode @ nid 36 [ 348.079818] erofs: unmounted for /dev/loop2 [ 348.088289] erofs: mounted on /dev/loop4 with opts: . 23:46:03 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, 0x0) 23:46:03 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.151652] erofs: read_super, device -> /dev/loop3 [ 348.161157] erofs: options -> [ 348.165354] erofs: root inode @ nid 36 [ 348.179905] erofs: mounted on /dev/loop3 with opts: . [ 348.187007] erofs: unmounted for /dev/loop4 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x4) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x4) (async) [ 348.199181] erofs: read_super, device -> /dev/loop1 [ 348.202092] erofs: unmounted for /dev/loop3 [ 348.207630] erofs: options -> [ 348.214266] erofs: root inode @ nid 36 [ 348.219670] erofs: mounted on /dev/loop1 with opts: . [ 348.234181] erofs: unmounted for /dev/loop1 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = gettid() r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x311280, 0x0) readv(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f0000000480)=""/219, 0xdb}], 0x2) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) ptrace$peeksig(0x4209, r2, &(0x7f0000000000)={0x4, 0x0, 0x5}, &(0x7f0000000200)=[{}, {}, {}, {}, {}]) [ 348.338947] erofs: read_super, device -> /dev/loop2 23:46:03 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcc03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.365453] erofs: options -> [ 348.393293] erofs: root inode @ nid 36 [ 348.400279] erofs: read_super, device -> /dev/loop4 [ 348.408306] erofs: mounted on /dev/loop2 with opts: . [ 348.426784] erofs: unmounted for /dev/loop2 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) r2 = gettid() r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x311280, 0x0) readv(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f0000000480)=""/219, 0xdb}], 0x2) (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) ptrace$peeksig(0x4209, r2, &(0x7f0000000000)={0x4, 0x0, 0x5}, &(0x7f0000000200)=[{}, {}, {}, {}, {}]) [ 348.440254] erofs: read_super, device -> /dev/loop3 [ 348.446098] erofs: options -> [ 348.452436] erofs: root inode @ nid 36 [ 348.454076] erofs: options -> [ 348.457668] erofs: mounted on /dev/loop3 with opts: . [ 348.468441] erofs: root inode @ nid 36 [ 348.472145] erofs: unmounted for /dev/loop3 [ 348.477527] erofs: mounted on /dev/loop4 with opts: . [ 348.485007] erofs: read_super, device -> /dev/loop1 [ 348.490173] erofs: options -> [ 348.494761] erofs: root inode @ nid 36 [ 348.498972] erofs: mounted on /dev/loop1 with opts: . [ 348.504942] erofs: unmounted for /dev/loop1 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async, rerun: 32) r2 = gettid() r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x311280, 0x0) readv(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f0000000480)=""/219, 0xdb}], 0x2) (async, rerun: 32) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async, rerun: 32) ptrace$peeksig(0x4209, r2, &(0x7f0000000000)={0x4, 0x0, 0x5}, &(0x7f0000000200)=[{}, {}, {}, {}, {}]) 23:46:03 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 5: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.585620] erofs: unmounted for /dev/loop4 23:46:03 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcd03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.652575] erofs: read_super, device -> /dev/loop2 [ 348.658026] erofs: options -> [ 348.662944] erofs: root inode @ nid 36 [ 348.669504] erofs: mounted on /dev/loop2 with opts: . [ 348.684534] erofs: unmounted for /dev/loop2 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x14102, 0x82) [ 348.705757] erofs: read_super, device -> /dev/loop4 [ 348.711330] erofs: options -> [ 348.717164] erofs: root inode @ nid 36 [ 348.722938] erofs: mounted on /dev/loop4 with opts: . 23:46:03 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:03 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.768645] erofs: read_super, device -> /dev/loop5 [ 348.768774] erofs: read_super, device -> /dev/loop3 [ 348.782010] erofs: options -> [ 348.785549] erofs: options -> [ 348.791400] erofs: unmounted for /dev/loop4 [ 348.796451] erofs: root inode @ nid 36 [ 348.803342] erofs: mounted on /dev/loop5 with opts: . [ 348.810894] erofs: root inode @ nid 36 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x14102, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x14102, 0x82) (async) 23:46:03 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x14102, 0x82) [ 348.818798] erofs: mounted on /dev/loop3 with opts: . [ 348.828985] erofs: unmounted for /dev/loop3 [ 348.899265] erofs: read_super, device -> /dev/loop1 [ 348.900538] erofs: read_super, device -> /dev/loop4 [ 348.909402] erofs: options -> [ 348.912489] erofs: options -> [ 348.920488] erofs: root inode @ nid 36 [ 348.940864] erofs: mounted on /dev/loop4 with opts: . 23:46:04 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 1) 23:46:04 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xedc0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.962677] erofs: root inode @ nid 36 23:46:04 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xbf03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 348.984288] erofs: unmounted for /dev/loop5 [ 349.002260] erofs: unmounted for /dev/loop4 [ 349.004118] erofs: mounted on /dev/loop1 with opts: . [ 349.018851] erofs: read_super, device -> /dev/loop3 [ 349.027621] erofs: options -> 23:46:04 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r1) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 349.032257] erofs: unmounted for /dev/loop1 [ 349.041766] erofs: root inode @ nid 36 [ 349.045984] erofs: mounted on /dev/loop3 with opts: . [ 349.051510] erofs: unmounted for /dev/loop3 [ 349.056720] FAULT_INJECTION: forcing a failure. [ 349.056720] name failslab, interval 1, probability 0, space 0, times 0 [ 349.068908] CPU: 0 PID: 20734 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 23:46:04 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, r1) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 349.076813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.086173] Call Trace: [ 349.088780] dump_stack+0x1fc/0x2ef [ 349.092434] should_fail.cold+0xa/0xf [ 349.096255] ? setup_fault_attr+0x200/0x200 [ 349.100593] ? lock_acquire+0x170/0x3c0 [ 349.104632] __should_failslab+0x115/0x180 [ 349.108897] should_failslab+0x5/0x10 [ 349.112718] __kmalloc+0x2ab/0x3c0 [ 349.116277] ? __se_sys_memfd_create+0xf8/0x440 [ 349.120968] __se_sys_memfd_create+0xf8/0x440 [ 349.125490] ? memfd_file_seals_ptr+0x150/0x150 [ 349.130182] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 349.135565] ? trace_hardirqs_off_caller+0x6e/0x210 [ 349.140594] ? do_syscall_64+0x21/0x620 [ 349.144558] do_syscall_64+0xf9/0x620 [ 349.148347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.153654] RIP: 0033:0x7f7be3203109 [ 349.157391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 349.176291] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 23:46:04 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 2) [ 349.183992] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3203109 [ 349.191262] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f7be325c1be [ 349.198525] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f7be1b781d0 [ 349.205783] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 349.213043] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:46:04 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffff1f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 349.275568] erofs: read_super, device -> /dev/loop4 [ 349.280915] erofs: read_super, device -> /dev/loop2 [ 349.292523] erofs: options -> [ 349.296186] erofs: options -> [ 349.304746] erofs: root inode @ nid 36 [ 349.312319] erofs: root inode @ nid 36 [ 349.323991] erofs: mounted on /dev/loop2 with opts: . [ 349.326874] erofs: mounted on /dev/loop4 with opts: . [ 349.332054] erofs: unmounted for /dev/loop2 [ 349.355607] FAULT_INJECTION: forcing a failure. [ 349.355607] name failslab, interval 1, probability 0, space 0, times 0 23:46:04 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf95c, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 349.369267] CPU: 1 PID: 20749 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 349.377179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.386547] Call Trace: [ 349.389159] dump_stack+0x1fc/0x2ef [ 349.392808] should_fail.cold+0xa/0xf [ 349.396628] ? setup_fault_attr+0x200/0x200 [ 349.400966] ? lock_acquire+0x170/0x3c0 [ 349.404953] __should_failslab+0x115/0x180 [ 349.409214] should_failslab+0x5/0x10 [ 349.413017] kmem_cache_alloc+0x277/0x370 [ 349.417168] ? shmem_destroy_callback+0xb0/0xb0 [ 349.423496] shmem_alloc_inode+0x18/0x40 [ 349.427558] ? shmem_destroy_callback+0xb0/0xb0 [ 349.432219] alloc_inode+0x5d/0x180 [ 349.435846] new_inode+0x1d/0xf0 [ 349.439226] shmem_get_inode+0x96/0x8d0 [ 349.443231] __shmem_file_setup.part.0+0x7a/0x2b0 [ 349.448297] shmem_file_setup+0x61/0x90 [ 349.452283] __se_sys_memfd_create+0x26b/0x440 [ 349.456967] ? memfd_file_seals_ptr+0x150/0x150 [ 349.462163] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 349.467543] ? trace_hardirqs_off_caller+0x6e/0x210 [ 349.472586] ? do_syscall_64+0x21/0x620 [ 349.476583] do_syscall_64+0xf9/0x620 [ 349.480402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.485591] RIP: 0033:0x7f7be3203109 [ 349.489455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 349.508372] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 349.516256] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3203109 23:46:04 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r1) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, r1) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 349.523532] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f7be325c1be [ 349.530815] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f7be1b781d0 [ 349.538100] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 349.545475] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 349.587355] erofs: read_super, device -> /dev/loop1 23:46:04 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:04 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 3) 23:46:04 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc003, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 349.611459] erofs: options -> [ 349.621692] erofs: unmounted for /dev/loop4 [ 349.633551] erofs: read_super, device -> /dev/loop3 [ 349.638973] erofs: options -> [ 349.645035] erofs: root inode @ nid 36 [ 349.651285] erofs: root inode @ nid 36 23:46:04 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:04 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffff7f, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 349.659128] erofs: mounted on /dev/loop1 with opts: . [ 349.662346] erofs: mounted on /dev/loop3 with opts: . [ 349.669122] erofs: unmounted for /dev/loop1 [ 349.677685] erofs: unmounted for /dev/loop3 [ 349.688073] FAULT_INJECTION: forcing a failure. [ 349.688073] name failslab, interval 1, probability 0, space 0, times 0 [ 349.742391] CPU: 0 PID: 20783 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 349.750303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.759659] Call Trace: [ 349.762271] dump_stack+0x1fc/0x2ef [ 349.765923] should_fail.cold+0xa/0xf [ 349.769744] ? setup_fault_attr+0x200/0x200 [ 349.774092] ? lock_acquire+0x170/0x3c0 [ 349.778092] __should_failslab+0x115/0x180 [ 349.782400] should_failslab+0x5/0x10 [ 349.786219] kmem_cache_alloc+0x277/0x370 [ 349.790388] __d_alloc+0x2b/0xa10 [ 349.793850] d_alloc_pseudo+0x19/0x70 [ 349.797643] alloc_file_pseudo+0xc6/0x250 [ 349.801795] ? alloc_file+0x4d0/0x4d0 [ 349.805586] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 349.811215] ? shmem_get_inode+0x44c/0x8d0 [ 349.815448] __shmem_file_setup.part.0+0x102/0x2b0 [ 349.820378] shmem_file_setup+0x61/0x90 [ 349.824349] __se_sys_memfd_create+0x26b/0x440 [ 349.828920] ? memfd_file_seals_ptr+0x150/0x150 [ 349.833577] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 349.838934] ? trace_hardirqs_off_caller+0x6e/0x210 [ 349.843938] ? do_syscall_64+0x21/0x620 [ 349.847901] do_syscall_64+0xf9/0x620 [ 349.851693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.856871] RIP: 0033:0x7f7be3203109 [ 349.860571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 349.879459] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 23:46:04 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:05 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xff0f, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 349.887159] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3203109 [ 349.894426] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f7be325c1be [ 349.901685] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f7be1b781d0 [ 349.908940] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 349.916196] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:46:05 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 4) [ 349.975639] erofs: read_super, device -> /dev/loop2 [ 349.984107] erofs: options -> [ 350.002812] erofs: root inode @ nid 36 [ 350.007694] erofs: mounted on /dev/loop2 with opts: . [ 350.015040] erofs: read_super, device -> /dev/loop4 23:46:05 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 350.028184] erofs: unmounted for /dev/loop2 [ 350.032202] erofs: options -> [ 350.037276] erofs: read_super, device -> /dev/loop3 [ 350.046306] erofs: options -> [ 350.058476] erofs: root inode @ nid 36 [ 350.060441] erofs: root inode @ nid 36 [ 350.071691] erofs: read_super, device -> /dev/loop1 [ 350.077516] erofs: options -> [ 350.082533] erofs: mounted on /dev/loop4 with opts: . [ 350.094385] erofs: mounted on /dev/loop3 with opts: . [ 350.099824] erofs: root inode @ nid 36 [ 350.117850] erofs: unmounted for /dev/loop3 [ 350.122561] erofs: mounted on /dev/loop1 with opts: . 23:46:05 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc103, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 350.138134] FAULT_INJECTION: forcing a failure. [ 350.138134] name failslab, interval 1, probability 0, space 0, times 0 [ 350.145740] erofs: unmounted for /dev/loop1 [ 350.155590] erofs: unmounted for /dev/loop4 [ 350.158809] CPU: 1 PID: 20819 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 350.167807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.177161] Call Trace: [ 350.179748] dump_stack+0x1fc/0x2ef [ 350.183369] should_fail.cold+0xa/0xf [ 350.187163] ? setup_fault_attr+0x200/0x200 [ 350.191475] ? lock_acquire+0x170/0x3c0 [ 350.195463] __should_failslab+0x115/0x180 [ 350.199696] should_failslab+0x5/0x10 [ 350.203592] kmem_cache_alloc+0x277/0x370 [ 350.207730] __alloc_file+0x21/0x340 [ 350.211448] alloc_empty_file+0x6d/0x170 [ 350.215503] alloc_file+0x5e/0x4d0 [ 350.219033] alloc_file_pseudo+0x165/0x250 [ 350.223256] ? alloc_file+0x4d0/0x4d0 [ 350.227045] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 350.232779] ? shmem_get_inode+0x44c/0x8d0 [ 350.237138] __shmem_file_setup.part.0+0x102/0x2b0 [ 350.242090] shmem_file_setup+0x61/0x90 [ 350.246169] __se_sys_memfd_create+0x26b/0x440 [ 350.251001] ? memfd_file_seals_ptr+0x150/0x150 [ 350.255662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 350.261185] ? trace_hardirqs_off_caller+0x6e/0x210 [ 350.266278] ? do_syscall_64+0x21/0x620 [ 350.270258] do_syscall_64+0xf9/0x620 [ 350.274062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.279254] RIP: 0033:0x7f7be3203109 [ 350.283021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 350.302094] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 350.309791] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3203109 [ 350.317217] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f7be325c1be [ 350.324559] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f7be1b781d0 [ 350.331810] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 23:46:05 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) 23:46:05 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 350.339079] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 23:46:05 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 5) 23:46:05 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffff8c, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:05 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x4208, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r2, &(0x7f00000000c0)='net/fib_triestat\x00') sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 350.423011] erofs: read_super, device -> /dev/loop2 [ 350.428092] erofs: options -> [ 350.433145] erofs: root inode @ nid 36 [ 350.437147] erofs: mounted on /dev/loop2 with opts: . [ 350.446069] erofs: unmounted for /dev/loop2 23:46:05 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 350.499932] FAULT_INJECTION: forcing a failure. [ 350.499932] name failslab, interval 1, probability 0, space 0, times 0 [ 350.526516] erofs: read_super, device -> /dev/loop1 23:46:05 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x4208, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r2, &(0x7f00000000c0)='net/fib_triestat\x00') (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 350.545872] erofs: read_super, device -> /dev/loop3 [ 350.558346] erofs: options -> [ 350.564095] erofs: options -> [ 350.569073] CPU: 1 PID: 20846 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 350.576970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.586332] Call Trace: [ 350.589018] dump_stack+0x1fc/0x2ef [ 350.592661] should_fail.cold+0xa/0xf [ 350.596472] ? setup_fault_attr+0x200/0x200 [ 350.600805] ? lock_acquire+0x170/0x3c0 [ 350.604806] __should_failslab+0x115/0x180 [ 350.609059] should_failslab+0x5/0x10 [ 350.612876] kmem_cache_alloc_trace+0x284/0x380 [ 350.617566] apparmor_file_alloc_security+0x394/0xad0 [ 350.622773] ? apparmor_file_receive+0x160/0x160 [ 350.627550] ? __alloc_file+0x21/0x340 [ 350.631461] security_file_alloc+0x40/0x90 [ 350.635719] __alloc_file+0xd8/0x340 [ 350.639458] alloc_empty_file+0x6d/0x170 [ 350.643543] alloc_file+0x5e/0x4d0 [ 350.644848] erofs: root inode @ nid 36 [ 350.647125] alloc_file_pseudo+0x165/0x250 [ 350.647144] ? alloc_file+0x4d0/0x4d0 [ 350.647162] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 350.664680] ? shmem_get_inode+0x44c/0x8d0 [ 350.668735] erofs: mounted on /dev/loop3 with opts: . [ 350.669012] __shmem_file_setup.part.0+0x102/0x2b0 [ 350.678367] erofs: unmounted for /dev/loop3 [ 350.679109] shmem_file_setup+0x61/0x90 [ 350.687469] __se_sys_memfd_create+0x26b/0x440 [ 350.692059] ? memfd_file_seals_ptr+0x150/0x150 [ 350.692647] erofs: root inode @ nid 36 [ 350.696774] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 350.696793] ? trace_hardirqs_off_caller+0x6e/0x210 [ 350.696808] ? do_syscall_64+0x21/0x620 [ 350.696822] do_syscall_64+0xf9/0x620 [ 350.696841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.715859] erofs: mounted on /dev/loop1 with opts: . [ 350.718859] RIP: 0033:0x7f7be3203109 23:46:05 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x4208, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r2, &(0x7f00000000c0)='net/fib_triestat\x00') sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x4208, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)) (async) syz_open_procfs(r2, &(0x7f00000000c0)='net/fib_triestat\x00') (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) 23:46:05 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 6) [ 350.718875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 350.718883] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 350.718896] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3203109 [ 350.718912] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 00007f7be325c1be [ 350.733832] erofs: unmounted for /dev/loop1 [ 350.751971] RBP: 0000000000000003 R08: 0000000000001000 R09: 00007f7be1b781d0 [ 350.751980] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 350.751987] R13: 0000000020000100 R14: 0000000000002000 R15: 0000000020010a00 [ 350.822927] erofs: read_super, device -> /dev/loop2 [ 350.827971] erofs: options -> [ 350.841672] erofs: root inode @ nid 36 [ 350.846112] erofs: mounted on /dev/loop2 with opts: . [ 350.857660] FAULT_INJECTION: forcing a failure. [ 350.857660] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 350.859377] erofs: unmounted for /dev/loop2 [ 350.882198] erofs: read_super, device -> /dev/loop4 [ 350.893042] erofs: options -> [ 350.902389] CPU: 0 PID: 20880 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 350.910297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.919653] Call Trace: [ 350.922256] dump_stack+0x1fc/0x2ef [ 350.925944] should_fail.cold+0xa/0xf [ 350.929782] ? lock_acquire+0x170/0x3c0 [ 350.933804] ? setup_fault_attr+0x200/0x200 [ 350.938156] __alloc_pages_nodemask+0x239/0x2890 [ 350.941943] erofs: root inode @ nid 36 [ 350.942927] ? __lock_acquire+0x6de/0x3ff0 [ 350.942947] ? static_obj+0x50/0x50 [ 350.942970] ? __lock_acquire+0x6de/0x3ff0 [ 350.942991] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 350.947206] erofs: mounted on /dev/loop4 with opts: . [ 350.951126] ? __lock_acquire+0x6de/0x3ff0 23:46:06 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x8, 0x81, 0xf, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x3, 0x8}, 0x10080, 0x7, 0x7, 0x5, 0x55, 0x80, 0x2, 0x0, 0x401, 0x0, 0x1}, r0, 0xc, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000200)={0x7, 0x80, 0x3, 0x9, 0x8, 0x9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, @perf_config_ext={0x3, 0x7ff}, 0x4, 0xfffffffffffffc00, 0xfc, 0x3, 0x0, 0x1f, 0xdcf, 0x0, 0x75fffae6, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r1, 0x8) ptrace(0x10, r0) ptrace$setopts(0x4206, r0, 0x401, 0x200020) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) tkill(r2, 0x9) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0), 0x2, 0x1) 23:46:06 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x100000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 350.951154] ? mark_held_locks+0xf0/0xf0 [ 350.951172] ? unwind_next_frame+0xeee/0x1400 [ 350.951198] ? mark_held_locks+0xf0/0xf0 [ 350.951213] ? deref_stack_reg+0x134/0x1d0 [ 350.951225] ? get_reg+0x176/0x1f0 [ 350.951250] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 350.951266] alloc_pages_vma+0xf2/0x780 [ 351.003651] shmem_alloc_page+0x11c/0x1f0 [ 351.008155] ? shmem_swapin+0x220/0x220 [ 351.012137] ? percpu_counter_add_batch+0x126/0x180 [ 351.017146] ? __vm_enough_memory+0x316/0x650 [ 351.021653] shmem_alloc_and_acct_page+0x15a/0x850 [ 351.026570] shmem_getpage_gfp+0x4e9/0x37f0 [ 351.030886] ? shmem_alloc_and_acct_page+0x850/0x850 [ 351.035976] ? mark_held_locks+0xa6/0xf0 [ 351.040152] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 351.045348] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 351.050553] shmem_write_begin+0xff/0x1e0 [ 351.054714] generic_perform_write+0x1f8/0x4d0 [ 351.059290] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 351.063956] ? current_time+0x1c0/0x1c0 [ 351.067926] ? lock_acquire+0x170/0x3c0 [ 351.072164] __generic_file_write_iter+0x24b/0x610 [ 351.077111] generic_file_write_iter+0x3f8/0x730 [ 351.081873] __vfs_write+0x51b/0x770 [ 351.085793] ? kernel_read+0x110/0x110 [ 351.089678] ? check_preemption_disabled+0x41/0x280 [ 351.094729] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 351.099745] vfs_write+0x1f3/0x540 [ 351.103292] __x64_sys_pwrite64+0x1f7/0x250 [ 351.107630] ? ksys_pwrite64+0x1a0/0x1a0 [ 351.111687] ? trace_hardirqs_off_caller+0x6e/0x210 [ 351.116713] ? do_syscall_64+0x21/0x620 [ 351.120691] do_syscall_64+0xf9/0x620 [ 351.124612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 351.129796] RIP: 0033:0x7f7be31b60d7 [ 351.133502] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 351.152498] RSP: 002b:00007f7be1b77f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 351.160214] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be31b60d7 [ 351.167497] RDX: 000000000000000f RSI: 0000000020010000 RDI: 0000000000000005 [ 351.174753] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 351.182013] R10: 0000000000000400 R11: 0000000000000293 R12: 0000000000000005 [ 351.189276] R13: 0000000000000005 R14: 0000000020000200 R15: 0000000000000000 23:46:06 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc203, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:06 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:06 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 351.245206] erofs: read_super, device -> /dev/loop5 [ 351.262551] erofs: unmounted for /dev/loop4 [ 351.264257] erofs: options -> [ 351.275184] erofs: cannot find valid erofs superblock [ 351.281872] erofs: read_super, device -> /dev/loop3 [ 351.289065] erofs: options -> 23:46:06 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x8, 0x81, 0xf, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x3, 0x8}, 0x10080, 0x7, 0x7, 0x5, 0x55, 0x80, 0x2, 0x0, 0x401, 0x0, 0x1}, r0, 0xc, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000200)={0x7, 0x80, 0x3, 0x9, 0x8, 0x9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, @perf_config_ext={0x3, 0x7ff}, 0x4, 0xfffffffffffffc00, 0xfc, 0x3, 0x0, 0x1f, 0xdcf, 0x0, 0x75fffae6, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r1, 0x8) ptrace(0x10, r0) (async) ptrace$setopts(0x4206, r0, 0x401, 0x200020) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) tkill(r2, 0x9) (async) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0), 0x2, 0x1) [ 351.295671] erofs: root inode @ nid 36 [ 351.300068] erofs: mounted on /dev/loop3 with opts: . [ 351.305734] erofs: unmounted for /dev/loop3 23:46:06 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1fffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:06 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) r1 = perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x8, 0x81, 0xf, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x3, 0x8}, 0x10080, 0x7, 0x7, 0x5, 0x55, 0x80, 0x2, 0x0, 0x401, 0x0, 0x1}, r0, 0xc, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000200)={0x7, 0x80, 0x3, 0x9, 0x8, 0x9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, @perf_config_ext={0x3, 0x7ff}, 0x4, 0xfffffffffffffc00, 0xfc, 0x3, 0x0, 0x1f, 0xdcf, 0x0, 0x75fffae6, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r1, 0x8) (async) ptrace(0x10, r0) ptrace$setopts(0x4206, r0, 0x401, 0x200020) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) tkill(r2, 0x9) (async) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0), 0x2, 0x1) [ 351.436692] erofs: read_super, device -> /dev/loop1 [ 351.445528] erofs: read_super, device -> /dev/loop2 [ 351.445568] erofs: read_super, device -> /dev/loop4 [ 351.463439] erofs: options -> [ 351.464564] erofs: options -> [ 351.479081] erofs: root inode @ nid 36 23:46:06 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 7) [ 351.485407] erofs: options -> [ 351.493860] erofs: mounted on /dev/loop1 with opts: . [ 351.506096] erofs: root inode @ nid 36 [ 351.507416] erofs: unmounted for /dev/loop1 [ 351.519216] erofs: root inode @ nid 36 [ 351.534194] erofs: mounted on /dev/loop2 with opts: . [ 351.548052] erofs: mounted on /dev/loop4 with opts: . [ 351.563405] erofs: unmounted for /dev/loop2 23:46:06 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0xfffffffffffffffd, 0x66df86d33f261867) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d6b) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 351.620934] FAULT_INJECTION: forcing a failure. [ 351.620934] name failslab, interval 1, probability 0, space 0, times 0 [ 351.635314] CPU: 1 PID: 20949 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 351.643214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.652562] Call Trace: [ 351.655153] dump_stack+0x1fc/0x2ef [ 351.658792] should_fail.cold+0xa/0xf [ 351.662584] ? setup_fault_attr+0x200/0x200 [ 351.666896] ? lock_acquire+0x170/0x3c0 [ 351.670867] __should_failslab+0x115/0x180 [ 351.675185] should_failslab+0x5/0x10 [ 351.678972] kmem_cache_alloc+0x277/0x370 [ 351.683109] getname_flags+0xce/0x590 [ 351.686902] do_sys_open+0x26c/0x520 [ 351.690607] ? filp_open+0x70/0x70 [ 351.694139] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 351.699489] ? trace_hardirqs_off_caller+0x6e/0x210 [ 351.704493] ? do_syscall_64+0x21/0x620 [ 351.708459] do_syscall_64+0xf9/0x620 [ 351.712249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 351.717425] RIP: 0033:0x7f7be31b6024 [ 351.721124] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 351.740018] RSP: 002b:00007f7be1b77eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 351.747718] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be31b6024 [ 351.755078] RDX: 0000000000000002 RSI: 00007f7be1b77fe0 RDI: 00000000ffffff9c [ 351.762362] RBP: 00007f7be1b77fe0 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 351.769707] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 351.777017] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 351.828278] erofs: read_super, device -> /dev/loop3 23:46:06 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 8) 23:46:06 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xeffd, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:06 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xedc000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:06 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc303, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 351.856060] erofs: options -> [ 351.892566] erofs: root inode @ nid 36 [ 351.896656] erofs: unmounted for /dev/loop4 [ 351.915311] erofs: mounted on /dev/loop3 with opts: . [ 351.922579] FAULT_INJECTION: forcing a failure. [ 351.922579] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 351.934413] CPU: 0 PID: 20958 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 351.942298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.951740] Call Trace: [ 351.954339] dump_stack+0x1fc/0x2ef [ 351.957985] should_fail.cold+0xa/0xf [ 351.961804] ? setup_fault_attr+0x200/0x200 [ 351.964450] erofs: unmounted for /dev/loop3 [ 351.966226] ? do_writepages+0x290/0x290 [ 351.966244] ? unlock_page+0x13d/0x230 [ 351.966262] __alloc_pages_nodemask+0x239/0x2890 [ 351.966281] ? lock_downgrade+0x720/0x720 [ 351.966297] ? check_preemption_disabled+0x41/0x280 [ 351.966316] ? __lock_acquire+0x6de/0x3ff0 [ 351.966337] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 351.966352] ? lock_downgrade+0x720/0x720 [ 351.966365] ? lock_acquire+0x170/0x3c0 [ 351.966390] ? up_write+0x18/0x150 [ 352.013455] ? generic_file_write_iter+0x381/0x730 [ 352.018395] ? iov_iter_init+0xb8/0x1d0 [ 352.022393] cache_grow_begin+0xa4/0x8a0 [ 352.026464] ? setup_fault_attr+0x200/0x200 [ 352.030796] ? lock_acquire+0x170/0x3c0 [ 352.034774] cache_alloc_refill+0x273/0x340 [ 352.039108] kmem_cache_alloc+0x346/0x370 [ 352.043305] getname_flags+0xce/0x590 [ 352.047114] do_sys_open+0x26c/0x520 [ 352.050840] ? filp_open+0x70/0x70 [ 352.054385] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 352.059760] ? trace_hardirqs_off_caller+0x6e/0x210 [ 352.064883] ? do_syscall_64+0x21/0x620 [ 352.068853] do_syscall_64+0xf9/0x620 [ 352.072651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 352.077948] RIP: 0033:0x7f7be31b6024 [ 352.081666] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 352.100851] RSP: 002b:00007f7be1b77eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 352.108563] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be31b6024 [ 352.115939] RDX: 0000000000000002 RSI: 00007f7be1b77fe0 RDI: 00000000ffffff9c [ 352.123215] RBP: 00007f7be1b77fe0 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 352.130486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 352.137754] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:07 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 352.198741] erofs: read_super, device -> /dev/loop1 [ 352.205461] erofs: options -> [ 352.215257] erofs: read_super, device -> /dev/loop4 [ 352.215261] erofs: read_super, device -> /dev/loop5 [ 352.215270] erofs: options -> [ 352.228594] erofs: options -> [ 352.232168] erofs: read_super, device -> /dev/loop2 [ 352.249025] erofs: options -> [ 352.265489] erofs: root inode @ nid 36 [ 352.267637] erofs: root inode @ nid 36 [ 352.270070] erofs: mounted on /dev/loop4 with opts: . [ 352.276376] erofs: root inode @ nid 36 [ 352.291535] erofs: mounted on /dev/loop2 with opts: . 23:46:07 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc403, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 352.344266] erofs: unmounted for /dev/loop4 [ 352.349950] erofs: mounted on /dev/loop1 with opts: . [ 352.358209] erofs: root inode @ nid 36 [ 352.363899] erofs: unmounted for /dev/loop2 [ 352.380392] erofs: unmounted for /dev/loop1 [ 352.402817] erofs: read_super, device -> /dev/loop3 [ 352.408747] erofs: mounted on /dev/loop5 with opts: . [ 352.433369] erofs: options -> [ 352.434875] erofs: unmounted for /dev/loop5 23:46:07 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfdef, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:07 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 352.467855] erofs: root inode @ nid 36 [ 352.483791] erofs: mounted on /dev/loop3 with opts: . [ 352.494625] erofs: unmounted for /dev/loop3 [ 352.537713] erofs: read_super, device -> /dev/loop4 23:46:07 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 352.558630] erofs: options -> 23:46:07 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 9) [ 352.581578] erofs: root inode @ nid 36 [ 352.597152] erofs: mounted on /dev/loop4 with opts: . 23:46:07 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc503, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 352.625124] erofs: read_super, device -> /dev/loop1 [ 352.631729] erofs: options -> [ 352.634707] erofs: unmounted for /dev/loop4 [ 352.635819] erofs: root inode @ nid 36 [ 352.646096] erofs: read_super, device -> /dev/loop3 [ 352.669782] erofs: options -> [ 352.679072] erofs: mounted on /dev/loop1 with opts: . [ 352.685090] erofs: root inode @ nid 36 [ 352.703043] erofs: mounted on /dev/loop3 with opts: . [ 352.703096] erofs: unmounted for /dev/loop1 [ 352.711348] erofs: read_super, device -> /dev/loop2 [ 352.718032] erofs: options -> [ 352.726212] erofs: unmounted for /dev/loop3 [ 352.731716] erofs: root inode @ nid 36 [ 352.739168] FAULT_INJECTION: forcing a failure. [ 352.739168] name failslab, interval 1, probability 0, space 0, times 0 [ 352.751347] CPU: 0 PID: 21013 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 352.752336] erofs: mounted on /dev/loop2 with opts: . [ 352.759244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.759252] Call Trace: [ 352.759276] dump_stack+0x1fc/0x2ef [ 352.759296] should_fail.cold+0xa/0xf [ 352.759313] ? setup_fault_attr+0x200/0x200 [ 352.759329] ? lock_acquire+0x170/0x3c0 [ 352.759349] __should_failslab+0x115/0x180 [ 352.759365] should_failslab+0x5/0x10 [ 352.759379] kmem_cache_alloc_trace+0x284/0x380 [ 352.759399] apparmor_file_alloc_security+0x394/0xad0 [ 352.759417] ? apparmor_file_receive+0x160/0x160 [ 352.759432] ? __alloc_file+0x21/0x340 [ 352.759449] security_file_alloc+0x40/0x90 [ 352.759464] __alloc_file+0xd8/0x340 [ 352.759480] alloc_empty_file+0x6d/0x170 [ 352.759497] path_openat+0xe9/0x2df0 [ 352.759509] ? __lock_acquire+0x6de/0x3ff0 [ 352.759532] ? path_lookupat+0x8d0/0x8d0 [ 352.759548] ? mark_held_locks+0xf0/0xf0 [ 352.759560] ? mark_held_locks+0xf0/0xf0 [ 352.759581] do_filp_open+0x18c/0x3f0 [ 352.759592] ? may_open_dev+0xf0/0xf0 [ 352.759608] ? __alloc_fd+0x28d/0x570 [ 352.759627] ? lock_downgrade+0x720/0x720 [ 352.759640] ? lock_acquire+0x170/0x3c0 [ 352.759652] ? __alloc_fd+0x34/0x570 [ 352.759675] ? do_raw_spin_unlock+0x171/0x230 [ 352.759694] ? _raw_spin_unlock+0x29/0x40 [ 352.770798] erofs: unmounted for /dev/loop2 [ 352.774306] ? __alloc_fd+0x28d/0x570 [ 352.774331] do_sys_open+0x3b3/0x520 [ 352.774345] ? filp_open+0x70/0x70 [ 352.774364] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 352.774381] ? trace_hardirqs_off_caller+0x6e/0x210 [ 352.774396] ? do_syscall_64+0x21/0x620 [ 352.774412] do_syscall_64+0xf9/0x620 [ 352.774430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 352.774442] RIP: 0033:0x7f7be31b6024 [ 352.774455] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 352.774468] RSP: 002b:00007f7be1b77eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 352.953832] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be31b6024 [ 352.961103] RDX: 0000000000000002 RSI: 00007f7be1b77fe0 RDI: 00000000ffffff9c [ 352.968457] RBP: 00007f7be1b77fe0 R08: 0000000000000000 R09: 00007f7be1b781d0 23:46:08 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0xfffffffffffffffd, 0x66df86d33f261867) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d6b) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:08 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 10) [ 352.975723] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 352.982984] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:08 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:08 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x90120, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:08 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 353.098111] FAULT_INJECTION: forcing a failure. [ 353.098111] name failslab, interval 1, probability 0, space 0, times 0 [ 353.110295] CPU: 1 PID: 21025 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 353.118194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.127555] Call Trace: [ 353.130162] dump_stack+0x1fc/0x2ef [ 353.130554] erofs: read_super, device -> /dev/loop4 [ 353.133804] should_fail.cold+0xa/0xf [ 353.133823] ? setup_fault_attr+0x200/0x200 [ 353.133842] ? lock_acquire+0x170/0x3c0 [ 353.144092] erofs: options -> [ 353.147086] __should_failslab+0x115/0x180 [ 353.147106] should_failslab+0x5/0x10 [ 353.147124] kmem_cache_alloc_trace+0x284/0x380 [ 353.166956] apparmor_file_alloc_security+0x394/0xad0 [ 353.171487] erofs: root inode @ nid 36 [ 353.172165] ? apparmor_file_receive+0x160/0x160 [ 353.180883] ? __alloc_file+0x21/0x340 [ 353.184804] security_file_alloc+0x40/0x90 [ 353.189055] __alloc_file+0xd8/0x340 [ 353.189805] erofs: mounted on /dev/loop4 with opts: . [ 353.192805] alloc_empty_file+0x6d/0x170 [ 353.192825] path_openat+0xe9/0x2df0 [ 353.192855] ? __lock_acquire+0x6de/0x3ff0 [ 353.192878] ? path_lookupat+0x8d0/0x8d0 [ 353.192895] ? mark_held_locks+0xf0/0xf0 [ 353.192914] do_filp_open+0x18c/0x3f0 [ 353.192927] ? may_open_dev+0xf0/0xf0 [ 353.192941] ? __alloc_fd+0x28d/0x570 [ 353.192959] ? lock_downgrade+0x720/0x720 [ 353.192976] ? lock_acquire+0x170/0x3c0 [ 353.237901] ? __alloc_fd+0x34/0x570 [ 353.241636] ? do_raw_spin_unlock+0x171/0x230 [ 353.246149] ? _raw_spin_unlock+0x29/0x40 [ 353.250314] ? __alloc_fd+0x28d/0x570 [ 353.254141] do_sys_open+0x3b3/0x520 [ 353.257874] ? filp_open+0x70/0x70 [ 353.261434] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 353.266820] ? trace_hardirqs_off_caller+0x6e/0x210 [ 353.271854] ? do_syscall_64+0x21/0x620 [ 353.275849] do_syscall_64+0xf9/0x620 [ 353.279668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 353.284952] RIP: 0033:0x7f7be31b6024 [ 353.288681] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 353.307595] RSP: 002b:00007f7be1b77eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 353.315319] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be31b6024 [ 353.322604] RDX: 0000000000000002 RSI: 00007f7be1b77fe0 RDI: 00000000ffffff9c [ 353.329881] RBP: 00007f7be1b77fe0 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 353.337160] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 23:46:08 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc603, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 353.344449] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 353.387779] erofs: unmounted for /dev/loop4 [ 353.447784] erofs: read_super, device -> /dev/loop2 [ 353.469282] erofs: read_super, device -> /dev/loop1 [ 353.474769] erofs: options -> [ 353.478485] erofs: root inode @ nid 36 [ 353.486347] erofs: options -> [ 353.498988] erofs: mounted on /dev/loop1 with opts: . [ 353.500039] erofs: read_super, device -> /dev/loop3 [ 353.507353] erofs: root inode @ nid 36 23:46:08 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 353.525855] erofs: unmounted for /dev/loop1 [ 353.533831] erofs: mounted on /dev/loop2 with opts: . [ 353.551985] erofs: options -> [ 353.556659] erofs: unmounted for /dev/loop2 [ 353.563054] erofs: root inode @ nid 36 23:46:08 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:08 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 11) [ 353.573691] erofs: mounted on /dev/loop3 with opts: . [ 353.586139] erofs: unmounted for /dev/loop3 23:46:08 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 353.635306] erofs: read_super, device -> /dev/loop4 [ 353.642108] erofs: options -> [ 353.645597] erofs: root inode @ nid 36 [ 353.649724] erofs: mounted on /dev/loop4 with opts: . 23:46:08 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc703, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 353.711420] erofs: read_super, device -> /dev/loop2 [ 353.725804] erofs: options -> [ 353.741048] FAULT_INJECTION: forcing a failure. [ 353.741048] name failslab, interval 1, probability 0, space 0, times 0 [ 353.752915] erofs: unmounted for /dev/loop4 [ 353.759013] erofs: root inode @ nid 36 [ 353.761151] CPU: 0 PID: 21059 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 353.770801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.780169] Call Trace: [ 353.782787] dump_stack+0x1fc/0x2ef [ 353.786435] should_fail.cold+0xa/0xf [ 353.789380] erofs: mounted on /dev/loop2 with opts: . [ 353.790255] ? setup_fault_attr+0x200/0x200 [ 353.790270] ? lock_acquire+0x170/0x3c0 [ 353.790292] __should_failslab+0x115/0x180 [ 353.790309] should_failslab+0x5/0x10 [ 353.790322] kmem_cache_alloc+0x277/0x370 [ 353.790338] __kernfs_new_node+0xd2/0x680 [ 353.790355] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 353.790370] ? _raw_spin_unlock_irq+0x5a/0x80 [ 353.790385] ? __cpu_to_node+0x7b/0xa0 [ 353.790403] ? mark_held_locks+0xf0/0xf0 [ 353.790415] ? io_schedule_timeout+0x140/0x140 [ 353.790429] ? enqueue_entity+0xf86/0x3850 [ 353.790445] ? set_user_nice.part.0+0x3b9/0xab0 [ 353.790463] kernfs_create_dir_ns+0x9e/0x230 [ 353.790481] internal_create_group+0x1c1/0xb20 [ 353.795837] erofs: unmounted for /dev/loop2 [ 353.799990] ? sysfs_remove_link_from_group+0x70/0x70 [ 353.869214] ? lock_downgrade+0x720/0x720 [ 353.873356] lo_ioctl+0xf7c/0x20e0 [ 353.877006] ? loop_set_status64+0x110/0x110 [ 353.881433] blkdev_ioctl+0x5cb/0x1a80 [ 353.885346] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 353.890703] ? blkpg_ioctl+0x9d0/0x9d0 [ 353.894605] ? mark_held_locks+0xf0/0xf0 [ 353.898666] ? mark_held_locks+0xf0/0xf0 [ 353.902728] ? debug_check_no_obj_freed+0x201/0x490 [ 353.907733] ? lock_downgrade+0x720/0x720 [ 353.911886] block_ioctl+0xe9/0x130 [ 353.915518] ? blkdev_fallocate+0x3f0/0x3f0 [ 353.919839] do_vfs_ioctl+0xcdb/0x12e0 [ 353.923722] ? lock_downgrade+0x720/0x720 [ 353.927858] ? check_preemption_disabled+0x41/0x280 [ 353.932879] ? ioctl_preallocate+0x200/0x200 [ 353.937638] ? __fget+0x356/0x510 [ 353.941080] ? do_dup2+0x450/0x450 [ 353.944634] ? do_sys_open+0x2bf/0x520 [ 353.948512] ksys_ioctl+0x9b/0xc0 [ 353.951973] __x64_sys_ioctl+0x6f/0xb0 [ 353.955858] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 353.960451] do_syscall_64+0xf9/0x620 [ 353.964241] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 353.969425] RIP: 0033:0x7f7be3202ec7 [ 353.973136] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 353.992028] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 353.999727] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 23:46:09 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:09 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0xfffffffffffffffd, 0x66df86d33f261867) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d6b) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 354.007000] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 354.014263] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 354.021519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 354.028775] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:09 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 354.082256] erofs: read_super, device -> /dev/loop3 [ 354.084042] erofs: read_super, device -> /dev/loop5 [ 354.090230] erofs: options -> [ 354.114499] erofs: root inode @ nid 36 [ 354.129779] erofs: mounted on /dev/loop3 with opts: . [ 354.130872] erofs: options -> [ 354.153115] erofs: unmounted for /dev/loop3 [ 354.159974] erofs: root inode @ nid 36 [ 354.176849] erofs: mounted on /dev/loop5 with opts: . [ 354.187757] erofs: unmounted for /dev/loop5 23:46:09 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 354.218965] erofs: read_super, device -> /dev/loop4 [ 354.224570] erofs: read_super, device -> /dev/loop2 [ 354.237045] erofs: options -> [ 354.241376] erofs: options -> [ 354.245252] erofs: root inode @ nid 36 [ 354.248940] erofs: root inode @ nid 36 [ 354.249581] erofs: mounted on /dev/loop2 with opts: . [ 354.256919] erofs: mounted on /dev/loop4 with opts: . [ 354.258710] erofs: unmounted for /dev/loop2 23:46:09 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc803, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 354.272323] erofs: read_super, device -> /dev/loop1 [ 354.277900] erofs: options -> [ 354.283909] erofs: root inode @ nid 36 [ 354.293060] erofs: mounted on /dev/loop1 with opts: . [ 354.298402] erofs: unmounted for /dev/loop1 [ 354.303656] erofs: unmounted for /dev/loop4 [ 354.324091] erofs: read_super, device -> /dev/loop3 [ 354.329122] erofs: options -> 23:46:09 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 12) 23:46:09 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:09 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x400000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 354.393837] erofs: root inode @ nid 36 [ 354.430504] erofs: mounted on /dev/loop3 with opts: . [ 354.443611] erofs: read_super, device -> /dev/loop4 [ 354.454667] erofs: unmounted for /dev/loop3 [ 354.462876] erofs: options -> [ 354.472617] erofs: root inode @ nid 36 [ 354.486795] erofs: mounted on /dev/loop4 with opts: . [ 354.493908] FAULT_INJECTION: forcing a failure. [ 354.493908] name failslab, interval 1, probability 0, space 0, times 0 [ 354.508008] CPU: 1 PID: 21111 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 354.515902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 354.525247] Call Trace: [ 354.527845] dump_stack+0x1fc/0x2ef [ 354.531503] should_fail.cold+0xa/0xf [ 354.535341] ? setup_fault_attr+0x200/0x200 [ 354.539677] ? lock_acquire+0x170/0x3c0 [ 354.543733] __should_failslab+0x115/0x180 [ 354.547962] should_failslab+0x5/0x10 [ 354.551896] kmem_cache_alloc+0x277/0x370 [ 354.556046] __kernfs_new_node+0xd2/0x680 [ 354.560329] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 354.565093] ? _raw_spin_unlock_irq+0x5a/0x80 [ 354.569605] ? __cpu_to_node+0x7b/0xa0 [ 354.573494] ? mark_held_locks+0xf0/0xf0 [ 354.577548] ? io_schedule_timeout+0x140/0x140 [ 354.582139] ? enqueue_entity+0xf86/0x3850 [ 354.586389] ? set_user_nice.part.0+0x3b9/0xab0 [ 354.591073] kernfs_create_dir_ns+0x9e/0x230 [ 354.595499] internal_create_group+0x1c1/0xb20 [ 354.600095] ? sysfs_remove_link_from_group+0x70/0x70 [ 354.605311] ? lock_downgrade+0x720/0x720 [ 354.609462] lo_ioctl+0xf7c/0x20e0 [ 354.613017] ? loop_set_status64+0x110/0x110 [ 354.617419] blkdev_ioctl+0x5cb/0x1a80 [ 354.621333] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 354.626723] ? blkpg_ioctl+0x9d0/0x9d0 [ 354.630622] ? mark_held_locks+0xf0/0xf0 [ 354.634683] ? mark_held_locks+0xf0/0xf0 [ 354.638829] ? debug_check_no_obj_freed+0x201/0x490 [ 354.643843] ? lock_downgrade+0x720/0x720 [ 354.647989] block_ioctl+0xe9/0x130 [ 354.651627] ? blkdev_fallocate+0x3f0/0x3f0 [ 354.655950] do_vfs_ioctl+0xcdb/0x12e0 [ 354.659828] ? lock_downgrade+0x720/0x720 [ 354.663971] ? check_preemption_disabled+0x41/0x280 [ 354.669147] ? ioctl_preallocate+0x200/0x200 [ 354.673576] ? __fget+0x356/0x510 [ 354.677100] ? do_dup2+0x450/0x450 [ 354.680650] ? do_sys_open+0x2bf/0x520 [ 354.684543] ksys_ioctl+0x9b/0xc0 [ 354.687997] __x64_sys_ioctl+0x6f/0xb0 [ 354.691883] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 354.696470] do_syscall_64+0xf9/0x620 [ 354.700286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 354.705480] RIP: 0033:0x7f7be3202ec7 [ 354.709186] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 354.728079] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 354.735779] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 354.743044] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 354.750319] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 354.757591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 354.764851] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 354.797917] erofs: read_super, device -> /dev/loop5 23:46:09 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc903, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:09 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 354.818703] erofs: read_super, device -> /dev/loop1 [ 354.818720] erofs: read_super, device -> /dev/loop2 [ 354.829702] erofs: options -> [ 354.833729] erofs: options -> [ 354.837482] erofs: options -> [ 354.855790] erofs: unmounted for /dev/loop4 [ 354.859279] erofs: root inode @ nid 36 [ 354.864702] erofs: root inode @ nid 36 [ 354.870936] erofs: root inode @ nid 36 [ 354.880819] erofs: mounted on /dev/loop5 with opts: . [ 354.880907] erofs: mounted on /dev/loop1 with opts: . [ 354.884394] erofs: mounted on /dev/loop2 with opts: . [ 354.899395] erofs: unmounted for /dev/loop2 [ 354.907323] erofs: unmounted for /dev/loop5 [ 354.919374] erofs: unmounted for /dev/loop1 23:46:10 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 13) 23:46:10 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:10 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) renameat2(r3, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)='./file0\x00', 0x4) [ 354.972568] erofs: read_super, device -> /dev/loop3 [ 354.978498] erofs: options -> [ 354.987097] erofs: root inode @ nid 36 [ 355.002906] erofs: mounted on /dev/loop3 with opts: . [ 355.029042] erofs: unmounted for /dev/loop3 23:46:10 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 355.069267] erofs: read_super, device -> /dev/loop4 [ 355.075744] erofs: options -> [ 355.079492] erofs: root inode @ nid 36 [ 355.086108] erofs: mounted on /dev/loop4 with opts: . [ 355.094624] FAULT_INJECTION: forcing a failure. [ 355.094624] name failslab, interval 1, probability 0, space 0, times 0 [ 355.118891] CPU: 1 PID: 21134 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 355.126794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 355.136156] Call Trace: [ 355.138758] dump_stack+0x1fc/0x2ef [ 355.142399] should_fail.cold+0xa/0xf [ 355.146217] ? setup_fault_attr+0x200/0x200 [ 355.150546] ? lock_acquire+0x170/0x3c0 [ 355.154575] __should_failslab+0x115/0x180 [ 355.158809] should_failslab+0x5/0x10 [ 355.162609] kmem_cache_alloc+0x277/0x370 [ 355.166759] __kernfs_new_node+0xd2/0x680 [ 355.170924] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 355.175685] ? kernfs_activate+0x2c/0x1d0 [ 355.179833] ? lock_downgrade+0x720/0x720 [ 355.183975] ? kernfs_add_one+0x51/0x4c0 [ 355.188065] ? mutex_trylock+0x1a0/0x1a0 [ 355.192141] ? __mutex_unlock_slowpath+0xea/0x610 [ 355.196999] kernfs_new_node+0x92/0x120 [ 355.200989] __kernfs_create_file+0x51/0x340 [ 355.205410] sysfs_add_file_mode_ns+0x226/0x540 [ 355.210088] internal_create_group+0x355/0xb20 [ 355.214688] ? sysfs_remove_link_from_group+0x70/0x70 [ 355.219903] ? lock_downgrade+0x720/0x720 [ 355.224054] lo_ioctl+0xf7c/0x20e0 [ 355.227606] ? loop_set_status64+0x110/0x110 [ 355.232018] blkdev_ioctl+0x5cb/0x1a80 [ 355.235932] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 355.241311] ? blkpg_ioctl+0x9d0/0x9d0 [ 355.245206] ? mark_held_locks+0xf0/0xf0 [ 355.249260] ? mark_held_locks+0xf0/0xf0 [ 355.253322] ? debug_check_no_obj_freed+0x201/0x490 [ 355.258361] ? lock_downgrade+0x720/0x720 [ 355.262634] block_ioctl+0xe9/0x130 [ 355.266254] ? blkdev_fallocate+0x3f0/0x3f0 [ 355.270584] do_vfs_ioctl+0xcdb/0x12e0 [ 355.274493] ? lock_downgrade+0x720/0x720 [ 355.278763] ? check_preemption_disabled+0x41/0x280 [ 355.283782] ? ioctl_preallocate+0x200/0x200 [ 355.288185] ? __fget+0x356/0x510 [ 355.291640] ? do_dup2+0x450/0x450 [ 355.295191] ? do_sys_open+0x2bf/0x520 [ 355.299087] ksys_ioctl+0x9b/0xc0 [ 355.302538] __x64_sys_ioctl+0x6f/0xb0 [ 355.306411] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 355.310997] do_syscall_64+0xf9/0x620 [ 355.314798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 355.320016] RIP: 0033:0x7f7be3202ec7 [ 355.323734] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 355.342642] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 355.350348] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 355.357658] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 355.365361] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 355.372650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 355.379923] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:10 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:10 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xca03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 355.424075] erofs: read_super, device -> /dev/loop5 [ 355.429540] erofs: read_super, device -> /dev/loop1 [ 355.446859] erofs: options -> [ 355.453621] erofs: unmounted for /dev/loop4 [ 355.465307] erofs: options -> [ 355.473223] erofs: root inode @ nid 36 [ 355.503473] erofs: root inode @ nid 36 [ 355.517908] erofs: mounted on /dev/loop5 with opts: . [ 355.518541] erofs: read_super, device -> /dev/loop2 [ 355.529194] erofs: mounted on /dev/loop1 with opts: . [ 355.547579] erofs: options -> [ 355.548655] erofs: unmounted for /dev/loop5 [ 355.557711] erofs: unmounted for /dev/loop1 [ 355.564689] erofs: root inode @ nid 36 [ 355.574161] erofs: mounted on /dev/loop2 with opts: . [ 355.579774] erofs: unmounted for /dev/loop2 23:46:10 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x600000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:10 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 14) 23:46:10 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 355.650722] erofs: read_super, device -> /dev/loop3 [ 355.655897] erofs: options -> [ 355.659283] erofs: root inode @ nid 36 [ 355.672827] erofs: read_super, device -> /dev/loop4 [ 355.683949] erofs: options -> [ 355.692549] erofs: mounted on /dev/loop3 with opts: . [ 355.698192] erofs: unmounted for /dev/loop3 [ 355.703472] erofs: root inode @ nid 36 [ 355.707756] erofs: mounted on /dev/loop4 with opts: . 23:46:10 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcb03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:10 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 355.780364] erofs: unmounted for /dev/loop4 [ 355.783347] FAULT_INJECTION: forcing a failure. [ 355.783347] name failslab, interval 1, probability 0, space 0, times 0 [ 355.809396] CPU: 0 PID: 21175 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 355.817291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 355.826671] Call Trace: [ 355.829279] dump_stack+0x1fc/0x2ef [ 355.832913] should_fail.cold+0xa/0xf [ 355.836815] ? setup_fault_attr+0x200/0x200 [ 355.841125] ? lock_acquire+0x170/0x3c0 [ 355.845092] __should_failslab+0x115/0x180 [ 355.849317] should_failslab+0x5/0x10 [ 355.853105] kmem_cache_alloc+0x277/0x370 [ 355.857261] __kernfs_new_node+0xd2/0x680 [ 355.861412] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 355.866177] ? __mutex_unlock_slowpath+0xea/0x610 [ 355.871023] ? wait_for_completion_io+0x10/0x10 [ 355.875696] ? kernfs_next_descendant_post+0x19c/0x290 [ 355.880978] kernfs_new_node+0x92/0x120 [ 355.884949] __kernfs_create_file+0x51/0x340 [ 355.889364] sysfs_add_file_mode_ns+0x226/0x540 [ 355.894211] internal_create_group+0x355/0xb20 [ 355.898806] ? sysfs_remove_link_from_group+0x70/0x70 [ 355.904047] ? lock_downgrade+0x720/0x720 [ 355.908212] lo_ioctl+0xf7c/0x20e0 [ 355.911756] ? loop_set_status64+0x110/0x110 [ 355.916155] blkdev_ioctl+0x5cb/0x1a80 [ 355.920031] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 355.925394] ? blkpg_ioctl+0x9d0/0x9d0 [ 355.929297] ? mark_held_locks+0xf0/0xf0 [ 355.933360] ? mark_held_locks+0xf0/0xf0 [ 355.937413] ? debug_check_no_obj_freed+0x201/0x490 [ 355.942613] ? lock_downgrade+0x720/0x720 [ 355.946766] block_ioctl+0xe9/0x130 [ 355.950395] ? blkdev_fallocate+0x3f0/0x3f0 [ 355.954719] do_vfs_ioctl+0xcdb/0x12e0 [ 355.958608] ? lock_downgrade+0x720/0x720 [ 355.962763] ? check_preemption_disabled+0x41/0x280 [ 355.967779] ? ioctl_preallocate+0x200/0x200 [ 355.972178] ? __fget+0x356/0x510 [ 355.975622] ? do_dup2+0x450/0x450 [ 355.979179] ? do_sys_open+0x2bf/0x520 [ 355.983059] ksys_ioctl+0x9b/0xc0 [ 355.986514] __x64_sys_ioctl+0x6f/0xb0 [ 355.990410] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 355.994996] do_syscall_64+0xf9/0x620 [ 355.998796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 356.003977] RIP: 0033:0x7f7be3202ec7 [ 356.007677] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:46:11 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) renameat2(r3, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)='./file0\x00', 0x4) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r2, r3, 0x0, 0x20000000d67) (async) renameat2(r3, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)='./file0\x00', 0x4) (async) [ 356.026597] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 356.034298] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 356.041560] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 356.048831] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 356.056095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 356.063362] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 356.115236] erofs: read_super, device -> /dev/loop5 [ 356.120796] erofs: options -> [ 356.124224] erofs: root inode @ nid 36 [ 356.138329] erofs: mounted on /dev/loop5 with opts: . [ 356.147914] erofs: unmounted for /dev/loop5 [ 356.160146] erofs: read_super, device -> /dev/loop1 [ 356.165652] erofs: read_super, device -> /dev/loop2 [ 356.183796] erofs: options -> [ 356.195617] erofs: read_super, device -> /dev/loop3 [ 356.196156] erofs: options -> [ 356.207364] erofs: options -> [ 356.213356] erofs: root inode @ nid 36 [ 356.215546] erofs: root inode @ nid 36 [ 356.225196] erofs: root inode @ nid 36 [ 356.227406] erofs: mounted on /dev/loop3 with opts: . [ 356.235151] erofs: unmounted for /dev/loop3 [ 356.242734] erofs: mounted on /dev/loop2 with opts: . [ 356.244861] erofs: mounted on /dev/loop1 with opts: . [ 356.270367] erofs: read_super, device -> /dev/loop4 23:46:11 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 15) 23:46:11 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 356.293069] erofs: options -> [ 356.312702] erofs: unmounted for /dev/loop1 [ 356.333222] erofs: unmounted for /dev/loop2 [ 356.342618] erofs: root inode @ nid 36 [ 356.354675] erofs: mounted on /dev/loop4 with opts: . 23:46:11 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 356.440188] FAULT_INJECTION: forcing a failure. [ 356.440188] name failslab, interval 1, probability 0, space 0, times 0 [ 356.455661] CPU: 0 PID: 21208 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 356.463576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.472935] Call Trace: [ 356.475526] dump_stack+0x1fc/0x2ef [ 356.479150] should_fail.cold+0xa/0xf [ 356.482938] ? setup_fault_attr+0x200/0x200 [ 356.487252] ? lock_acquire+0x170/0x3c0 [ 356.491217] __should_failslab+0x115/0x180 [ 356.495437] should_failslab+0x5/0x10 [ 356.499223] kmem_cache_alloc+0x277/0x370 [ 356.503371] __kernfs_new_node+0xd2/0x680 [ 356.507518] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 356.512266] ? __mutex_unlock_slowpath+0xea/0x610 [ 356.517096] ? wait_for_completion_io+0x10/0x10 [ 356.521752] ? kernfs_next_descendant_post+0x19c/0x290 [ 356.527015] kernfs_new_node+0x92/0x120 [ 356.530990] __kernfs_create_file+0x51/0x340 [ 356.535399] sysfs_add_file_mode_ns+0x226/0x540 [ 356.540057] internal_create_group+0x355/0xb20 [ 356.544653] ? sysfs_remove_link_from_group+0x70/0x70 [ 356.549834] ? lock_downgrade+0x720/0x720 [ 356.553999] lo_ioctl+0xf7c/0x20e0 [ 356.557560] ? loop_set_status64+0x110/0x110 [ 356.561956] blkdev_ioctl+0x5cb/0x1a80 [ 356.565844] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 356.571198] ? blkpg_ioctl+0x9d0/0x9d0 [ 356.575070] ? mark_held_locks+0xf0/0xf0 [ 356.579123] ? mark_held_locks+0xf0/0xf0 [ 356.583177] ? debug_check_no_obj_freed+0x201/0x490 [ 356.588197] ? lock_downgrade+0x720/0x720 [ 356.592345] block_ioctl+0xe9/0x130 [ 356.595956] ? blkdev_fallocate+0x3f0/0x3f0 [ 356.600297] do_vfs_ioctl+0xcdb/0x12e0 [ 356.604287] ? lock_downgrade+0x720/0x720 [ 356.608428] ? check_preemption_disabled+0x41/0x280 [ 356.613433] ? ioctl_preallocate+0x200/0x200 [ 356.617840] ? __fget+0x356/0x510 [ 356.621283] ? do_dup2+0x450/0x450 [ 356.624814] ? do_sys_open+0x2bf/0x520 [ 356.628753] ksys_ioctl+0x9b/0xc0 [ 356.632224] __x64_sys_ioctl+0x6f/0xb0 [ 356.636099] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 356.640668] do_syscall_64+0xf9/0x620 [ 356.644459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 356.649634] RIP: 0033:0x7f7be3202ec7 [ 356.653350] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 356.672240] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 356.679945] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 23:46:11 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 32) pipe2(0x0, 0x0) (rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) renameat2(r3, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)='./file0\x00', 0x4) 23:46:11 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 356.687225] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 356.694483] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 356.701763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 356.709038] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:11 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcc03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 356.772290] erofs: read_super, device -> /dev/loop5 [ 356.774602] erofs: read_super, device -> /dev/loop3 [ 356.781808] erofs: options -> [ 356.786869] erofs: root inode @ nid 36 [ 356.826346] erofs: mounted on /dev/loop5 with opts: . [ 356.829241] erofs: unmounted for /dev/loop4 [ 356.838319] erofs: options -> [ 356.854618] erofs: root inode @ nid 36 [ 356.854785] erofs: unmounted for /dev/loop5 23:46:11 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ptrace(0x4208, r0) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 356.880619] erofs: mounted on /dev/loop3 with opts: . [ 356.897412] erofs: unmounted for /dev/loop3 23:46:12 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:12 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 16) [ 356.980484] erofs: read_super, device -> /dev/loop2 [ 356.984656] erofs: read_super, device -> /dev/loop1 [ 356.986699] erofs: options -> [ 356.996760] erofs: read_super, device -> /dev/loop4 [ 357.010584] erofs: options -> [ 357.011219] erofs: root inode @ nid 36 [ 357.018663] erofs: options -> [ 357.027810] erofs: root inode @ nid 36 [ 357.032743] erofs: mounted on /dev/loop2 with opts: . [ 357.043700] erofs: root inode @ nid 36 [ 357.079305] erofs: mounted on /dev/loop4 with opts: . [ 357.089387] erofs: unmounted for /dev/loop2 [ 357.105021] erofs: mounted on /dev/loop1 with opts: . 23:46:12 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async, rerun: 32) ptrace(0x10, r0) (async, rerun: 32) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) ptrace(0x4208, r0) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 357.128238] erofs: unmounted for /dev/loop1 23:46:12 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x800000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:12 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcd03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 357.172222] FAULT_INJECTION: forcing a failure. [ 357.172222] name failslab, interval 1, probability 0, space 0, times 0 [ 357.184942] erofs: unmounted for /dev/loop4 [ 357.186633] CPU: 1 PID: 21269 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 357.197195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.206556] Call Trace: [ 357.209159] dump_stack+0x1fc/0x2ef [ 357.212805] should_fail.cold+0xa/0xf [ 357.216619] ? setup_fault_attr+0x200/0x200 [ 357.220954] ? lock_acquire+0x170/0x3c0 [ 357.224952] __should_failslab+0x115/0x180 [ 357.229202] should_failslab+0x5/0x10 [ 357.233017] kmem_cache_alloc+0x277/0x370 [ 357.237168] __kernfs_new_node+0xd2/0x680 [ 357.241314] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 357.246067] ? __mutex_unlock_slowpath+0xea/0x610 [ 357.250920] ? wait_for_completion_io+0x10/0x10 [ 357.255601] ? kernfs_next_descendant_post+0x19c/0x290 [ 357.260902] kernfs_new_node+0x92/0x120 [ 357.264880] __kernfs_create_file+0x51/0x340 [ 357.269396] sysfs_add_file_mode_ns+0x226/0x540 [ 357.274066] internal_create_group+0x355/0xb20 [ 357.278666] ? sysfs_remove_link_from_group+0x70/0x70 [ 357.283846] ? lock_downgrade+0x720/0x720 [ 357.287991] lo_ioctl+0xf7c/0x20e0 [ 357.291541] ? loop_set_status64+0x110/0x110 [ 357.295987] blkdev_ioctl+0x5cb/0x1a80 [ 357.299869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 357.305228] ? blkpg_ioctl+0x9d0/0x9d0 [ 357.309102] ? mark_held_locks+0xf0/0xf0 [ 357.313150] ? mark_held_locks+0xf0/0xf0 [ 357.317197] ? debug_check_no_obj_freed+0x201/0x490 [ 357.322245] ? lock_downgrade+0x720/0x720 [ 357.326509] block_ioctl+0xe9/0x130 [ 357.330134] ? blkdev_fallocate+0x3f0/0x3f0 [ 357.334452] do_vfs_ioctl+0xcdb/0x12e0 [ 357.338329] ? lock_downgrade+0x720/0x720 [ 357.342479] ? check_preemption_disabled+0x41/0x280 [ 357.347487] ? ioctl_preallocate+0x200/0x200 [ 357.351898] ? __fget+0x356/0x510 [ 357.355347] ? do_dup2+0x450/0x450 [ 357.358872] ? do_sys_open+0x2bf/0x520 [ 357.362765] ksys_ioctl+0x9b/0xc0 [ 357.366213] __x64_sys_ioctl+0x6f/0xb0 [ 357.370094] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 357.374689] do_syscall_64+0xf9/0x620 [ 357.378486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 357.383686] RIP: 0033:0x7f7be3202ec7 [ 357.387384] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 357.406275] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 357.413974] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 23:46:12 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) ptrace(0x4208, r0) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 357.421266] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 357.428545] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 357.435805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 357.443070] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 357.463328] erofs: read_super, device -> /dev/loop5 [ 357.469413] erofs: options -> 23:46:12 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 357.473206] erofs: root inode @ nid 36 [ 357.477576] erofs: mounted on /dev/loop5 with opts: . [ 357.486886] erofs: unmounted for /dev/loop5 23:46:12 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 17) [ 357.564495] erofs: read_super, device -> /dev/loop1 [ 357.570227] erofs: read_super, device -> /dev/loop3 [ 357.575270] erofs: options -> [ 357.578528] erofs: root inode @ nid 36 [ 357.585294] erofs: options -> [ 357.602171] erofs: read_super, device -> /dev/loop2 [ 357.607330] erofs: options -> [ 357.615210] erofs: root inode @ nid 36 [ 357.625299] erofs: root inode @ nid 36 [ 357.629380] erofs: mounted on /dev/loop3 with opts: . [ 357.643334] erofs: mounted on /dev/loop1 with opts: . [ 357.653243] erofs: mounted on /dev/loop2 with opts: . [ 357.659119] erofs: unmounted for /dev/loop3 23:46:12 executing program 0: r0 = syz_clone(0x1f381c00, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x5, 0xa6, 0x20, 0x0, 0x101, 0x80200, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x7, 0x5}, 0x44088, 0x9, 0xb2c, 0x5, 0xbb3b, 0x48, 0x0, 0x0, 0x3ff, 0x0, 0x71bc7f7}, 0x0, 0xf, 0xffffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:12 executing program 0: r0 = syz_clone(0x1f381c00, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x5, 0xa6, 0x20, 0x0, 0x101, 0x80200, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x7, 0x5}, 0x44088, 0x9, 0xb2c, 0x5, 0xbb3b, 0x48, 0x0, 0x0, 0x3ff, 0x0, 0x71bc7f7}, 0x0, 0xf, 0xffffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async, rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 357.675819] erofs: unmounted for /dev/loop2 [ 357.677243] erofs: unmounted for /dev/loop1 [ 357.760902] FAULT_INJECTION: forcing a failure. [ 357.760902] name failslab, interval 1, probability 0, space 0, times 0 [ 357.773629] CPU: 1 PID: 21307 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 357.781519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.790869] Call Trace: [ 357.793510] dump_stack+0x1fc/0x2ef [ 357.797151] should_fail.cold+0xa/0xf [ 357.801014] ? setup_fault_attr+0x200/0x200 [ 357.805343] ? lock_acquire+0x170/0x3c0 [ 357.809316] __should_failslab+0x115/0x180 [ 357.813561] should_failslab+0x5/0x10 [ 357.817370] kmem_cache_alloc+0x277/0x370 [ 357.821596] __kernfs_new_node+0xd2/0x680 [ 357.825828] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 357.830584] ? __mutex_unlock_slowpath+0xea/0x610 [ 357.835459] ? wait_for_completion_io+0x10/0x10 [ 357.840216] ? kernfs_next_descendant_post+0x19c/0x290 [ 357.845495] kernfs_new_node+0x92/0x120 [ 357.849459] __kernfs_create_file+0x51/0x340 [ 357.853873] sysfs_add_file_mode_ns+0x226/0x540 [ 357.858544] internal_create_group+0x355/0xb20 [ 357.863120] ? sysfs_remove_link_from_group+0x70/0x70 [ 357.868295] ? lock_downgrade+0x720/0x720 [ 357.872457] lo_ioctl+0xf7c/0x20e0 [ 357.876007] ? loop_set_status64+0x110/0x110 [ 357.880404] blkdev_ioctl+0x5cb/0x1a80 [ 357.884282] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 357.889639] ? blkpg_ioctl+0x9d0/0x9d0 [ 357.893522] ? mark_held_locks+0xf0/0xf0 [ 357.897581] ? mark_held_locks+0xf0/0xf0 [ 357.901640] ? debug_check_no_obj_freed+0x201/0x490 [ 357.906655] ? lock_downgrade+0x720/0x720 [ 357.910811] block_ioctl+0xe9/0x130 [ 357.914441] ? blkdev_fallocate+0x3f0/0x3f0 [ 357.918763] do_vfs_ioctl+0xcdb/0x12e0 [ 357.922639] ? lock_downgrade+0x720/0x720 [ 357.926782] ? check_preemption_disabled+0x41/0x280 [ 357.931806] ? ioctl_preallocate+0x200/0x200 [ 357.936297] ? __fget+0x356/0x510 [ 357.939742] ? do_dup2+0x450/0x450 [ 357.943270] ? do_sys_open+0x2bf/0x520 [ 357.947168] ksys_ioctl+0x9b/0xc0 [ 357.950621] __x64_sys_ioctl+0x6f/0xb0 [ 357.954515] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 357.959185] do_syscall_64+0xf9/0x620 [ 357.962980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 357.968153] RIP: 0033:0x7f7be3202ec7 [ 357.971863] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 357.990772] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 357.998487] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 358.005769] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 358.013233] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 358.020505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 358.027772] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 358.047805] erofs: read_super, device -> /dev/loop4 23:46:13 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:13 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:13 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 358.087464] erofs: options -> [ 358.093316] erofs: read_super, device -> /dev/loop5 [ 358.105793] erofs: root inode @ nid 36 [ 358.123151] erofs: options -> [ 358.130379] erofs: mounted on /dev/loop4 with opts: . 23:46:13 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xce03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 358.140337] erofs: root inode @ nid 36 [ 358.153767] erofs: mounted on /dev/loop5 with opts: . 23:46:13 executing program 0: r0 = syz_clone(0x1f381c00, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x5, 0xa6, 0x20, 0x0, 0x101, 0x80200, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x7, 0x5}, 0x44088, 0x9, 0xb2c, 0x5, 0xbb3b, 0x48, 0x0, 0x0, 0x3ff, 0x0, 0x71bc7f7}, 0x0, 0xf, 0xffffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x1f381c00, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x5, 0xa6, 0x20, 0x0, 0x101, 0x80200, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x7, 0x5}, 0x44088, 0x9, 0xb2c, 0x5, 0xbb3b, 0x48, 0x0, 0x0, 0x3ff, 0x0, 0x71bc7f7}, 0x0, 0xf, 0xffffffffffffffff, 0xa) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 358.186534] erofs: unmounted for /dev/loop5 [ 358.191739] erofs: unmounted for /dev/loop4 23:46:13 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 18) [ 358.263104] erofs: read_super, device -> /dev/loop3 [ 358.268159] erofs: options -> [ 358.277165] erofs: read_super, device -> /dev/loop1 [ 358.280081] erofs: read_super, device -> /dev/loop2 [ 358.282967] erofs: options -> [ 358.288448] erofs: options -> [ 358.291286] erofs: root inode @ nid 36 [ 358.315416] erofs: root inode @ nid 36 [ 358.324724] erofs: mounted on /dev/loop3 with opts: . [ 358.332445] erofs: root inode @ nid 36 [ 358.337670] erofs: unmounted for /dev/loop3 [ 358.341963] erofs: mounted on /dev/loop1 with opts: . [ 358.347918] erofs: mounted on /dev/loop2 with opts: . 23:46:13 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2e603, 0x1ed) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) fcntl$dupfd(r1, 0x0, r3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(r3, 0x0, 0x60800, 0x6) [ 358.362902] erofs: read_super, device -> /dev/loop4 [ 358.366971] erofs: unmounted for /dev/loop2 [ 358.367944] erofs: options -> [ 358.375569] erofs: unmounted for /dev/loop1 [ 358.381190] erofs: root inode @ nid 36 [ 358.387236] erofs: mounted on /dev/loop4 with opts: . [ 358.401590] FAULT_INJECTION: forcing a failure. [ 358.401590] name failslab, interval 1, probability 0, space 0, times 0 [ 358.416042] CPU: 1 PID: 21349 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 358.423949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.433302] Call Trace: [ 358.435899] dump_stack+0x1fc/0x2ef [ 358.439520] should_fail.cold+0xa/0xf [ 358.443337] ? setup_fault_attr+0x200/0x200 [ 358.447648] ? lock_acquire+0x170/0x3c0 [ 358.451630] __should_failslab+0x115/0x180 [ 358.455917] should_failslab+0x5/0x10 [ 358.459881] kmem_cache_alloc+0x277/0x370 [ 358.464025] __kernfs_new_node+0xd2/0x680 [ 358.468160] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 358.472916] ? __mutex_unlock_slowpath+0xea/0x610 [ 358.477754] ? wait_for_completion_io+0x10/0x10 [ 358.482502] ? kernfs_next_descendant_post+0x19c/0x290 [ 358.487864] kernfs_new_node+0x92/0x120 [ 358.491840] __kernfs_create_file+0x51/0x340 [ 358.496250] sysfs_add_file_mode_ns+0x226/0x540 [ 358.500908] internal_create_group+0x355/0xb20 [ 358.505502] ? sysfs_remove_link_from_group+0x70/0x70 [ 358.510702] ? lock_downgrade+0x720/0x720 [ 358.514868] lo_ioctl+0xf7c/0x20e0 [ 358.518413] ? loop_set_status64+0x110/0x110 [ 358.522805] blkdev_ioctl+0x5cb/0x1a80 [ 358.526682] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.532039] ? blkpg_ioctl+0x9d0/0x9d0 [ 358.535928] ? mark_held_locks+0xf0/0xf0 [ 358.539981] ? mark_held_locks+0xf0/0xf0 [ 358.544050] ? debug_check_no_obj_freed+0x201/0x490 [ 358.549066] ? lock_downgrade+0x720/0x720 [ 358.553209] block_ioctl+0xe9/0x130 [ 358.556827] ? blkdev_fallocate+0x3f0/0x3f0 [ 358.561134] do_vfs_ioctl+0xcdb/0x12e0 [ 358.565010] ? lock_downgrade+0x720/0x720 [ 358.569161] ? check_preemption_disabled+0x41/0x280 [ 358.574166] ? ioctl_preallocate+0x200/0x200 [ 358.578578] ? __fget+0x356/0x510 [ 358.582019] ? do_dup2+0x450/0x450 [ 358.585542] ? do_sys_open+0x2bf/0x520 [ 358.589417] ksys_ioctl+0x9b/0xc0 [ 358.592867] __x64_sys_ioctl+0x6f/0xb0 [ 358.596755] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 358.601324] do_syscall_64+0xf9/0x620 [ 358.605113] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.610298] RIP: 0033:0x7f7be3202ec7 [ 358.614006] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 358.632901] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 358.640615] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 358.647990] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 358.655247] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 23:46:13 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x23000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:13 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xedc0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 358.662501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 358.669756] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:13 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f00000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:13 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 358.718263] erofs: unmounted for /dev/loop4 [ 358.724153] erofs: read_super, device -> /dev/loop5 [ 358.744389] erofs: options -> [ 358.758549] erofs: root inode @ nid 36 [ 358.776662] erofs: mounted on /dev/loop5 with opts: . [ 358.796617] erofs: read_super, device -> /dev/loop3 [ 358.813044] erofs: options -> [ 358.830985] erofs: unmounted for /dev/loop5 [ 358.839490] erofs: root inode @ nid 36 [ 358.867657] erofs: mounted on /dev/loop3 with opts: . [ 358.885717] erofs: unmounted for /dev/loop3 [ 358.904536] erofs: read_super, device -> /dev/loop1 [ 358.919935] erofs: read_super, device -> /dev/loop2 [ 358.928944] erofs: read_super, device -> /dev/loop4 23:46:13 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 19) [ 358.932939] erofs: options -> [ 358.934370] erofs: options -> 23:46:14 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 358.961608] erofs: root inode @ nid 36 [ 358.965008] erofs: options -> [ 358.965680] erofs: mounted on /dev/loop1 with opts: . [ 358.974388] erofs: unmounted for /dev/loop1 [ 358.979185] erofs: root inode @ nid 36 [ 358.984327] erofs: mounted on /dev/loop2 with opts: . [ 358.992938] erofs: unmounted for /dev/loop2 [ 358.998538] erofs: root inode @ nid 36 [ 359.003684] erofs: mounted on /dev/loop4 with opts: . 23:46:14 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xff0f, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:14 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x35270000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:14 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20010900, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 359.055951] erofs: unmounted for /dev/loop4 [ 359.292997] FAULT_INJECTION: forcing a failure. [ 359.292997] name failslab, interval 1, probability 0, space 0, times 0 [ 359.304572] CPU: 0 PID: 21409 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 359.312554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.322093] Call Trace: [ 359.324687] dump_stack+0x1fc/0x2ef [ 359.328335] should_fail.cold+0xa/0xf [ 359.332155] ? setup_fault_attr+0x200/0x200 [ 359.336496] ? lock_acquire+0x170/0x3c0 [ 359.340492] ? dev_uevent_filter+0xd0/0xd0 [ 359.344740] __should_failslab+0x115/0x180 [ 359.349018] should_failslab+0x5/0x10 [ 359.352826] kmem_cache_alloc_trace+0x284/0x380 [ 359.357502] ? dev_uevent_filter+0xd0/0xd0 [ 359.361746] kobject_uevent_env+0x236/0x1480 [ 359.366159] lo_ioctl+0xff9/0x20e0 [ 359.369697] ? loop_set_status64+0x110/0x110 [ 359.374104] blkdev_ioctl+0x5cb/0x1a80 [ 359.378003] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 359.383371] ? blkpg_ioctl+0x9d0/0x9d0 [ 359.387266] ? mark_held_locks+0xf0/0xf0 [ 359.391325] ? mark_held_locks+0xf0/0xf0 [ 359.395380] ? debug_check_no_obj_freed+0x201/0x490 [ 359.400422] ? lock_downgrade+0x720/0x720 [ 359.404640] block_ioctl+0xe9/0x130 [ 359.408305] ? blkdev_fallocate+0x3f0/0x3f0 [ 359.412631] do_vfs_ioctl+0xcdb/0x12e0 [ 359.416515] ? lock_downgrade+0x720/0x720 [ 359.420662] ? check_preemption_disabled+0x41/0x280 [ 359.425713] ? ioctl_preallocate+0x200/0x200 [ 359.430124] ? __fget+0x356/0x510 [ 359.433591] ? do_dup2+0x450/0x450 [ 359.437134] ? do_sys_open+0x2bf/0x520 [ 359.441028] ksys_ioctl+0x9b/0xc0 [ 359.444482] __x64_sys_ioctl+0x6f/0xb0 [ 359.448360] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 359.452939] do_syscall_64+0xf9/0x620 [ 359.456759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 359.461957] RIP: 0033:0x7f7be3202ec7 [ 359.465664] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 359.484654] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 359.492365] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 359.499638] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 359.506906] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 359.514188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 359.521479] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 359.549141] erofs: read_super, device -> /dev/loop1 [ 359.554593] erofs: read_super, device -> /dev/loop4 [ 359.559618] erofs: options -> [ 359.563181] erofs: read_super, device -> /dev/loop5 [ 359.572475] erofs: read_super, device -> /dev/loop2 [ 359.577761] erofs: options -> [ 359.577816] erofs: root inode @ nid 36 [ 359.577892] erofs: mounted on /dev/loop5 with opts: . 23:46:14 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2e603, 0x1ed) (async) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) fcntl$dupfd(r1, 0x0, r3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(r3, 0x0, 0x60800, 0x6) [ 359.596655] erofs: options -> [ 359.617578] erofs: read_super, device -> /dev/loop3 [ 359.618816] erofs: options -> [ 359.643035] erofs: root inode @ nid 36 [ 359.647034] erofs: mounted on /dev/loop4 with opts: . [ 359.652879] erofs: root inode @ nid 36 [ 359.655057] erofs: options -> [ 359.659256] erofs: mounted on /dev/loop1 with opts: . [ 359.675847] erofs: root inode @ nid 36 [ 359.688223] erofs: unmounted for /dev/loop5 [ 359.697367] erofs: mounted on /dev/loop2 with opts: . [ 359.711049] erofs: unmounted for /dev/loop1 [ 359.715622] erofs: root inode @ nid 36 [ 359.719596] erofs: mounted on /dev/loop3 with opts: . [ 359.734879] erofs: unmounted for /dev/loop2 23:46:14 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8303000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 359.748759] erofs: unmounted for /dev/loop3 23:46:14 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xeffdffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:14 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:14 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 20) 23:46:14 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 359.902187] erofs: read_super, device -> /dev/loop2 [ 359.904052] erofs: unmounted for /dev/loop4 [ 359.907259] erofs: options -> [ 359.907536] erofs: root inode @ nid 36 [ 359.934616] erofs: mounted on /dev/loop2 with opts: . [ 359.950045] erofs: unmounted for /dev/loop2 23:46:15 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 360.001329] erofs: read_super, device -> /dev/loop1 [ 360.007953] erofs: options -> [ 360.019517] erofs: root inode @ nid 36 [ 360.029147] FAULT_INJECTION: forcing a failure. [ 360.029147] name failslab, interval 1, probability 0, space 0, times 0 [ 360.051611] erofs: mounted on /dev/loop1 with opts: . [ 360.052306] CPU: 1 PID: 21443 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 360.064955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.069032] erofs: unmounted for /dev/loop1 [ 360.074315] Call Trace: [ 360.074340] dump_stack+0x1fc/0x2ef [ 360.074362] should_fail.cold+0xa/0xf [ 360.074383] ? setup_fault_attr+0x200/0x200 [ 360.074396] ? lock_acquire+0x170/0x3c0 [ 360.074415] __should_failslab+0x115/0x180 [ 360.074432] should_failslab+0x5/0x10 [ 360.074444] __kmalloc+0x2ab/0x3c0 [ 360.074457] ? kobject_get_path+0xbf/0x240 [ 360.074475] kobject_get_path+0xbf/0x240 [ 360.074494] kobject_uevent_env+0x25c/0x1480 [ 360.074517] lo_ioctl+0xff9/0x20e0 [ 360.124832] ? loop_set_status64+0x110/0x110 [ 360.129252] blkdev_ioctl+0x5cb/0x1a80 [ 360.133262] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.138630] ? blkpg_ioctl+0x9d0/0x9d0 [ 360.142517] ? mark_held_locks+0xf0/0xf0 [ 360.146611] ? mark_held_locks+0xf0/0xf0 [ 360.150697] ? debug_check_no_obj_freed+0x201/0x490 [ 360.155708] ? lock_downgrade+0x720/0x720 [ 360.159858] block_ioctl+0xe9/0x130 [ 360.163494] ? blkdev_fallocate+0x3f0/0x3f0 [ 360.167848] do_vfs_ioctl+0xcdb/0x12e0 [ 360.171730] ? lock_downgrade+0x720/0x720 [ 360.175871] ? check_preemption_disabled+0x41/0x280 [ 360.180886] ? ioctl_preallocate+0x200/0x200 [ 360.185308] ? __fget+0x356/0x510 [ 360.188850] ? do_dup2+0x450/0x450 [ 360.192399] ? do_sys_open+0x2bf/0x520 [ 360.196350] ksys_ioctl+0x9b/0xc0 [ 360.199803] __x64_sys_ioctl+0x6f/0xb0 [ 360.203699] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 360.208289] do_syscall_64+0xf9/0x620 [ 360.212235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.217421] RIP: 0033:0x7f7be3202ec7 [ 360.221142] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 360.240052] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 360.247795] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 360.255064] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 360.262331] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 360.269597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 360.276870] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 360.337852] erofs: read_super, device -> /dev/loop5 [ 360.340234] erofs: read_super, device -> /dev/loop4 [ 360.348167] erofs: options -> [ 360.362532] erofs: root inode @ nid 36 [ 360.365133] erofs: options -> [ 360.366704] erofs: mounted on /dev/loop4 with opts: . [ 360.382884] erofs: root inode @ nid 36 [ 360.387390] erofs: mounted on /dev/loop5 with opts: . [ 360.395602] erofs: unmounted for /dev/loop5 [ 360.411092] erofs: read_super, device -> /dev/loop3 23:46:15 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x100000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 360.437475] erofs: options -> [ 360.443191] erofs: root inode @ nid 36 [ 360.447412] erofs: mounted on /dev/loop3 with opts: . [ 360.453289] erofs: read_super, device -> /dev/loop2 [ 360.462951] erofs: options -> [ 360.482491] erofs: unmounted for /dev/loop4 23:46:15 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8cffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:15 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 21) [ 360.491231] erofs: unmounted for /dev/loop3 [ 360.497662] erofs: root inode @ nid 36 [ 360.508900] erofs: mounted on /dev/loop2 with opts: . 23:46:15 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x53000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 360.553305] erofs: unmounted for /dev/loop2 23:46:15 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2e603, 0x1ed) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000d67) (async) fcntl$dupfd(r1, 0x0, r3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (rerun: 32) openat(r3, 0x0, 0x60800, 0x6) 23:46:15 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfcfdffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 360.663983] erofs: read_super, device -> /dev/loop4 [ 360.669465] erofs: options -> [ 360.675848] erofs: root inode @ nid 36 [ 360.676385] FAULT_INJECTION: forcing a failure. [ 360.676385] name failslab, interval 1, probability 0, space 0, times 0 [ 360.686655] erofs: mounted on /dev/loop4 with opts: . [ 360.691506] CPU: 0 PID: 21476 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 360.704448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.715001] Call Trace: [ 360.717613] dump_stack+0x1fc/0x2ef [ 360.721269] should_fail.cold+0xa/0xf [ 360.725087] ? setup_fault_attr+0x200/0x200 [ 360.729421] ? lock_acquire+0x170/0x3c0 [ 360.733415] __should_failslab+0x115/0x180 [ 360.737665] should_failslab+0x5/0x10 [ 360.741478] __kmalloc+0x2ab/0x3c0 [ 360.745038] ? kobject_get_path+0xbf/0x240 [ 360.749384] kobject_get_path+0xbf/0x240 [ 360.753481] kobject_uevent_env+0x25c/0x1480 [ 360.757912] lo_ioctl+0xff9/0x20e0 [ 360.761455] ? loop_set_status64+0x110/0x110 [ 360.765864] blkdev_ioctl+0x5cb/0x1a80 [ 360.769749] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.775114] ? blkpg_ioctl+0x9d0/0x9d0 [ 360.779014] ? mark_held_locks+0xf0/0xf0 [ 360.783086] ? mark_held_locks+0xf0/0xf0 [ 360.787140] ? debug_check_no_obj_freed+0x201/0x490 [ 360.792170] ? lock_downgrade+0x720/0x720 [ 360.796401] block_ioctl+0xe9/0x130 [ 360.800021] ? blkdev_fallocate+0x3f0/0x3f0 [ 360.804333] do_vfs_ioctl+0xcdb/0x12e0 [ 360.808222] ? lock_downgrade+0x720/0x720 [ 360.812375] ? check_preemption_disabled+0x41/0x280 [ 360.817389] ? ioctl_preallocate+0x200/0x200 [ 360.821816] ? __fget+0x356/0x510 [ 360.825351] ? do_dup2+0x450/0x450 [ 360.828897] ? do_sys_open+0x2bf/0x520 [ 360.832786] ksys_ioctl+0x9b/0xc0 [ 360.836253] __x64_sys_ioctl+0x6f/0xb0 [ 360.840140] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 360.844812] do_syscall_64+0xf9/0x620 [ 360.848616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.853799] RIP: 0033:0x7f7be3202ec7 [ 360.857509] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 360.876725] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 360.884447] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 360.891712] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 360.899081] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 360.906343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 360.913617] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 360.939846] erofs: read_super, device -> /dev/loop1 [ 360.944971] erofs: options -> [ 360.959250] erofs: root inode @ nid 36 [ 360.963576] erofs: read_super, device -> /dev/loop5 [ 360.967743] erofs: read_super, device -> /dev/loop3 [ 360.976625] erofs: mounted on /dev/loop1 with opts: . [ 360.983608] erofs: options -> 23:46:16 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1fffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 360.987991] erofs: read_super, device -> /dev/loop2 [ 360.994600] erofs: options -> [ 361.011910] erofs: root inode @ nid 36 [ 361.020790] erofs: options -> [ 361.023505] erofs: root inode @ nid 36 [ 361.028106] erofs: unmounted for /dev/loop4 [ 361.042606] erofs: mounted on /dev/loop5 with opts: . [ 361.046762] erofs: root inode @ nid 36 [ 361.051952] erofs: mounted on /dev/loop3 with opts: . [ 361.068174] erofs: unmounted for /dev/loop1 [ 361.082354] erofs: unmounted for /dev/loop5 [ 361.086932] erofs: unmounted for /dev/loop3 23:46:16 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 22) [ 361.095658] erofs: mounted on /dev/loop2 with opts: . [ 361.114947] erofs: unmounted for /dev/loop2 23:46:16 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf6ffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:16 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfdfdffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:16 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5cf90000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 361.260719] erofs: read_super, device -> /dev/loop4 [ 361.266107] erofs: options -> [ 361.266961] FAULT_INJECTION: forcing a failure. [ 361.266961] name failslab, interval 1, probability 0, space 0, times 0 [ 361.281331] erofs: root inode @ nid 36 [ 361.285750] erofs: mounted on /dev/loop4 with opts: . [ 361.286570] CPU: 1 PID: 21507 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 361.298922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.308268] Call Trace: [ 361.310849] dump_stack+0x1fc/0x2ef [ 361.314680] should_fail.cold+0xa/0xf [ 361.319349] ? setup_fault_attr+0x200/0x200 [ 361.323770] ? lock_acquire+0x170/0x3c0 [ 361.327773] __should_failslab+0x115/0x180 [ 361.332020] should_failslab+0x5/0x10 [ 361.335830] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 361.340934] __kmalloc_node_track_caller+0x38/0x70 [ 361.345875] __alloc_skb+0xae/0x560 [ 361.349688] alloc_uevent_skb+0x7b/0x210 [ 361.353768] kobject_uevent_env+0xa90/0x1480 [ 361.358176] lo_ioctl+0xff9/0x20e0 [ 361.361710] ? loop_set_status64+0x110/0x110 [ 361.366128] blkdev_ioctl+0x5cb/0x1a80 [ 361.370011] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 361.375369] ? blkpg_ioctl+0x9d0/0x9d0 [ 361.379272] ? mark_held_locks+0xf0/0xf0 [ 361.383324] ? mark_held_locks+0xf0/0xf0 [ 361.387376] ? debug_check_no_obj_freed+0x201/0x490 [ 361.392397] ? lock_downgrade+0x720/0x720 [ 361.396560] block_ioctl+0xe9/0x130 [ 361.400194] ? blkdev_fallocate+0x3f0/0x3f0 [ 361.404530] do_vfs_ioctl+0xcdb/0x12e0 [ 361.408417] ? lock_downgrade+0x720/0x720 [ 361.412564] ? check_preemption_disabled+0x41/0x280 [ 361.417575] ? ioctl_preallocate+0x200/0x200 [ 361.421999] ? __fget+0x356/0x510 [ 361.425456] ? do_dup2+0x450/0x450 [ 361.429004] ? do_sys_open+0x2bf/0x520 [ 361.432913] ksys_ioctl+0x9b/0xc0 [ 361.436443] __x64_sys_ioctl+0x6f/0xb0 [ 361.440331] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 361.444917] do_syscall_64+0xf9/0x620 [ 361.448727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 361.453932] RIP: 0033:0x7f7be3202ec7 [ 361.457644] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 361.476544] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 361.484337] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 361.491685] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 361.498950] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 361.506226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 361.513618] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 [ 361.546403] erofs: read_super, device -> /dev/loop5 23:46:16 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 361.575603] erofs: read_super, device -> /dev/loop2 [ 361.581682] erofs: options -> [ 361.585466] erofs: root inode @ nid 36 [ 361.600679] erofs: mounted on /dev/loop2 with opts: . [ 361.606780] erofs: options -> [ 361.618108] erofs: unmounted for /dev/loop2 23:46:16 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 361.626230] erofs: unmounted for /dev/loop4 [ 361.654181] erofs: root inode @ nid 36 [ 361.687356] erofs: mounted on /dev/loop5 with opts: . [ 361.695570] erofs: read_super, device -> /dev/loop3 [ 361.707457] erofs: options -> [ 361.711739] erofs: root inode @ nid 36 [ 361.716040] erofs: mounted on /dev/loop3 with opts: . [ 361.718046] erofs: unmounted for /dev/loop5 [ 361.721577] erofs: unmounted for /dev/loop3 23:46:16 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) pipe2(0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000d67) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7a}, @void, @val={0xc, 0x99, {0x7fff, 0x35}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) openat(r5, 0x0, 0x60800, 0x10) 23:46:16 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 361.744931] erofs: read_super, device -> /dev/loop1 [ 361.754180] erofs: read_super, device -> /dev/loop4 [ 361.771801] erofs: options -> 23:46:16 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 23) [ 361.795758] erofs: root inode @ nid 36 [ 361.811012] erofs: options -> [ 361.820893] erofs: read_super, device -> /dev/loop2 [ 361.828419] erofs: mounted on /dev/loop1 with opts: . [ 361.843662] erofs: root inode @ nid 36 [ 361.851704] erofs: options -> [ 361.857386] erofs: mounted on /dev/loop4 with opts: . [ 361.863121] erofs: unmounted for /dev/loop1 [ 361.872084] erofs: root inode @ nid 36 [ 361.879105] erofs: mounted on /dev/loop2 with opts: . [ 361.894823] erofs: unmounted for /dev/loop2 23:46:17 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffdef, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:17 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 361.973259] erofs: unmounted for /dev/loop4 [ 361.984877] FAULT_INJECTION: forcing a failure. [ 361.984877] name failslab, interval 1, probability 0, space 0, times 0 [ 361.998156] CPU: 0 PID: 21548 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 362.006160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.015520] Call Trace: [ 362.018140] dump_stack+0x1fc/0x2ef [ 362.021759] should_fail.cold+0xa/0xf [ 362.025545] ? setup_fault_attr+0x200/0x200 [ 362.029857] ? lock_acquire+0x170/0x3c0 [ 362.033834] __should_failslab+0x115/0x180 [ 362.038188] should_failslab+0x5/0x10 [ 362.041983] kmem_cache_alloc_trace+0x284/0x380 [ 362.046651] ? wait_for_completion_io+0x10/0x10 [ 362.051330] ? kobj_ns_initial+0x90/0x90 [ 362.055392] call_usermodehelper_setup+0x84/0x300 [ 362.060226] kobject_uevent_env+0xe83/0x1480 [ 362.064640] lo_ioctl+0xff9/0x20e0 [ 362.068177] ? loop_set_status64+0x110/0x110 [ 362.072583] blkdev_ioctl+0x5cb/0x1a80 [ 362.076468] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 362.081830] ? blkpg_ioctl+0x9d0/0x9d0 [ 362.085711] ? mark_held_locks+0xf0/0xf0 [ 362.089778] ? mark_held_locks+0xf0/0xf0 [ 362.093827] ? debug_check_no_obj_freed+0x201/0x490 [ 362.098881] ? lock_downgrade+0x720/0x720 [ 362.103019] block_ioctl+0xe9/0x130 [ 362.106630] ? blkdev_fallocate+0x3f0/0x3f0 [ 362.110944] do_vfs_ioctl+0xcdb/0x12e0 [ 362.114893] ? lock_downgrade+0x720/0x720 [ 362.119033] ? check_preemption_disabled+0x41/0x280 [ 362.124049] ? ioctl_preallocate+0x200/0x200 [ 362.128466] ? __fget+0x356/0x510 [ 362.131940] ? do_dup2+0x450/0x450 [ 362.135471] ? do_sys_open+0x2bf/0x520 [ 362.139455] ksys_ioctl+0x9b/0xc0 [ 362.142910] __x64_sys_ioctl+0x6f/0xb0 [ 362.146881] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 362.151460] do_syscall_64+0xf9/0x620 [ 362.155298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 362.160493] RIP: 0033:0x7f7be3202ec7 [ 362.164197] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 362.183092] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.190851] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 362.198112] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 362.205479] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 362.212740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 362.220023] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:17 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffff1f0000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 362.281084] erofs: read_super, device -> /dev/loop5 [ 362.286460] erofs: read_super, device -> /dev/loop3 [ 362.301539] erofs: options -> [ 362.339702] erofs: options -> [ 362.346948] erofs: root inode @ nid 36 [ 362.361134] erofs: root inode @ nid 36 [ 362.392369] erofs: mounted on /dev/loop3 with opts: . [ 362.405211] erofs: mounted on /dev/loop5 with opts: . [ 362.416717] erofs: read_super, device -> /dev/loop1 [ 362.426905] erofs: options -> [ 362.435474] erofs: unmounted for /dev/loop3 23:46:17 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffff7f00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:17 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x85030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 362.438646] erofs: root inode @ nid 36 [ 362.459179] erofs: mounted on /dev/loop1 with opts: . [ 362.460437] erofs: unmounted for /dev/loop5 [ 362.470476] erofs: unmounted for /dev/loop1 23:46:17 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 24) [ 362.600559] erofs: read_super, device -> /dev/loop4 [ 362.615353] erofs: read_super, device -> /dev/loop2 [ 362.624376] erofs: options -> [ 362.629859] erofs: read_super, device -> /dev/loop3 [ 362.635928] erofs: options -> [ 362.643236] erofs: root inode @ nid 36 [ 362.655904] erofs: root inode @ nid 36 [ 362.661723] FAULT_INJECTION: forcing a failure. [ 362.661723] name failslab, interval 1, probability 0, space 0, times 0 [ 362.673839] erofs: options -> [ 362.681737] erofs: root inode @ nid 36 [ 362.688167] erofs: mounted on /dev/loop2 with opts: . [ 362.695521] erofs: mounted on /dev/loop4 with opts: . [ 362.701871] erofs: mounted on /dev/loop3 with opts: . [ 362.705669] CPU: 1 PID: 21577 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 362.707692] erofs: unmounted for /dev/loop2 [ 362.715002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.715009] Call Trace: [ 362.715034] dump_stack+0x1fc/0x2ef [ 362.715054] should_fail.cold+0xa/0xf [ 362.715073] ? setup_fault_attr+0x200/0x200 [ 362.715088] ? lock_acquire+0x170/0x3c0 [ 362.715109] __should_failslab+0x115/0x180 [ 362.715125] should_failslab+0x5/0x10 [ 362.715138] kmem_cache_alloc+0x277/0x370 [ 362.715151] skb_clone+0x151/0x3d0 [ 362.715168] netlink_broadcast_filtered+0x8e5/0xbc0 [ 362.715191] netlink_broadcast+0x35/0x40 [ 362.715210] kobject_uevent_env+0xa56/0x1480 [ 362.715231] lo_ioctl+0xff9/0x20e0 [ 362.715249] ? loop_set_status64+0x110/0x110 [ 362.715266] blkdev_ioctl+0x5cb/0x1a80 [ 362.715282] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 362.715297] ? blkpg_ioctl+0x9d0/0x9d0 [ 362.729239] erofs: unmounted for /dev/loop3 [ 362.731538] ? mark_held_locks+0xf0/0xf0 [ 362.731552] ? mark_held_locks+0xf0/0xf0 [ 362.731570] ? debug_check_no_obj_freed+0x201/0x490 [ 362.731586] ? lock_downgrade+0x720/0x720 [ 362.731602] block_ioctl+0xe9/0x130 [ 362.731614] ? blkdev_fallocate+0x3f0/0x3f0 [ 362.731629] do_vfs_ioctl+0xcdb/0x12e0 [ 362.731645] ? lock_downgrade+0x720/0x720 [ 362.731661] ? check_preemption_disabled+0x41/0x280 [ 362.731674] ? ioctl_preallocate+0x200/0x200 [ 362.731692] ? __fget+0x356/0x510 [ 362.731707] ? do_dup2+0x450/0x450 [ 362.852595] ? do_sys_open+0x2bf/0x520 [ 362.856477] ksys_ioctl+0x9b/0xc0 [ 362.859934] __x64_sys_ioctl+0x6f/0xb0 [ 362.863818] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 362.868391] do_syscall_64+0xf9/0x620 [ 362.872185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 362.877359] RIP: 0033:0x7f7be3202ec7 [ 362.881063] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 34 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:46:18 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) pipe2(0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000d67) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7a}, @void, @val={0xc, 0x99, {0x7fff, 0x35}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) openat(r5, 0x0, 0x60800, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r1, r2, 0x0, 0x20000000d67) (async) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000d67) (async) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7a}, @void, @val={0xc, 0x99, {0x7fff, 0x35}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r4, r5, 0x0, 0x20000000d67) (async) openat(r5, 0x0, 0x60800, 0x10) (async) [ 362.899954] RSP: 002b:00007f7be1b77f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.907654] RAX: ffffffffffffffda RBX: 00007f7be324ca20 RCX: 00007f7be3202ec7 [ 362.914912] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 362.922170] RBP: 0000000000000006 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 362.929462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 362.936721] R13: 0000000000000005 R14: 0000000020000248 R15: 0000000000000003 23:46:18 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:18 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffdfc, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:18 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.007640] erofs: read_super, device -> /dev/loop5 [ 363.013035] erofs: options -> [ 363.016680] erofs: root inode @ nid 36 [ 363.045373] erofs: mounted on /dev/loop5 with opts: . [ 363.060152] erofs: unmounted for /dev/loop4 [ 363.069920] erofs: read_super, device -> /dev/loop1 [ 363.075396] erofs: options -> [ 363.078649] erofs: root inode @ nid 36 [ 363.083172] erofs: unmounted for /dev/loop5 [ 363.116112] erofs: mounted on /dev/loop1 with opts: . [ 363.140506] erofs: unmounted for /dev/loop1 23:46:18 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 25) [ 363.215601] erofs: read_super, device -> /dev/loop2 [ 363.221282] erofs: read_super, device -> /dev/loop3 [ 363.222000] erofs: options -> [ 363.229471] erofs: options -> [ 363.239245] erofs: read_super, device -> /dev/loop4 23:46:18 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.286925] erofs: options -> [ 363.298319] erofs: root inode @ nid 36 [ 363.307445] erofs: root inode @ nid 36 [ 363.324920] erofs: mounted on /dev/loop3 with opts: . [ 363.329000] erofs: root inode @ nid 36 [ 363.338205] erofs: mounted on /dev/loop4 with opts: . [ 363.357361] erofs: mounted on /dev/loop2 with opts: . [ 363.358056] erofs: unmounted for /dev/loop3 23:46:18 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:18 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.406671] erofs: unmounted for /dev/loop2 [ 363.426145] erofs: read_super, device -> /dev/loop1 [ 363.430263] erofs: unmounted for /dev/loop4 [ 363.433668] erofs: options -> [ 363.445267] erofs: root inode @ nid 36 23:46:18 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.452420] erofs: mounted on /dev/loop1 with opts: . [ 363.458415] erofs: unmounted for /dev/loop1 [ 363.513442] FAULT_INJECTION: forcing a failure. [ 363.513442] name failslab, interval 1, probability 0, space 0, times 0 [ 363.530334] CPU: 1 PID: 21640 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 363.538237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 363.547676] Call Trace: [ 363.550277] dump_stack+0x1fc/0x2ef [ 363.553922] should_fail.cold+0xa/0xf [ 363.557831] ? setup_fault_attr+0x200/0x200 [ 363.562167] ? lock_acquire+0x170/0x3c0 [ 363.566166] __should_failslab+0x115/0x180 [ 363.570425] should_failslab+0x5/0x10 [ 363.574304] kmem_cache_alloc+0x277/0x370 [ 363.578505] getname_flags+0xce/0x590 [ 363.582325] do_mkdirat+0x8d/0x2d0 [ 363.585864] ? __ia32_sys_mknod+0x120/0x120 [ 363.590190] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 363.595650] ? trace_hardirqs_off_caller+0x6e/0x210 [ 363.600683] ? do_syscall_64+0x21/0x620 [ 363.604675] do_syscall_64+0xf9/0x620 [ 363.608490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 363.613705] RIP: 0033:0x7f7be3202217 [ 363.617417] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 363.636327] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 363.644028] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3202217 [ 363.651299] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c [ 363.658566] RBP: 00007f7be1b781d0 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 363.665912] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 363.673184] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:18 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) pipe2(0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000d67) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7a}, @void, @val={0xc, 0x99, {0x7fff, 0x35}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x20000000d67) openat(r5, 0x0, 0x60800, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r1, r2, 0x0, 0x20000000d67) (async) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000d67) (async) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7a}, @void, @val={0xc, 0x99, {0x7fff, 0x35}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r4, r5, 0x0, 0x20000000d67) (async) openat(r5, 0x0, 0x60800, 0x10) (async) [ 363.756766] erofs: read_super, device -> /dev/loop3 23:46:18 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffdfd, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.776903] erofs: options -> [ 363.790397] erofs: read_super, device -> /dev/loop4 [ 363.795822] erofs: read_super, device -> /dev/loop5 [ 363.810532] erofs: read_super, device -> /dev/loop1 [ 363.822703] erofs: options -> [ 363.852728] erofs: options -> [ 363.856166] erofs: options -> [ 363.869789] erofs: root inode @ nid 36 [ 363.873970] erofs: cannot read erofs superblock [ 363.881322] erofs: root inode @ nid 36 [ 363.886554] erofs: root inode @ nid 36 [ 363.888019] erofs: mounted on /dev/loop3 with opts: . [ 363.907403] erofs: unmounted for /dev/loop3 [ 363.907940] erofs: mounted on /dev/loop5 with opts: . [ 363.919447] erofs: mounted on /dev/loop4 with opts: . 23:46:19 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:19 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc0030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 363.963754] erofs: unmounted for /dev/loop5 23:46:19 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:19 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 26) [ 363.989055] erofs: unmounted for /dev/loop4 [ 364.053622] erofs: read_super, device -> /dev/loop2 [ 364.062386] erofs: options -> [ 364.066420] erofs: root inode @ nid 36 [ 364.075290] erofs: mounted on /dev/loop2 with opts: . [ 364.082983] erofs: unmounted for /dev/loop2 23:46:19 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.113060] erofs: read_super, device -> /dev/loop3 [ 364.127114] erofs: options -> [ 364.135182] erofs: read_super, device -> /dev/loop1 [ 364.154529] erofs: root inode @ nid 36 [ 364.155564] erofs: options -> [ 364.178317] erofs: root inode @ nid 36 [ 364.190556] erofs: mounted on /dev/loop3 with opts: . [ 364.197966] erofs: mounted on /dev/loop1 with opts: . [ 364.210572] erofs: unmounted for /dev/loop3 23:46:19 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.225437] erofs: read_super, device -> /dev/loop4 [ 364.232453] erofs: unmounted for /dev/loop1 [ 364.255065] erofs: options -> [ 364.274035] erofs: root inode @ nid 36 [ 364.286368] erofs: mounted on /dev/loop4 with opts: . [ 364.296934] FAULT_INJECTION: forcing a failure. [ 364.296934] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 364.308758] CPU: 0 PID: 21710 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 364.316651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 364.326014] Call Trace: [ 364.328616] dump_stack+0x1fc/0x2ef [ 364.332267] should_fail.cold+0xa/0xf [ 364.336093] ? setup_fault_attr+0x200/0x200 [ 364.340424] ? wake_up_q+0x93/0xe0 [ 364.343970] ? __mutex_unlock_slowpath+0x2be/0x610 [ 364.348903] __alloc_pages_nodemask+0x239/0x2890 [ 364.353688] ? __lock_acquire+0x6de/0x3ff0 [ 364.357919] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 364.363187] ? blkdev_ioctl+0x11a/0x1a80 [ 364.367248] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 364.372626] ? blkpg_ioctl+0x9d0/0x9d0 [ 364.376509] ? debug_check_no_obj_freed+0x201/0x490 [ 364.381523] ? lock_downgrade+0x720/0x720 [ 364.385665] cache_grow_begin+0xa4/0x8a0 [ 364.389723] ? setup_fault_attr+0x200/0x200 [ 364.394051] ? lock_acquire+0x170/0x3c0 [ 364.398104] cache_alloc_refill+0x273/0x340 [ 364.402496] kmem_cache_alloc+0x346/0x370 [ 364.406636] getname_flags+0xce/0x590 [ 364.410441] do_mkdirat+0x8d/0x2d0 [ 364.414057] ? __ia32_sys_mknod+0x120/0x120 [ 364.418371] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 364.423724] ? trace_hardirqs_off_caller+0x6e/0x210 [ 364.428728] ? do_syscall_64+0x21/0x620 [ 364.432695] do_syscall_64+0xf9/0x620 [ 364.436490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 364.441688] RIP: 0033:0x7f7be3202217 [ 364.445386] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 364.464279] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 364.472062] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be3202217 [ 364.479336] RDX: 00000000000001ff RSI: 0000000020000100 RDI: 00000000ffffff9c 23:46:19 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x20800, 0x82) 23:46:19 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc1030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.486593] RBP: 00007f7be1b781d0 R08: 0000000000000000 R09: 00007f7be1b781d0 [ 364.493870] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 364.501214] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:19 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:19 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.539994] erofs: read_super, device -> /dev/loop2 [ 364.548694] erofs: options -> [ 364.561352] erofs: root inode @ nid 36 [ 364.575182] erofs: unmounted for /dev/loop4 [ 364.578554] erofs: mounted on /dev/loop2 with opts: . [ 364.587956] erofs: unmounted for /dev/loop2 23:46:19 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x20800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x20800, 0x82) (async) 23:46:19 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffffe, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.655198] erofs: read_super, device -> /dev/loop5 [ 364.655446] erofs: read_super, device -> /dev/loop1 [ 364.665025] erofs: options -> [ 364.670398] erofs: options -> [ 364.679750] erofs: root inode @ nid 36 [ 364.685996] erofs: root inode @ nid 36 [ 364.691427] erofs: mounted on /dev/loop1 with opts: . [ 364.693279] erofs: mounted on /dev/loop5 with opts: . [ 364.697194] erofs: unmounted for /dev/loop1 [ 364.702725] erofs: unmounted for /dev/loop5 23:46:19 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:19 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 27) [ 364.817296] erofs: read_super, device -> /dev/loop4 [ 364.822900] erofs: options -> [ 364.835251] erofs: root inode @ nid 36 [ 364.841700] erofs: read_super, device -> /dev/loop3 [ 364.854159] erofs: mounted on /dev/loop4 with opts: . [ 364.860195] erofs: options -> [ 364.883793] erofs: root inode @ nid 36 23:46:19 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:19 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x20800, 0x82) 23:46:20 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc2030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 364.912157] erofs: mounted on /dev/loop3 with opts: . [ 364.930904] erofs: unmounted for /dev/loop4 [ 364.934823] erofs: unmounted for /dev/loop3 [ 364.986400] FAULT_INJECTION: forcing a failure. [ 364.986400] name failslab, interval 1, probability 0, space 0, times 0 [ 364.994640] erofs: read_super, device -> /dev/loop2 [ 365.033740] erofs: read_super, device -> /dev/loop1 [ 365.041170] erofs: options -> [ 365.049581] CPU: 0 PID: 21764 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 365.057492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.066850] Call Trace: [ 365.069452] dump_stack+0x1fc/0x2ef [ 365.073097] should_fail.cold+0xa/0xf [ 365.076908] ? setup_fault_attr+0x200/0x200 [ 365.081330] ? lock_acquire+0x170/0x3c0 [ 365.085323] __should_failslab+0x115/0x180 [ 365.086639] erofs: options -> [ 365.089565] should_failslab+0x5/0x10 [ 365.089581] __kmalloc_track_caller+0x2a6/0x3c0 [ 365.089595] ? strndup_user+0x70/0x120 [ 365.089612] memdup_user+0x22/0xb0 [ 365.089626] strndup_user+0x70/0x120 [ 365.089644] ksys_mount+0x34/0x130 [ 365.098606] erofs: root inode @ nid 36 [ 365.101274] __x64_sys_mount+0xba/0x150 [ 365.101294] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 365.101307] do_syscall_64+0xf9/0x620 [ 365.101325] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 365.101339] RIP: 0033:0x7f7be320463a [ 365.107825] erofs: mounted on /dev/loop2 with opts: . [ 365.108758] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 365.113524] erofs: unmounted for /dev/loop2 [ 365.115971] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 23:46:20 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) getdents(r2, &(0x7f0000000200)=""/4096, 0x1000) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 365.115985] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 365.115994] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 365.116001] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 365.116013] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 365.143036] erofs: root inode @ nid 36 [ 365.146348] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 365.219745] erofs: mounted on /dev/loop1 with opts: . [ 365.225251] erofs: unmounted for /dev/loop1 23:46:20 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async, rerun: 64) ptrace(0x10, r0) (async, rerun: 64) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) getdents(r2, &(0x7f0000000200)=""/4096, 0x1000) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (rerun: 32) 23:46:20 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 28) [ 365.262710] erofs: read_super, device -> /dev/loop3 [ 365.267748] erofs: options -> [ 365.281091] erofs: root inode @ nid 36 [ 365.285806] erofs: mounted on /dev/loop3 with opts: . [ 365.293322] erofs: unmounted for /dev/loop3 [ 365.395137] erofs: read_super, device -> /dev/loop4 23:46:20 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc3030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:20 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xf, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:20 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x225c17d03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 365.416587] erofs: options -> [ 365.447091] erofs: root inode @ nid 36 [ 365.471277] erofs: mounted on /dev/loop4 with opts: . 23:46:20 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (rerun: 64) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) (async, rerun: 32) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (rerun: 32) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) getdents(r2, &(0x7f0000000200)=""/4096, 0x1000) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 365.495173] erofs: read_super, device -> /dev/loop3 [ 365.504320] erofs: options -> [ 365.508159] erofs: root inode @ nid 36 [ 365.513048] erofs: read_super, device -> /dev/loop2 [ 365.527132] erofs: options -> 23:46:20 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 365.551859] erofs: root inode @ nid 36 [ 365.557503] erofs: mounted on /dev/loop3 with opts: . [ 365.562970] erofs: mounted on /dev/loop2 with opts: . [ 365.568326] erofs: unmounted for /dev/loop4 [ 365.582496] erofs: unmounted for /dev/loop2 [ 365.586109] FAULT_INJECTION: forcing a failure. [ 365.586109] name failslab, interval 1, probability 0, space 0, times 0 [ 365.598324] CPU: 1 PID: 21816 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 365.606301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.613516] erofs: unmounted for /dev/loop3 [ 365.615654] Call Trace: [ 365.615678] dump_stack+0x1fc/0x2ef [ 365.615698] should_fail.cold+0xa/0xf [ 365.615716] ? setup_fault_attr+0x200/0x200 [ 365.615737] ? lock_acquire+0x170/0x3c0 [ 365.638314] __should_failslab+0x115/0x180 [ 365.642591] should_failslab+0x5/0x10 [ 365.646403] __kmalloc_track_caller+0x2a6/0x3c0 23:46:20 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 365.651086] ? strndup_user+0x70/0x120 [ 365.654997] memdup_user+0x22/0xb0 [ 365.658576] strndup_user+0x70/0x120 [ 365.662307] ksys_mount+0x34/0x130 [ 365.665864] __x64_sys_mount+0xba/0x150 [ 365.669859] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 365.674453] do_syscall_64+0xf9/0x620 [ 365.678272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 365.683482] RIP: 0033:0x7f7be320463a [ 365.687238] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 365.706266] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 365.713964] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 365.721298] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 365.728732] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 365.735998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 365.743344] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:20 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:20 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc4030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:20 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 29) [ 365.883945] erofs: read_super, device -> /dev/loop1 [ 365.889095] erofs: options -> [ 365.907115] erofs: read_super, device -> /dev/loop4 [ 365.917268] erofs: root inode @ nid 36 [ 365.956846] erofs: mounted on /dev/loop1 with opts: . [ 365.960257] erofs: options -> 23:46:21 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 366.000349] erofs: root inode @ nid 36 [ 366.004183] erofs: unmounted for /dev/loop1 [ 366.004329] erofs: mounted on /dev/loop4 with opts: . 23:46:21 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x10, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 366.076471] FAULT_INJECTION: forcing a failure. [ 366.076471] name failslab, interval 1, probability 0, space 0, times 0 [ 366.088090] CPU: 1 PID: 21845 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 366.096027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.096128] erofs: read_super, device -> /dev/loop2 [ 366.105386] Call Trace: [ 366.105414] dump_stack+0x1fc/0x2ef [ 366.105434] should_fail.cold+0xa/0xf [ 366.105451] ? setup_fault_attr+0x200/0x200 [ 366.105464] ? lock_acquire+0x170/0x3c0 [ 366.105482] __should_failslab+0x115/0x180 [ 366.105497] should_failslab+0x5/0x10 [ 366.105510] kmem_cache_alloc+0x277/0x370 [ 366.105526] alloc_vfsmnt+0x23/0x780 [ 366.105538] ? _raw_read_unlock+0x29/0x40 [ 366.105555] vfs_kern_mount.part.0+0x27/0x470 [ 366.117954] erofs: read_super, device -> /dev/loop3 [ 366.120551] do_mount+0x115c/0x2f50 [ 366.120572] ? cmp_ex_sort+0xc0/0xc0 [ 366.120587] ? __do_page_fault+0x180/0xd60 [ 366.120602] ? copy_mount_string+0x40/0x40 23:46:21 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 366.120623] ? memset+0x20/0x40 [ 366.120637] ? copy_mount_options+0x26f/0x380 [ 366.120654] ksys_mount+0xcf/0x130 [ 366.125110] erofs: options -> [ 366.128971] __x64_sys_mount+0xba/0x150 [ 366.128995] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 366.129009] do_syscall_64+0xf9/0x620 [ 366.129030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 366.155014] erofs: root inode @ nid 36 [ 366.158589] RIP: 0033:0x7f7be320463a 23:46:21 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 366.158606] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 366.158614] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 366.158627] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 366.158636] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 366.158642] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 366.158654] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 366.175435] erofs: options -> 23:46:21 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x0, 0xa1, 0x0, 0x7, 0x0, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x1, @perf_bp={&(0x7f0000000600), 0x1}, 0x80, 0xffff, 0x1f, 0x7, 0x8000, 0x2, 0x6, 0x0, 0x1, 0x0, 0x39f45f91}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) ptrace(0x10, r1) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) mount$cgroup2(0x0, &(0x7f0000000540)='./file0/file0/file0\x00', &(0x7f00000009c0), 0x80, &(0x7f0000000ac0)={[{}, {}, {}, {}], [{@appraise_type}, {@hash}, {@euid_gt}, {@hash}, {@appraise}, {@subj_type={'subj_type', 0x3d, '%!'}}, {@appraise_type}, {@subj_type={'subj_type', 0x3d, '('}}]}) r3 = syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f0000000200)='./file0/file0\x00', 0x8, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="61a18a12f3f1d558b846c87f489576a4b86c571462a709b8bca9cd1e7a0503613afcaf449fa067cec38aa7a82925c54a15d186ddabed4fd0df35b9951c569c9fa73203e3dfabdb25b73cd291d4eb63b3f2c9bac6af59027e5d8c30b8ad440226ce1f5e1156bdd7c39b29f922f7fea779540ab00cbe70e0de3463185813541a43457d9a1e9448e9ade5c5f138239589c76c36a7452a53ff3b00776d74eea8224de6a58b759541", 0xa6, 0x8}, {&(0x7f0000000300)="0290c3eb4e4ce4c8ef0b7f378c304c6c0067600aa1f937f21f270f94af2561b8b2ce9af74ce1dbd92129a0864dfd4fed237128234dc792e62e2a98d742c06fb7cb5ce54065316c928aaf0c052a461e65ded14b633f0132ddf8285023772e6d97bea986d084a0d45169aeb8dc2c2c5169a95f4999192b9e4e2c5f539f37cd569298d86bfb7f3e7b0e4aaed40a2731c228fe4f1d596a46a47941e8f0b3858238eae7b7a6ee67b77f558779e0aec4b6339892d04a7b043c1f626183c10926c8676afb2535d5597689e5e5b717f2c2f686db5581bb812d24f7566bcf05a943ae0baff2ac78e093078a28f463ede36b7249d6a6ec5f0d72b10f55d0fa82e9149e19", 0xff, 0x200}, {&(0x7f0000000400)="f907879c1b032910316a92d59f0d9c527c14e0c1ffe31a398bb5d5f1cb42fa53ea96a6c8d7c8ce58e78b7e129e6f2178dd1ac358a8b005f51d4cb0e3565d7d8339f31e6101a540e0ba17ebdf1bd321b3261d3c8338c6bc891eb5fc1480538706d5477cbd325638c473", 0x69, 0x1ff}], 0x2010, &(0x7f0000000500)=ANY=[]) openat(r3, &(0x7f0000000140)='./file0/file0\x00', 0x290400, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000800), 0x2802, 0x0) lstat(&(0x7f0000000840)='./file0/file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)="bca7871338fbd52f6681e313b5980934f400d45a365f585bace554967bb5132fca9209e71c0689c4ab15aa5774f0af268383c30f1c4428f8ee95fc94fc7dd01ce4a3a63e37495fec460ef4f72b3c2d8adb5dfda77a1b4c71aa7f49bc26f2d6263dbf3d6ecd8197c88cdb9fa105a49d00aa7640bb644ab078207f54a08cfb7b81526911667b1b04f200c9bb095b3c5413358eb7aa4508417cbbae7b576a2be9ff9ed770", 0xa3}, {&(0x7f0000000700)="131b3ed62bad5324713922fd191f10b0695eafbaf7bb3bf1f3f940d1e5fe2643ec961fbd8d4d2cb98db52142d19bf826a26012421e1f79d62f6d4387819d6ada88f2d3471436f353fd6dc8b3ae052d9807b03c040e9f00a4bd1c0bcd859f41a9aef8166e679bd8829bdb51af633159eaca5d3aad5952fa9689552eff570a975b41dcb86c71045444de8017496016367f78448e0149ca3358ca0937196b3a58bce635bb5878a05b2b78aa729304485d74b71a7b0b2a9e0c65748ed25dd47277567462830d0cb14a79ca553fefc44804c4f1b4253fdca5f51a2d47105890f859107ddbf931c41968e4678d17a2895796ef3e7976cdaf67a76d5be7", 0xfa}], 0x2, &(0x7f0000000900)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r4]}}, @cred={{0x1c, 0x1, 0x2, {r1, r5}}}], 0x58, 0x8000}, 0x4000000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x0) [ 366.177901] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 366.250062] erofs: mounted on /dev/loop3 with opts: . [ 366.252160] erofs: unmounted for /dev/loop4 [ 366.262011] erofs: unmounted for /dev/loop3 [ 366.289086] erofs: root inode @ nid 36 [ 366.302776] erofs: mounted on /dev/loop2 with opts: . [ 366.308085] erofs: unmounted for /dev/loop2 [ 366.369905] erofs: read_super, device -> /dev/loop1 23:46:21 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7ffffffffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:21 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 30) [ 366.395551] erofs: options -> [ 366.399177] erofs: root inode @ nid 36 23:46:21 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc5030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 366.443877] erofs: mounted on /dev/loop1 with opts: . [ 366.475884] erofs: unmounted for /dev/loop1 [ 366.571362] FAULT_INJECTION: forcing a failure. [ 366.571362] name failslab, interval 1, probability 0, space 0, times 0 [ 366.590140] CPU: 0 PID: 21889 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 366.598049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.607407] Call Trace: [ 366.610028] dump_stack+0x1fc/0x2ef [ 366.613675] should_fail.cold+0xa/0xf [ 366.617484] ? setup_fault_attr+0x200/0x200 [ 366.622251] ? lock_acquire+0x170/0x3c0 [ 366.626222] __should_failslab+0x115/0x180 [ 366.630466] should_failslab+0x5/0x10 [ 366.634272] kmem_cache_alloc_trace+0x284/0x380 [ 366.638936] ? _copy_from_user+0xd2/0x130 [ 366.643111] copy_mount_options+0x59/0x380 [ 366.647348] ksys_mount+0x9b/0x130 [ 366.650875] __x64_sys_mount+0xba/0x150 [ 366.654856] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 366.661080] do_syscall_64+0xf9/0x620 [ 366.664875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 366.670054] RIP: 0033:0x7f7be320463a [ 366.673751] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 366.692679] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 366.700377] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 366.707644] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 23:46:21 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x14, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 366.714987] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 366.722249] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 366.729517] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 366.760347] erofs: read_super, device -> /dev/loop2 [ 366.765980] erofs: options -> 23:46:21 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 31) [ 366.767558] erofs: read_super, device -> /dev/loop4 [ 366.777006] erofs: options -> [ 366.780132] erofs: root inode @ nid 36 [ 366.788319] erofs: root inode @ nid 36 [ 366.791266] erofs: mounted on /dev/loop2 with opts: . [ 366.796106] erofs: mounted on /dev/loop4 with opts: . [ 366.803635] erofs: read_super, device -> /dev/loop3 23:46:21 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9012000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:21 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x0, 0xa1, 0x0, 0x7, 0x0, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x1, @perf_bp={&(0x7f0000000600), 0x1}, 0x80, 0xffff, 0x1f, 0x7, 0x8000, 0x2, 0x6, 0x0, 0x1, 0x0, 0x39f45f91}, 0x0, 0x7, 0xffffffffffffffff, 0x0) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) (async) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) ptrace(0x10, r1) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) fcntl$getown(0xffffffffffffffff, 0x9) (async, rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) mount$cgroup2(0x0, &(0x7f0000000540)='./file0/file0/file0\x00', &(0x7f00000009c0), 0x80, &(0x7f0000000ac0)={[{}, {}, {}, {}], [{@appraise_type}, {@hash}, {@euid_gt}, {@hash}, {@appraise}, {@subj_type={'subj_type', 0x3d, '%!'}}, {@appraise_type}, {@subj_type={'subj_type', 0x3d, '('}}]}) (async, rerun: 32) r3 = syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f0000000200)='./file0/file0\x00', 0x8, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="61a18a12f3f1d558b846c87f489576a4b86c571462a709b8bca9cd1e7a0503613afcaf449fa067cec38aa7a82925c54a15d186ddabed4fd0df35b9951c569c9fa73203e3dfabdb25b73cd291d4eb63b3f2c9bac6af59027e5d8c30b8ad440226ce1f5e1156bdd7c39b29f922f7fea779540ab00cbe70e0de3463185813541a43457d9a1e9448e9ade5c5f138239589c76c36a7452a53ff3b00776d74eea8224de6a58b759541", 0xa6, 0x8}, {&(0x7f0000000300)="0290c3eb4e4ce4c8ef0b7f378c304c6c0067600aa1f937f21f270f94af2561b8b2ce9af74ce1dbd92129a0864dfd4fed237128234dc792e62e2a98d742c06fb7cb5ce54065316c928aaf0c052a461e65ded14b633f0132ddf8285023772e6d97bea986d084a0d45169aeb8dc2c2c5169a95f4999192b9e4e2c5f539f37cd569298d86bfb7f3e7b0e4aaed40a2731c228fe4f1d596a46a47941e8f0b3858238eae7b7a6ee67b77f558779e0aec4b6339892d04a7b043c1f626183c10926c8676afb2535d5597689e5e5b717f2c2f686db5581bb812d24f7566bcf05a943ae0baff2ac78e093078a28f463ede36b7249d6a6ec5f0d72b10f55d0fa82e9149e19", 0xff, 0x200}, {&(0x7f0000000400)="f907879c1b032910316a92d59f0d9c527c14e0c1ffe31a398bb5d5f1cb42fa53ea96a6c8d7c8ce58e78b7e129e6f2178dd1ac358a8b005f51d4cb0e3565d7d8339f31e6101a540e0ba17ebdf1bd321b3261d3c8338c6bc891eb5fc1480538706d5477cbd325638c473", 0x69, 0x1ff}], 0x2010, &(0x7f0000000500)=ANY=[]) openat(r3, &(0x7f0000000140)='./file0/file0\x00', 0x290400, 0x1b3) (async, rerun: 64) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (rerun: 64) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000800), 0x2802, 0x0) (async, rerun: 64) lstat(&(0x7f0000000840)='./file0/file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)="bca7871338fbd52f6681e313b5980934f400d45a365f585bace554967bb5132fca9209e71c0689c4ab15aa5774f0af268383c30f1c4428f8ee95fc94fc7dd01ce4a3a63e37495fec460ef4f72b3c2d8adb5dfda77a1b4c71aa7f49bc26f2d6263dbf3d6ecd8197c88cdb9fa105a49d00aa7640bb644ab078207f54a08cfb7b81526911667b1b04f200c9bb095b3c5413358eb7aa4508417cbbae7b576a2be9ff9ed770", 0xa3}, {&(0x7f0000000700)="131b3ed62bad5324713922fd191f10b0695eafbaf7bb3bf1f3f940d1e5fe2643ec961fbd8d4d2cb98db52142d19bf826a26012421e1f79d62f6d4387819d6ada88f2d3471436f353fd6dc8b3ae052d9807b03c040e9f00a4bd1c0bcd859f41a9aef8166e679bd8829bdb51af633159eaca5d3aad5952fa9689552eff570a975b41dcb86c71045444de8017496016367f78448e0149ca3358ca0937196b3a58bce635bb5878a05b2b78aa729304485d74b71a7b0b2a9e0c65748ed25dd47277567462830d0cb14a79ca553fefc44804c4f1b4253fdca5f51a2d47105890f859107ddbf931c41968e4678d17a2895796ef3e7976cdaf67a76d5be7", 0xfa}], 0x2, &(0x7f0000000900)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r4]}}, @cred={{0x1c, 0x1, 0x2, {r1, r5}}}], 0x58, 0x8000}, 0x4000000) (async, rerun: 64) pipe2(0x0, 0x0) (rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x0) [ 366.844910] erofs: unmounted for /dev/loop2 [ 366.860853] erofs: options -> [ 366.928548] erofs: root inode @ nid 36 [ 366.936435] erofs: read_super, device -> /dev/loop1 [ 366.949462] erofs: mounted on /dev/loop3 with opts: . [ 366.958479] erofs: options -> 23:46:22 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:22 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc6030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 366.975735] erofs: unmounted for /dev/loop3 [ 366.985729] erofs: root inode @ nid 36 [ 366.997968] erofs: unmounted for /dev/loop4 [ 367.003400] erofs: mounted on /dev/loop1 with opts: . [ 367.046180] erofs: unmounted for /dev/loop1 [ 367.069624] FAULT_INJECTION: forcing a failure. [ 367.069624] name failslab, interval 1, probability 0, space 0, times 0 [ 367.088415] CPU: 0 PID: 21921 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 367.096325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.105691] Call Trace: [ 367.108290] dump_stack+0x1fc/0x2ef [ 367.111938] should_fail.cold+0xa/0xf [ 367.115756] ? setup_fault_attr+0x200/0x200 23:46:22 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x0, 0xa1, 0x0, 0x7, 0x0, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x1, @perf_bp={&(0x7f0000000600), 0x1}, 0x80, 0xffff, 0x1f, 0x7, 0x8000, 0x2, 0x6, 0x0, 0x1, 0x0, 0x39f45f91}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) ptrace(0x10, r1) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) mount$cgroup2(0x0, &(0x7f0000000540)='./file0/file0/file0\x00', &(0x7f00000009c0), 0x80, &(0x7f0000000ac0)={[{}, {}, {}, {}], [{@appraise_type}, {@hash}, {@euid_gt}, {@hash}, {@appraise}, {@subj_type={'subj_type', 0x3d, '%!'}}, {@appraise_type}, {@subj_type={'subj_type', 0x3d, '('}}]}) r3 = syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f0000000200)='./file0/file0\x00', 0x8, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="61a18a12f3f1d558b846c87f489576a4b86c571462a709b8bca9cd1e7a0503613afcaf449fa067cec38aa7a82925c54a15d186ddabed4fd0df35b9951c569c9fa73203e3dfabdb25b73cd291d4eb63b3f2c9bac6af59027e5d8c30b8ad440226ce1f5e1156bdd7c39b29f922f7fea779540ab00cbe70e0de3463185813541a43457d9a1e9448e9ade5c5f138239589c76c36a7452a53ff3b00776d74eea8224de6a58b759541", 0xa6, 0x8}, {&(0x7f0000000300)="0290c3eb4e4ce4c8ef0b7f378c304c6c0067600aa1f937f21f270f94af2561b8b2ce9af74ce1dbd92129a0864dfd4fed237128234dc792e62e2a98d742c06fb7cb5ce54065316c928aaf0c052a461e65ded14b633f0132ddf8285023772e6d97bea986d084a0d45169aeb8dc2c2c5169a95f4999192b9e4e2c5f539f37cd569298d86bfb7f3e7b0e4aaed40a2731c228fe4f1d596a46a47941e8f0b3858238eae7b7a6ee67b77f558779e0aec4b6339892d04a7b043c1f626183c10926c8676afb2535d5597689e5e5b717f2c2f686db5581bb812d24f7566bcf05a943ae0baff2ac78e093078a28f463ede36b7249d6a6ec5f0d72b10f55d0fa82e9149e19", 0xff, 0x200}, {&(0x7f0000000400)="f907879c1b032910316a92d59f0d9c527c14e0c1ffe31a398bb5d5f1cb42fa53ea96a6c8d7c8ce58e78b7e129e6f2178dd1ac358a8b005f51d4cb0e3565d7d8339f31e6101a540e0ba17ebdf1bd321b3261d3c8338c6bc891eb5fc1480538706d5477cbd325638c473", 0x69, 0x1ff}], 0x2010, &(0x7f0000000500)=ANY=[]) openat(r3, &(0x7f0000000140)='./file0/file0\x00', 0x290400, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000800), 0x2802, 0x0) lstat(&(0x7f0000000840)='./file0/file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)="bca7871338fbd52f6681e313b5980934f400d45a365f585bace554967bb5132fca9209e71c0689c4ab15aa5774f0af268383c30f1c4428f8ee95fc94fc7dd01ce4a3a63e37495fec460ef4f72b3c2d8adb5dfda77a1b4c71aa7f49bc26f2d6263dbf3d6ecd8197c88cdb9fa105a49d00aa7640bb644ab078207f54a08cfb7b81526911667b1b04f200c9bb095b3c5413358eb7aa4508417cbbae7b576a2be9ff9ed770", 0xa3}, {&(0x7f0000000700)="131b3ed62bad5324713922fd191f10b0695eafbaf7bb3bf1f3f940d1e5fe2643ec961fbd8d4d2cb98db52142d19bf826a26012421e1f79d62f6d4387819d6ada88f2d3471436f353fd6dc8b3ae052d9807b03c040e9f00a4bd1c0bcd859f41a9aef8166e679bd8829bdb51af633159eaca5d3aad5952fa9689552eff570a975b41dcb86c71045444de8017496016367f78448e0149ca3358ca0937196b3a58bce635bb5878a05b2b78aa729304485d74b71a7b0b2a9e0c65748ed25dd47277567462830d0cb14a79ca553fefc44804c4f1b4253fdca5f51a2d47105890f859107ddbf931c41968e4678d17a2895796ef3e7976cdaf67a76d5be7", 0xfa}], 0x2, &(0x7f0000000900)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r4]}}, @cred={{0x1c, 0x1, 0x2, {r1, r5}}}], 0x58, 0x8000}, 0x4000000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x0, 0xa1, 0x0, 0x7, 0x0, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x1, @perf_bp={&(0x7f0000000600), 0x1}, 0x80, 0xffff, 0x1f, 0x7, 0x8000, 0x2, 0x6, 0x0, 0x1, 0x0, 0x39f45f91}, 0x0, 0x7, 0xffffffffffffffff, 0x0) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) (async) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)) (async) ptrace(0x10, r1) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) fcntl$getown(0xffffffffffffffff, 0x9) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mount$cgroup2(0x0, &(0x7f0000000540)='./file0/file0/file0\x00', &(0x7f00000009c0), 0x80, &(0x7f0000000ac0)={[{}, {}, {}, {}], [{@appraise_type}, {@hash}, {@euid_gt}, {@hash}, {@appraise}, {@subj_type={'subj_type', 0x3d, '%!'}}, {@appraise_type}, {@subj_type={'subj_type', 0x3d, '('}}]}) (async) syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f0000000200)='./file0/file0\x00', 0x8, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="61a18a12f3f1d558b846c87f489576a4b86c571462a709b8bca9cd1e7a0503613afcaf449fa067cec38aa7a82925c54a15d186ddabed4fd0df35b9951c569c9fa73203e3dfabdb25b73cd291d4eb63b3f2c9bac6af59027e5d8c30b8ad440226ce1f5e1156bdd7c39b29f922f7fea779540ab00cbe70e0de3463185813541a43457d9a1e9448e9ade5c5f138239589c76c36a7452a53ff3b00776d74eea8224de6a58b759541", 0xa6, 0x8}, {&(0x7f0000000300)="0290c3eb4e4ce4c8ef0b7f378c304c6c0067600aa1f937f21f270f94af2561b8b2ce9af74ce1dbd92129a0864dfd4fed237128234dc792e62e2a98d742c06fb7cb5ce54065316c928aaf0c052a461e65ded14b633f0132ddf8285023772e6d97bea986d084a0d45169aeb8dc2c2c5169a95f4999192b9e4e2c5f539f37cd569298d86bfb7f3e7b0e4aaed40a2731c228fe4f1d596a46a47941e8f0b3858238eae7b7a6ee67b77f558779e0aec4b6339892d04a7b043c1f626183c10926c8676afb2535d5597689e5e5b717f2c2f686db5581bb812d24f7566bcf05a943ae0baff2ac78e093078a28f463ede36b7249d6a6ec5f0d72b10f55d0fa82e9149e19", 0xff, 0x200}, {&(0x7f0000000400)="f907879c1b032910316a92d59f0d9c527c14e0c1ffe31a398bb5d5f1cb42fa53ea96a6c8d7c8ce58e78b7e129e6f2178dd1ac358a8b005f51d4cb0e3565d7d8339f31e6101a540e0ba17ebdf1bd321b3261d3c8338c6bc891eb5fc1480538706d5477cbd325638c473", 0x69, 0x1ff}], 0x2010, &(0x7f0000000500)=ANY=[]) (async) openat(r3, &(0x7f0000000140)='./file0/file0\x00', 0x290400, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) openat$mixer(0xffffffffffffff9c, &(0x7f0000000800), 0x2802, 0x0) (async) lstat(&(0x7f0000000840)='./file0/file0\x00', &(0x7f0000000880)) (async) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)="bca7871338fbd52f6681e313b5980934f400d45a365f585bace554967bb5132fca9209e71c0689c4ab15aa5774f0af268383c30f1c4428f8ee95fc94fc7dd01ce4a3a63e37495fec460ef4f72b3c2d8adb5dfda77a1b4c71aa7f49bc26f2d6263dbf3d6ecd8197c88cdb9fa105a49d00aa7640bb644ab078207f54a08cfb7b81526911667b1b04f200c9bb095b3c5413358eb7aa4508417cbbae7b576a2be9ff9ed770", 0xa3}, {&(0x7f0000000700)="131b3ed62bad5324713922fd191f10b0695eafbaf7bb3bf1f3f940d1e5fe2643ec961fbd8d4d2cb98db52142d19bf826a26012421e1f79d62f6d4387819d6ada88f2d3471436f353fd6dc8b3ae052d9807b03c040e9f00a4bd1c0bcd859f41a9aef8166e679bd8829bdb51af633159eaca5d3aad5952fa9689552eff570a975b41dcb86c71045444de8017496016367f78448e0149ca3358ca0937196b3a58bce635bb5878a05b2b78aa729304485d74b71a7b0b2a9e0c65748ed25dd47277567462830d0cb14a79ca553fefc44804c4f1b4253fdca5f51a2d47105890f859107ddbf931c41968e4678d17a2895796ef3e7976cdaf67a76d5be7", 0xfa}], 0x2, &(0x7f0000000900)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r4]}}, @cred={{0x1c, 0x1, 0x2, {r1, r5}}}], 0x58, 0x8000}, 0x4000000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x0) (async) [ 367.120094] ? lock_acquire+0x170/0x3c0 [ 367.124217] __should_failslab+0x115/0x180 [ 367.128454] should_failslab+0x5/0x10 [ 367.132249] __kmalloc_track_caller+0x2a6/0x3c0 [ 367.136909] ? kstrdup_const+0x53/0x80 [ 367.140792] kstrdup+0x36/0x70 [ 367.143975] kstrdup_const+0x53/0x80 [ 367.147681] alloc_vfsmnt+0xb5/0x780 [ 367.151385] ? _raw_read_unlock+0x29/0x40 [ 367.155630] vfs_kern_mount.part.0+0x27/0x470 [ 367.160116] do_mount+0x115c/0x2f50 [ 367.163733] ? cmp_ex_sort+0xc0/0xc0 [ 367.167435] ? __do_page_fault+0x180/0xd60 [ 367.171660] ? copy_mount_string+0x40/0x40 [ 367.176011] ? memset+0x20/0x40 [ 367.179291] ? copy_mount_options+0x26f/0x380 [ 367.183788] ksys_mount+0xcf/0x130 [ 367.187326] __x64_sys_mount+0xba/0x150 [ 367.191319] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 367.196013] do_syscall_64+0xf9/0x620 [ 367.199828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 367.205187] RIP: 0033:0x7f7be320463a [ 367.208949] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 367.227867] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 367.235669] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 367.242929] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 367.250997] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 367.258260] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 23:46:22 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x22, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 367.265538] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 367.333017] erofs: read_super, device -> /dev/loop2 [ 367.338419] erofs: options -> [ 367.345142] erofs: root inode @ nid 36 [ 367.356725] erofs: mounted on /dev/loop2 with opts: . [ 367.367722] erofs: unmounted for /dev/loop2 [ 367.386412] erofs: read_super, device -> /dev/loop4 [ 367.392554] erofs: options -> [ 367.396045] erofs: root inode @ nid 36 [ 367.403982] erofs: mounted on /dev/loop4 with opts: . 23:46:22 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:22 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 32) 23:46:22 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 367.484856] erofs: read_super, device -> /dev/loop1 [ 367.495858] erofs: options -> [ 367.512066] erofs: root inode @ nid 36 [ 367.516181] erofs: unmounted for /dev/loop4 [ 367.521658] erofs: mounted on /dev/loop1 with opts: . [ 367.538122] erofs: unmounted for /dev/loop1 23:46:22 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x37, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 367.590608] erofs: read_super, device -> /dev/loop3 [ 367.594419] erofs: read_super, device -> /dev/loop2 [ 367.595653] erofs: options -> [ 367.604738] erofs: options -> [ 367.605008] erofs: root inode @ nid 36 23:46:22 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, &(0x7f0000000040)) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 367.641192] erofs: mounted on /dev/loop2 with opts: . [ 367.646935] erofs: root inode @ nid 36 [ 367.652014] erofs: mounted on /dev/loop3 with opts: . [ 367.657338] erofs: unmounted for /dev/loop3 [ 367.658468] erofs: unmounted for /dev/loop2 [ 367.694624] FAULT_INJECTION: forcing a failure. [ 367.694624] name failslab, interval 1, probability 0, space 0, times 0 [ 367.707261] CPU: 1 PID: 21985 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 367.715163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.724525] Call Trace: [ 367.727286] dump_stack+0x1fc/0x2ef [ 367.730919] should_fail.cold+0xa/0xf [ 367.734735] ? setup_fault_attr+0x200/0x200 [ 367.739145] ? lock_acquire+0x170/0x3c0 [ 367.743121] __should_failslab+0x115/0x180 [ 367.747346] should_failslab+0x5/0x10 [ 367.751134] kmem_cache_alloc+0x277/0x370 [ 367.755277] alloc_vfsmnt+0x23/0x780 [ 367.759074] ? _raw_read_unlock+0x29/0x40 [ 367.763212] vfs_kern_mount.part.0+0x27/0x470 [ 367.767708] do_mount+0x115c/0x2f50 [ 367.771412] ? cmp_ex_sort+0xc0/0xc0 [ 367.775115] ? __do_page_fault+0x180/0xd60 [ 367.779343] ? copy_mount_string+0x40/0x40 [ 367.783570] ? memset+0x20/0x40 [ 367.786839] ? copy_mount_options+0x26f/0x380 [ 367.791327] ksys_mount+0xcf/0x130 [ 367.794870] __x64_sys_mount+0xba/0x150 [ 367.798837] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 367.803405] do_syscall_64+0xf9/0x620 [ 367.807205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 367.812404] RIP: 0033:0x7f7be320463a [ 367.816105] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 367.834996] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 23:46:22 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, &(0x7f0000000040)) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, &(0x7f0000000040)) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 367.843817] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 367.851077] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 367.858350] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 367.865641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 367.872896] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc7030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:23 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 33) 23:46:23 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 367.979562] erofs: read_super, device -> /dev/loop4 [ 367.984756] erofs: options -> [ 367.999071] erofs: read_super, device -> /dev/loop1 [ 368.003141] erofs: root inode @ nid 36 [ 368.013882] erofs: options -> [ 368.014986] erofs: mounted on /dev/loop4 with opts: . [ 368.023807] erofs: root inode @ nid 36 23:46:23 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x23000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.047152] erofs: mounted on /dev/loop1 with opts: . [ 368.065413] erofs: unmounted for /dev/loop4 [ 368.083336] erofs: unmounted for /dev/loop1 23:46:23 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r1 = gettid() (rerun: 64) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r1, 0x2, 0xffffffffffffffff, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, &(0x7f0000000040)) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async, rerun: 32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async, rerun: 32) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 368.168532] erofs: read_super, device -> /dev/loop2 [ 368.168596] FAULT_INJECTION: forcing a failure. [ 368.168596] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 368.183816] erofs: read_super, device -> /dev/loop3 [ 368.185405] CPU: 1 PID: 22028 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 368.185415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.185426] Call Trace: [ 368.192934] erofs: options -> [ 368.198353] dump_stack+0x1fc/0x2ef [ 368.198375] should_fail.cold+0xa/0xf [ 368.198397] ? setup_fault_attr+0x200/0x200 [ 368.211203] erofs: options -> [ 368.213519] ? unwind_next_frame+0xeee/0x1400 [ 368.213535] ? __save_stack_trace+0x72/0x190 [ 368.213547] ? deref_stack_reg+0x134/0x1d0 [ 368.213558] ? get_reg+0x176/0x1f0 [ 368.213578] __alloc_pages_nodemask+0x239/0x2890 [ 368.244383] erofs: root inode @ nid 36 [ 368.245141] ? cmp_ex_search+0x87/0xb0 [ 368.245163] ? __lock_acquire+0x6de/0x3ff0 [ 368.258612] erofs: mounted on /dev/loop3 with opts: . [ 368.261894] ? copy_mount_options+0x1e9/0x380 [ 368.261912] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 368.261926] ? ex_handler_default+0x14/0x90 [ 368.261937] ? phys_mem_access_encrypted+0x10/0x10 [ 368.261956] ? no_context+0xce/0x940 [ 368.261972] ? __lock_acquire+0x6de/0x3ff0 [ 368.261987] ? force_sig_info_fault.constprop.0+0x320/0x320 [ 368.262000] ? bad_area_access_error+0x23b/0x4a0 [ 368.262028] cache_grow_begin+0xa4/0x8a0 [ 368.272337] erofs: root inode @ nid 36 [ 368.276632] ? setup_fault_attr+0x200/0x200 23:46:23 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x63, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.276651] ? lock_acquire+0x170/0x3c0 [ 368.276668] cache_alloc_refill+0x273/0x340 [ 368.276686] kmem_cache_alloc+0x346/0x370 [ 368.286703] erofs: unmounted for /dev/loop3 [ 368.289619] getname_flags+0xce/0x590 [ 368.289636] user_path_at_empty+0x2a/0x50 [ 368.289652] do_mount+0x147/0x2f50 [ 368.289668] ? cmp_ex_sort+0xc0/0xc0 [ 368.289684] ? __do_page_fault+0x180/0xd60 [ 368.289698] ? copy_mount_string+0x40/0x40 [ 368.289718] ? memset+0x20/0x40 [ 368.289731] ? copy_mount_options+0x26f/0x380 [ 368.289749] ksys_mount+0xcf/0x130 [ 368.305859] erofs: read_super, device -> /dev/loop4 [ 368.308617] __x64_sys_mount+0xba/0x150 [ 368.344100] erofs: mounted on /dev/loop2 with opts: . [ 368.345122] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 368.345140] do_syscall_64+0xf9/0x620 [ 368.345158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 368.345172] RIP: 0033:0x7f7be320463a [ 368.349181] erofs: unmounted for /dev/loop2 [ 368.355092] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 368.355099] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 368.355110] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 368.355118] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 368.355125] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 368.355132] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 23:46:23 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc8030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.355140] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 368.365539] erofs: options -> [ 368.477665] erofs: root inode @ nid 36 [ 368.482504] erofs: mounted on /dev/loop4 with opts: . 23:46:23 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.529535] erofs: read_super, device -> /dev/loop5 [ 368.534821] erofs: options -> [ 368.542006] erofs: root inode @ nid 36 [ 368.559140] erofs: unmounted for /dev/loop4 [ 368.562926] erofs: mounted on /dev/loop5 with opts: . 23:46:23 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.583805] erofs: unmounted for /dev/loop5 23:46:23 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 34) [ 368.738751] erofs: read_super, device -> /dev/loop1 [ 368.775604] erofs: options -> [ 368.794227] erofs: read_super, device -> /dev/loop3 [ 368.807807] erofs: root inode @ nid 36 [ 368.827325] erofs: read_super, device -> /dev/loop4 [ 368.846310] erofs: options -> [ 368.874997] erofs: mounted on /dev/loop1 with opts: . [ 368.885454] erofs: options -> [ 368.891148] erofs: root inode @ nid 36 [ 368.906915] erofs: read_super, device -> /dev/loop2 [ 368.921360] erofs: options -> [ 368.931437] erofs: root inode @ nid 36 [ 368.941154] erofs: mounted on /dev/loop2 with opts: . [ 368.943595] erofs: unmounted for /dev/loop1 [ 368.963766] erofs: mounted on /dev/loop3 with opts: . [ 368.964197] erofs: unmounted for /dev/loop2 23:46:24 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 368.977332] FAULT_INJECTION: forcing a failure. [ 368.977332] name failslab, interval 1, probability 0, space 0, times 0 [ 368.998104] erofs: root inode @ nid 36 [ 369.019628] erofs: mounted on /dev/loop4 with opts: . [ 369.023765] erofs: unmounted for /dev/loop3 [ 369.065699] CPU: 0 PID: 22117 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 369.073612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.082971] Call Trace: [ 369.085576] dump_stack+0x1fc/0x2ef [ 369.089221] should_fail.cold+0xa/0xf [ 369.093039] ? setup_fault_attr+0x200/0x200 [ 369.097378] ? lock_acquire+0x170/0x3c0 [ 369.101377] __should_failslab+0x115/0x180 [ 369.105624] should_failslab+0x5/0x10 [ 369.109433] __kmalloc+0x2ab/0x3c0 [ 369.112999] ? prealloc_shrinker+0x15d/0x340 [ 369.117517] prealloc_shrinker+0x15d/0x340 [ 369.121741] sget_userns+0x7b4/0xcd0 [ 369.125443] ? set_bdev_super+0x110/0x110 [ 369.129685] ? ns_test_super+0x50/0x50 [ 369.133602] ? set_bdev_super+0x110/0x110 [ 369.137829] ? ns_test_super+0x50/0x50 [ 369.141719] sget+0x102/0x140 [ 369.144822] mount_bdev+0xf8/0x3b0 [ 369.148347] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 369.153622] erofs_mount+0x8c/0xc0 [ 369.157161] ? erofs_kill_sb+0x20/0x20 [ 369.161054] ? alloc_pages_current+0x19b/0x2a0 [ 369.165648] ? __lockdep_init_map+0x100/0x5a0 [ 369.170198] mount_fs+0xa3/0x310 [ 369.173568] vfs_kern_mount.part.0+0x68/0x470 [ 369.178061] do_mount+0x115c/0x2f50 [ 369.181683] ? cmp_ex_sort+0xc0/0xc0 [ 369.185387] ? __do_page_fault+0x180/0xd60 [ 369.189613] ? copy_mount_string+0x40/0x40 [ 369.193941] ? memset+0x20/0x40 [ 369.197212] ? copy_mount_options+0x26f/0x380 [ 369.201693] ksys_mount+0xcf/0x130 [ 369.205219] __x64_sys_mount+0xba/0x150 [ 369.209189] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 369.213762] do_syscall_64+0xf9/0x620 [ 369.217582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 369.222782] RIP: 0033:0x7f7be320463a [ 369.226498] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 369.245486] RSP: 002b:00007f7be1b56f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 369.253199] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a 23:46:24 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) rt_tgsigqueueinfo(r2, r0, 0x3b, &(0x7f0000000200)={0x4, 0x3, 0x9}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) fsync(r1) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 369.260555] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b56fe0 [ 369.267822] RBP: 00007f7be1b57020 R08: 00007f7be1b57020 R09: 0000000020000000 [ 369.275079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 369.282337] R13: 0000000020000100 R14: 00007f7be1b56fe0 R15: 0000000020010a00 23:46:24 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x60000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:24 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc9030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:24 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e005c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 369.347363] erofs: unmounted for /dev/loop4 23:46:24 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 35) [ 369.421150] erofs: read_super, device -> /dev/loop2 [ 369.435450] erofs: options -> [ 369.460943] erofs: root inode @ nid 36 23:46:24 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) rt_tgsigqueueinfo(r2, r0, 0x3b, &(0x7f0000000200)={0x4, 0x3, 0x9}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) fsync(r1) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) rt_tgsigqueueinfo(r2, r0, 0x3b, &(0x7f0000000200)={0x4, 0x3, 0x9}) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) fsync(r1) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 369.489913] erofs: mounted on /dev/loop2 with opts: . [ 369.522452] erofs: unmounted for /dev/loop2 [ 369.528590] erofs: read_super, device -> /dev/loop1 [ 369.564798] erofs: options -> [ 369.584016] erofs: read_super, device -> /dev/loop4 [ 369.589111] erofs: root inode @ nid 36 [ 369.591800] erofs: mounted on /dev/loop1 with opts: . [ 369.603875] FAULT_INJECTION: forcing a failure. [ 369.603875] name failslab, interval 1, probability 0, space 0, times 0 [ 369.615268] CPU: 1 PID: 22156 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 369.623169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.631892] erofs: read_super, device -> /dev/loop3 [ 369.632553] Call Trace: [ 369.632576] dump_stack+0x1fc/0x2ef [ 369.632595] should_fail.cold+0xa/0xf [ 369.632613] ? setup_fault_attr+0x200/0x200 [ 369.632632] ? lock_acquire+0x170/0x3c0 [ 369.637875] erofs: options -> [ 369.640214] __should_failslab+0x115/0x180 [ 369.640234] should_failslab+0x5/0x10 [ 369.640246] kmem_cache_alloc+0x277/0x370 [ 369.640263] getname_kernel+0x4e/0x370 [ 369.640275] kern_path+0x1b/0x40 [ 369.640288] lookup_bdev+0xfc/0x220 [ 369.640299] ? bd_acquire+0x440/0x440 [ 369.640318] blkdev_get_by_path+0x1b/0xd0 [ 369.640330] mount_bdev+0x5b/0x3b0 [ 369.640345] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 369.640361] erofs_mount+0x8c/0xc0 [ 369.640376] ? erofs_kill_sb+0x20/0x20 [ 369.666469] erofs: options -> [ 369.667297] ? alloc_pages_current+0x19b/0x2a0 [ 369.667314] ? __lockdep_init_map+0x100/0x5a0 [ 369.667336] mount_fs+0xa3/0x310 [ 369.671870] erofs: root inode @ nid 36 [ 369.675360] vfs_kern_mount.part.0+0x68/0x470 [ 369.675382] do_mount+0x115c/0x2f50 [ 369.675398] ? cmp_ex_sort+0xc0/0xc0 [ 369.675416] ? __do_page_fault+0x180/0xd60 [ 369.697918] erofs: unmounted for /dev/loop1 [ 369.699388] ? copy_mount_string+0x40/0x40 [ 369.699412] ? memset+0x20/0x40 [ 369.699427] ? copy_mount_options+0x26f/0x380 [ 369.699443] ksys_mount+0xcf/0x130 23:46:24 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x37dc12502000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 369.699459] __x64_sys_mount+0xba/0x150 [ 369.699475] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 369.699492] do_syscall_64+0xf9/0x620 [ 369.725236] erofs: mounted on /dev/loop3 with opts: . [ 369.726383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 369.726398] RIP: 0033:0x7f7be320463a [ 369.726411] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:46:24 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r2 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r2, 0x2, 0xffffffffffffffff, 0x0) (async) rt_tgsigqueueinfo(r2, r0, 0x3b, &(0x7f0000000200)={0x4, 0x3, 0x9}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) fsync(r1) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 369.726435] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 369.736676] erofs: root inode @ nid 36 [ 369.738241] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 369.738251] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 369.738260] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 369.738268] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 369.738277] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 369.780575] erofs: unmounted for /dev/loop3 [ 369.799758] erofs: mounted on /dev/loop4 with opts: . 23:46:24 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, r1}) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f00000000c0), 0x3) r3 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r3, 0x2, 0xffffffffffffffff, 0x0) r4 = gettid() ptrace$setopts(0x4200, r4, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:25 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 369.945807] erofs: read_super, device -> /dev/loop2 23:46:25 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 36) 23:46:25 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xca030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:25 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e007c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 369.975256] erofs: unmounted for /dev/loop4 [ 369.988614] erofs: options -> [ 370.024229] erofs: root inode @ nid 36 [ 370.064380] erofs: mounted on /dev/loop2 with opts: . [ 370.090798] erofs: read_super, device -> /dev/loop3 [ 370.094781] erofs: unmounted for /dev/loop2 [ 370.103671] erofs: options -> [ 370.117760] erofs: root inode @ nid 36 [ 370.132132] erofs: mounted on /dev/loop3 with opts: . [ 370.140653] erofs: unmounted for /dev/loop3 [ 370.167695] FAULT_INJECTION: forcing a failure. [ 370.167695] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 370.178710] erofs: read_super, device -> /dev/loop1 [ 370.179512] CPU: 1 PID: 22210 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 370.179570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.179574] Call Trace: [ 370.179597] dump_stack+0x1fc/0x2ef [ 370.202989] erofs: read_super, device -> /dev/loop4 [ 370.204437] should_fail.cold+0xa/0xf [ 370.204459] ? setup_fault_attr+0x200/0x200 [ 370.208119] erofs: options -> [ 370.213101] ? get_page_from_freelist+0x1d60/0x4170 [ 370.213119] __alloc_pages_nodemask+0x239/0x2890 [ 370.213132] ? get_page_from_freelist+0x1d60/0x4170 [ 370.213147] ? bad_range+0x260/0x3c0 [ 370.213163] ? __lock_acquire+0x6de/0x3ff0 [ 370.213180] ? preempt_count_add+0xaf/0x190 [ 370.213193] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 370.213225] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 370.247474] erofs: options -> [ 370.251592] cache_grow_begin+0xa4/0x8a0 [ 370.251611] ? setup_fault_attr+0x200/0x200 [ 370.251625] ? lock_acquire+0x170/0x3c0 [ 370.251641] cache_alloc_refill+0x273/0x340 [ 370.251659] kmem_cache_alloc+0x346/0x370 [ 370.251676] getname_kernel+0x4e/0x370 [ 370.251688] kern_path+0x1b/0x40 [ 370.251701] lookup_bdev+0xfc/0x220 [ 370.251713] ? bd_acquire+0x440/0x440 [ 370.251734] blkdev_get_by_path+0x1b/0xd0 [ 370.251746] mount_bdev+0x5b/0x3b0 [ 370.251760] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 370.251777] erofs_mount+0x8c/0xc0 [ 370.251793] ? erofs_kill_sb+0x20/0x20 [ 370.302214] erofs: root inode @ nid 36 [ 370.304881] ? alloc_pages_current+0x19b/0x2a0 [ 370.304898] ? __lockdep_init_map+0x100/0x5a0 [ 370.304913] mount_fs+0xa3/0x310 [ 370.316343] erofs: mounted on /dev/loop4 with opts: . [ 370.317248] vfs_kern_mount.part.0+0x68/0x470 [ 370.344080] erofs: root inode @ nid 36 [ 370.347321] do_mount+0x115c/0x2f50 [ 370.347342] ? cmp_ex_sort+0xc0/0xc0 [ 370.347360] ? __do_page_fault+0x180/0xd60 [ 370.352596] erofs: mounted on /dev/loop1 with opts: . [ 370.354855] ? copy_mount_string+0x40/0x40 [ 370.354879] ? memset+0x20/0x40 [ 370.358807] erofs: unmounted for /dev/loop1 [ 370.362808] ? copy_mount_options+0x26f/0x380 [ 370.362825] ksys_mount+0xcf/0x130 [ 370.362846] __x64_sys_mount+0xba/0x150 [ 370.362863] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 370.362879] do_syscall_64+0xf9/0x620 [ 370.362897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 370.362908] RIP: 0033:0x7f7be320463a [ 370.362921] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 370.362929] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 370.362941] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 370.362949] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 370.362956] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 370.362968] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 23:46:25 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcb030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:25 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x400000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.464988] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:25 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xaa000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.536754] erofs: unmounted for /dev/loop4 [ 370.549897] erofs: read_super, device -> /dev/loop5 [ 370.554937] erofs: options -> [ 370.558189] erofs: root inode @ nid 36 [ 370.574755] erofs: read_super, device -> /dev/loop2 23:46:25 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e009c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.582157] erofs: mounted on /dev/loop5 with opts: . [ 370.583295] erofs: options -> [ 370.592503] erofs: unmounted for /dev/loop5 [ 370.597036] erofs: root inode @ nid 36 [ 370.602191] erofs: mounted on /dev/loop2 with opts: . [ 370.607790] erofs: unmounted for /dev/loop2 [ 370.618705] erofs: read_super, device -> /dev/loop3 [ 370.624504] erofs: options -> [ 370.635630] erofs: root inode @ nid 36 [ 370.641708] erofs: mounted on /dev/loop3 with opts: . [ 370.647441] erofs: unmounted for /dev/loop3 23:46:25 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcc030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:25 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.754812] erofs: read_super, device -> /dev/loop1 [ 370.757184] erofs: read_super, device -> /dev/loop4 [ 370.775101] erofs: options -> 23:46:25 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 37) 23:46:25 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, r1}) (async) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f00000000c0), 0x3) (async) r3 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r3, 0x2, 0xffffffffffffffff, 0x0) (async) r4 = gettid() ptrace$setopts(0x4200, r4, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async, rerun: 32) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 32) pipe2(0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (rerun: 64) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 370.810644] erofs: root inode @ nid 36 [ 370.813261] erofs: options -> [ 370.826712] erofs: root inode @ nid 36 [ 370.828186] erofs: mounted on /dev/loop1 with opts: . [ 370.838676] erofs: mounted on /dev/loop4 with opts: . [ 370.851956] erofs: unmounted for /dev/loop1 23:46:25 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xbf030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.917888] erofs: unmounted for /dev/loop4 23:46:26 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e010c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 370.989500] erofs: read_super, device -> /dev/loop3 [ 371.001274] erofs: options -> [ 371.004077] FAULT_INJECTION: forcing a failure. [ 371.004077] name failslab, interval 1, probability 0, space 0, times 0 [ 371.023093] erofs: root inode @ nid 36 [ 371.029475] erofs: read_super, device -> /dev/loop2 [ 371.035451] erofs: mounted on /dev/loop3 with opts: . [ 371.063475] erofs: options -> [ 371.092493] erofs: root inode @ nid 36 [ 371.100163] erofs: unmounted for /dev/loop3 [ 371.112391] CPU: 1 PID: 22255 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 371.120376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.129743] Call Trace: [ 371.132353] dump_stack+0x1fc/0x2ef [ 371.135997] should_fail.cold+0xa/0xf [ 371.139811] ? setup_fault_attr+0x200/0x200 [ 371.144150] ? lock_acquire+0x170/0x3c0 [ 371.148145] __should_failslab+0x115/0x180 [ 371.152399] should_failslab+0x5/0x10 [ 371.156238] __kmalloc+0x2ab/0x3c0 [ 371.159801] ? __list_lru_init+0xd3/0x7f0 [ 371.164143] __list_lru_init+0xd3/0x7f0 [ 371.168137] ? up_write+0x18/0x150 [ 371.171703] sget_userns+0x7e2/0xcd0 [ 371.175436] ? set_bdev_super+0x110/0x110 [ 371.178269] erofs: mounted on /dev/loop2 with opts: . [ 371.179606] ? ns_test_super+0x50/0x50 [ 371.179623] ? set_bdev_super+0x110/0x110 [ 371.179635] ? ns_test_super+0x50/0x50 [ 371.179647] sget+0x102/0x140 [ 371.179664] mount_bdev+0xf8/0x3b0 [ 371.179677] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 371.179693] erofs_mount+0x8c/0xc0 [ 371.179706] ? erofs_kill_sb+0x20/0x20 [ 371.179728] ? alloc_pages_current+0x19b/0x2a0 [ 371.204264] erofs: unmounted for /dev/loop2 [ 371.208827] ? __lockdep_init_map+0x100/0x5a0 [ 371.208844] mount_fs+0xa3/0x310 [ 371.208863] vfs_kern_mount.part.0+0x68/0x470 [ 371.237604] do_mount+0x115c/0x2f50 [ 371.241251] ? cmp_ex_sort+0xc0/0xc0 [ 371.244978] ? __do_page_fault+0x180/0xd60 [ 371.249224] ? copy_mount_string+0x40/0x40 [ 371.253470] ? memset+0x20/0x40 [ 371.256763] ? copy_mount_options+0x26f/0x380 [ 371.261279] ksys_mount+0xcf/0x130 [ 371.264837] __x64_sys_mount+0xba/0x150 [ 371.268825] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 371.273424] do_syscall_64+0xf9/0x620 [ 371.277230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 371.282411] RIP: 0033:0x7f7be320463a [ 371.286118] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 371.305013] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 371.312722] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 371.320015] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 371.327277] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 371.334536] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 23:46:26 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xcd030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 371.341794] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 371.400729] erofs: read_super, device -> /dev/loop1 [ 371.406282] erofs: options -> [ 371.410153] erofs: root inode @ nid 36 [ 371.414723] erofs: mounted on /dev/loop1 with opts: . [ 371.420902] erofs: unmounted for /dev/loop1 23:46:26 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 371.452830] erofs: read_super, device -> /dev/loop4 [ 371.457857] erofs: options -> 23:46:26 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 38) 23:46:26 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e014c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 371.506612] erofs: root inode @ nid 36 [ 371.513887] erofs: mounted on /dev/loop4 with opts: . 23:46:26 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc0030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 371.597805] erofs: unmounted for /dev/loop4 [ 371.672804] erofs: read_super, device -> /dev/loop3 [ 371.677978] erofs: options -> [ 371.681774] erofs: read_super, device -> /dev/loop2 [ 371.686931] erofs: options -> [ 371.691957] FAULT_INJECTION: forcing a failure. [ 371.691957] name failslab, interval 1, probability 0, space 0, times 0 [ 371.697746] erofs: root inode @ nid 36 [ 371.707820] erofs: read_super, device -> /dev/loop1 [ 371.721725] erofs: options -> [ 371.725399] erofs: root inode @ nid 36 [ 371.745267] erofs: root inode @ nid 36 [ 371.759544] erofs: mounted on /dev/loop3 with opts: . [ 371.773343] erofs: read_super, device -> /dev/loop4 [ 371.801514] CPU: 1 PID: 22292 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 371.809443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.818810] Call Trace: [ 371.821417] dump_stack+0x1fc/0x2ef [ 371.825067] should_fail.cold+0xa/0xf [ 371.828892] ? setup_fault_attr+0x200/0x200 [ 371.833263] ? lock_acquire+0x170/0x3c0 [ 371.837263] __should_failslab+0x115/0x180 [ 371.841522] should_failslab+0x5/0x10 [ 371.842533] erofs: mounted on /dev/loop2 with opts: . [ 371.845347] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 371.845367] __kmalloc_node+0x38/0x70 [ 371.845383] kvmalloc_node+0x61/0xf0 [ 371.845400] __list_lru_init+0x4c6/0x7f0 [ 371.860426] erofs: mounted on /dev/loop1 with opts: . [ 371.863443] ? up_read+0xb3/0x110 [ 371.863465] sget_userns+0x7e2/0xcd0 [ 371.863480] ? set_bdev_super+0x110/0x110 [ 371.863501] ? ns_test_super+0x50/0x50 [ 371.880181] erofs: unmounted for /dev/loop1 [ 371.884063] ? set_bdev_super+0x110/0x110 [ 371.884078] ? ns_test_super+0x50/0x50 [ 371.884090] sget+0x102/0x140 [ 371.884105] mount_bdev+0xf8/0x3b0 [ 371.897205] erofs: unmounted for /dev/loop3 [ 371.900407] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 371.900428] erofs_mount+0x8c/0xc0 [ 371.900440] ? erofs_kill_sb+0x20/0x20 [ 371.900458] ? alloc_pages_current+0x19b/0x2a0 [ 371.900472] ? __lockdep_init_map+0x100/0x5a0 [ 371.900486] mount_fs+0xa3/0x310 [ 371.900503] vfs_kern_mount.part.0+0x68/0x470 [ 371.900520] do_mount+0x115c/0x2f50 [ 371.900537] ? cmp_ex_sort+0xc0/0xc0 23:46:27 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000000d67) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, r1}) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f00000000c0), 0x3) r3 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r3, 0x2, 0xffffffffffffffff, 0x0) r4 = gettid() ptrace$setopts(0x4200, r4, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(r1, r2, 0x0, 0x20000000d67) (async) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, r1}) (async) ptrace(0x10, r0) (async) ptrace$poke(0x5, r0, &(0x7f00000000c0), 0x3) (async) gettid() (async) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x1, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r3, 0x2, 0xffffffffffffffff, 0x0) (async) gettid() (async) ptrace$setopts(0x4200, r4, 0x0, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 371.918416] erofs: unmounted for /dev/loop2 [ 371.920283] ? __do_page_fault+0x180/0xd60 [ 371.920300] ? copy_mount_string+0x40/0x40 [ 371.920321] ? memset+0x20/0x40 [ 371.920336] ? copy_mount_options+0x26f/0x380 [ 371.920354] ksys_mount+0xcf/0x130 [ 371.920370] __x64_sys_mount+0xba/0x150 [ 371.920384] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 371.920397] do_syscall_64+0xf9/0x620 [ 371.920417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 371.935650] erofs: options -> [ 371.936695] RIP: 0033:0x7f7be320463a [ 371.936710] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 371.936718] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 371.936731] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 371.936743] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 371.944393] erofs: root inode @ nid 36 [ 371.944845] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 23:46:27 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:27 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf5ffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 371.948865] erofs: mounted on /dev/loop4 with opts: . [ 371.952937] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 371.952945] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 372.088479] erofs: unmounted for /dev/loop4 23:46:27 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x800000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:27 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e022c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:27 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 39) [ 372.345975] FAULT_INJECTION: forcing a failure. [ 372.345975] name failslab, interval 1, probability 0, space 0, times 0 [ 372.357737] CPU: 1 PID: 22347 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 372.361477] erofs: read_super, device -> /dev/loop3 [ 372.365832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.365844] Call Trace: [ 372.382910] dump_stack+0x1fc/0x2ef [ 372.384034] erofs: options -> [ 372.386553] should_fail.cold+0xa/0xf [ 372.386573] ? setup_fault_attr+0x200/0x200 [ 372.386586] ? lock_acquire+0x170/0x3c0 [ 372.386605] __should_failslab+0x115/0x180 [ 372.406196] should_failslab+0x5/0x10 [ 372.408618] erofs: read_super, device -> /dev/loop2 [ 372.410079] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 372.410098] __kmalloc_node+0x38/0x70 [ 372.410116] kvmalloc_node+0x61/0xf0 [ 372.410131] __list_lru_init+0x4c6/0x7f0 [ 372.410147] ? up_read+0xb3/0x110 [ 372.410165] sget_userns+0x7e2/0xcd0 [ 372.410177] ? set_bdev_super+0x110/0x110 [ 372.410195] ? ns_test_super+0x50/0x50 [ 372.410210] ? set_bdev_super+0x110/0x110 [ 372.410222] ? ns_test_super+0x50/0x50 [ 372.410235] sget+0x102/0x140 [ 372.410251] mount_bdev+0xf8/0x3b0 [ 372.416331] erofs: options -> [ 372.420398] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 372.420414] erofs_mount+0x8c/0xc0 [ 372.420427] ? erofs_kill_sb+0x20/0x20 [ 372.420444] ? alloc_pages_current+0x19b/0x2a0 [ 372.420457] ? __lockdep_init_map+0x100/0x5a0 [ 372.420470] mount_fs+0xa3/0x310 [ 372.420488] vfs_kern_mount.part.0+0x68/0x470 [ 372.420504] do_mount+0x115c/0x2f50 [ 372.420520] ? cmp_ex_sort+0xc0/0xc0 [ 372.420539] ? __do_page_fault+0x180/0xd60 [ 372.440882] erofs: read_super, device -> /dev/loop1 [ 372.443511] ? copy_mount_string+0x40/0x40 [ 372.443539] ? memset+0x20/0x40 [ 372.449638] erofs: options -> [ 372.451563] ? copy_mount_options+0x26f/0x380 [ 372.451583] ksys_mount+0xcf/0x130 [ 372.451600] __x64_sys_mount+0xba/0x150 [ 372.451621] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 372.466101] erofs: read_super, device -> /dev/loop4 [ 372.470649] do_syscall_64+0xf9/0x620 [ 372.470677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 372.470689] RIP: 0033:0x7f7be320463a [ 372.470702] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 372.470709] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 372.470721] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a 23:46:27 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb00000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 372.470728] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 372.470736] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 372.470744] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 372.470751] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 372.472600] erofs: root inode @ nid 36 [ 372.475244] erofs: root inode @ nid 36 [ 372.479493] erofs: mounted on /dev/loop2 with opts: . [ 372.490321] erofs: root inode @ nid 36 [ 372.493035] erofs: unmounted for /dev/loop2 23:46:27 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 40) [ 372.498031] erofs: options -> [ 372.615785] erofs: mounted on /dev/loop1 with opts: . [ 372.629265] erofs: mounted on /dev/loop3 with opts: . 23:46:27 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4206, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 372.697925] erofs: unmounted for /dev/loop1 [ 372.702992] erofs: root inode @ nid 36 [ 372.707207] erofs: mounted on /dev/loop4 with opts: . [ 372.749337] erofs: unmounted for /dev/loop3 [ 372.778224] FAULT_INJECTION: forcing a failure. [ 372.778224] name failslab, interval 1, probability 0, space 0, times 0 [ 372.790054] CPU: 0 PID: 22369 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 372.797995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.807376] Call Trace: [ 372.809959] dump_stack+0x1fc/0x2ef [ 372.813580] should_fail.cold+0xa/0xf [ 372.817499] ? setup_fault_attr+0x200/0x200 [ 372.821921] ? lock_acquire+0x170/0x3c0 [ 372.825994] __should_failslab+0x115/0x180 [ 372.830341] should_failslab+0x5/0x10 [ 372.834195] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 372.839464] __kmalloc_node+0x38/0x70 [ 372.843386] kvmalloc_node+0x61/0xf0 [ 372.847091] __list_lru_init+0x4c6/0x7f0 [ 372.851151] ? up_read+0xb3/0x110 [ 372.854642] sget_userns+0x810/0xcd0 [ 372.858348] ? set_bdev_super+0x110/0x110 [ 372.862484] ? ns_test_super+0x50/0x50 [ 372.866382] ? set_bdev_super+0x110/0x110 [ 372.870516] ? ns_test_super+0x50/0x50 [ 372.874390] sget+0x102/0x140 [ 372.877515] mount_bdev+0xf8/0x3b0 [ 372.881056] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 372.886320] erofs_mount+0x8c/0xc0 [ 372.889859] ? erofs_kill_sb+0x20/0x20 [ 372.893759] ? alloc_pages_current+0x19b/0x2a0 [ 372.898332] ? __lockdep_init_map+0x100/0x5a0 [ 372.902816] mount_fs+0xa3/0x310 [ 372.906170] vfs_kern_mount.part.0+0x68/0x470 [ 372.910656] do_mount+0x115c/0x2f50 [ 372.914272] ? cmp_ex_sort+0xc0/0xc0 [ 372.917981] ? __do_page_fault+0x180/0xd60 [ 372.922301] ? copy_mount_string+0x40/0x40 [ 372.926538] ? memset+0x20/0x40 [ 372.929826] ? copy_mount_options+0x26f/0x380 [ 372.934431] ksys_mount+0xcf/0x130 [ 372.937970] __x64_sys_mount+0xba/0x150 [ 372.941932] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 372.946513] do_syscall_64+0xf9/0x620 [ 372.950314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 372.955768] RIP: 0033:0x7f7be320463a [ 372.959467] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4206, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:28 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e037c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 372.978352] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 372.986137] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 372.993397] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 373.000652] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 373.008341] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 373.015601] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:28 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc1030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:28 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 41) [ 373.080422] erofs: read_super, device -> /dev/loop2 [ 373.100381] erofs: unmounted for /dev/loop4 [ 373.104020] erofs: options -> 23:46:28 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 373.136071] erofs: root inode @ nid 36 [ 373.157269] erofs: mounted on /dev/loop2 with opts: . 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async) ptrace$setopts(0x4206, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 373.191064] erofs: unmounted for /dev/loop2 [ 373.207613] erofs: read_super, device -> /dev/loop1 [ 373.224921] erofs: options -> 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0xdb}}, './file0\x00'}) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x4, 0x5, 0x4, 0x20, 0x0, 0x8000, 0x0, 0xd, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x3, 0xffffffffffffff08}, 0x18040, 0x5, 0x5, 0x4, 0x7, 0x9845, 0x5480, 0x0, 0x401, 0x0, 0xfff}, r0, 0x7, r3, 0x3) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 373.238317] erofs: root inode @ nid 36 [ 373.245951] erofs: mounted on /dev/loop1 with opts: . [ 373.257055] erofs: unmounted for /dev/loop1 23:46:28 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e0069ded9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:28 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xeffdffffffffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 373.289212] FAULT_INJECTION: forcing a failure. [ 373.289212] name failslab, interval 1, probability 0, space 0, times 0 [ 373.300720] erofs: read_super, device -> /dev/loop4 [ 373.305750] erofs: options -> [ 373.312024] erofs: read_super, device -> /dev/loop3 [ 373.320135] erofs: options -> [ 373.334286] erofs: root inode @ nid 36 [ 373.340281] erofs: root inode @ nid 36 [ 373.344775] CPU: 0 PID: 22397 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 373.352681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.362215] Call Trace: [ 373.364823] dump_stack+0x1fc/0x2ef [ 373.368572] should_fail.cold+0xa/0xf [ 373.372389] ? setup_fault_attr+0x200/0x200 [ 373.376728] ? lock_acquire+0x170/0x3c0 [ 373.380885] __should_failslab+0x115/0x180 [ 373.382770] erofs: mounted on /dev/loop4 with opts: . [ 373.385128] should_failslab+0x5/0x10 [ 373.385142] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 373.385159] __kmalloc_node+0x38/0x70 [ 373.397100] erofs: mounted on /dev/loop3 with opts: . [ 373.399235] kvmalloc_node+0x61/0xf0 [ 373.399252] __list_lru_init+0x4c6/0x7f0 [ 373.399266] ? up_read+0xb3/0x110 [ 373.399285] sget_userns+0x7e2/0xcd0 [ 373.399298] ? set_bdev_super+0x110/0x110 [ 373.399316] ? ns_test_super+0x50/0x50 [ 373.406136] erofs: unmounted for /dev/loop3 [ 373.408307] ? set_bdev_super+0x110/0x110 [ 373.408320] ? ns_test_super+0x50/0x50 [ 373.408336] sget+0x102/0x140 [ 373.446887] mount_bdev+0xf8/0x3b0 [ 373.450430] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 373.455695] erofs_mount+0x8c/0xc0 [ 373.459219] ? erofs_kill_sb+0x20/0x20 [ 373.463093] ? alloc_pages_current+0x19b/0x2a0 [ 373.467663] ? __lockdep_init_map+0x100/0x5a0 [ 373.472141] mount_fs+0xa3/0x310 [ 373.475496] vfs_kern_mount.part.0+0x68/0x470 [ 373.479977] do_mount+0x115c/0x2f50 [ 373.483594] ? cmp_ex_sort+0xc0/0xc0 [ 373.487297] ? __do_page_fault+0x180/0xd60 [ 373.491777] ? copy_mount_string+0x40/0x40 [ 373.496011] ? memset+0x20/0x40 [ 373.499291] ? copy_mount_options+0x26f/0x380 [ 373.503784] ksys_mount+0xcf/0x130 [ 373.507319] __x64_sys_mount+0xba/0x150 [ 373.511281] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 373.516284] do_syscall_64+0xf9/0x620 [ 373.520075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 373.525260] RIP: 0033:0x7f7be320463a [ 373.528961] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 373.547852] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 373.555549] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 373.562809] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 373.570074] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 373.577480] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0xdb}}, './file0\x00'}) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x4, 0x5, 0x4, 0x20, 0x0, 0x8000, 0x0, 0xd, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x3, 0xffffffffffffff08}, 0x18040, 0x5, 0x5, 0x4, 0x7, 0x9845, 0x5480, 0x0, 0x401, 0x0, 0xfff}, r0, 0x7, r3, 0x3) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 373.584951] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:28 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc2030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0xdb}}, './file0\x00'}) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x4, 0x5, 0x4, 0x20, 0x0, 0x8000, 0x0, 0xd, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x3, 0xffffffffffffff08}, 0x18040, 0x5, 0x5, 0x4, 0x7, 0x9845, 0x5480, 0x0, 0x401, 0x0, 0xfff}, r0, 0x7, r3, 0x3) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 373.653132] erofs: unmounted for /dev/loop4 [ 373.689771] erofs: read_super, device -> /dev/loop2 [ 373.694983] erofs: options -> [ 373.698490] erofs: root inode @ nid 36 [ 373.703278] erofs: mounted on /dev/loop2 with opts: . [ 373.708858] erofs: unmounted for /dev/loop2 [ 373.720926] erofs: read_super, device -> /dev/loop1 [ 373.729509] erofs: options -> [ 373.735567] erofs: root inode @ nid 36 23:46:28 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 42) 23:46:28 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:28 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000440)={@empty, @ipv4={'\x00', '\xff\xff', @empty}, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r1}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0xf, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}}, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000012c0)={0xffffffffffffffff, 0x20, &(0x7f0000001280)={&(0x7f0000000240)=""/39, 0x27, 0x0, &(0x7f0000000280)=""/4096, 0x1000}}, 0x10) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x2, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, [@jmp={0x5, 0x1, 0xc, 0x0, 0x1, 0x81e7796aaf569bf7, 0xfffffffffffffff0}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x3, &(0x7f00000000c0)=""/3, 0x40f00, 0x0, '\x00', r1, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x0, 0xef, 0x1}, 0x10, r2, 0xffffffffffffffff, 0x0, &(0x7f0000001300)=[0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 373.741246] erofs: mounted on /dev/loop1 with opts: . [ 373.752994] erofs: unmounted for /dev/loop1 23:46:28 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf6ffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:28 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9d010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 373.849613] FAULT_INJECTION: forcing a failure. [ 373.849613] name failslab, interval 1, probability 0, space 0, times 0 [ 373.891586] CPU: 0 PID: 22446 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 373.899504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.908862] Call Trace: [ 373.911476] dump_stack+0x1fc/0x2ef [ 373.915136] should_fail.cold+0xa/0xf [ 373.918978] ? setup_fault_attr+0x200/0x200 [ 373.923314] ? lock_acquire+0x170/0x3c0 [ 373.927300] __should_failslab+0x115/0x180 [ 373.931556] should_failslab+0x5/0x10 [ 373.935367] __kmalloc+0x2ab/0x3c0 [ 373.938920] ? prealloc_shrinker+0x15d/0x340 [ 373.943348] prealloc_shrinker+0x15d/0x340 [ 373.947609] sget_userns+0x7b4/0xcd0 [ 373.951342] ? set_bdev_super+0x110/0x110 [ 373.955517] ? ns_test_super+0x50/0x50 [ 373.959426] ? set_bdev_super+0x110/0x110 [ 373.963597] ? ns_test_super+0x50/0x50 [ 373.967517] sget+0x102/0x140 [ 373.970773] mount_bdev+0xf8/0x3b0 [ 373.974336] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 373.979743] erofs_mount+0x8c/0xc0 [ 373.983299] ? erofs_kill_sb+0x20/0x20 [ 373.987202] ? alloc_pages_current+0x19b/0x2a0 [ 373.991901] ? __lockdep_init_map+0x100/0x5a0 [ 373.996422] mount_fs+0xa3/0x310 [ 373.999920] vfs_kern_mount.part.0+0x68/0x470 [ 374.004413] do_mount+0x115c/0x2f50 [ 374.008054] ? cmp_ex_sort+0xc0/0xc0 [ 374.011790] ? __do_page_fault+0x180/0xd60 [ 374.016060] ? copy_mount_string+0x40/0x40 [ 374.020315] ? memset+0x20/0x40 [ 374.023629] ? copy_mount_options+0x26f/0x380 [ 374.028154] ksys_mount+0xcf/0x130 [ 374.031704] __x64_sys_mount+0xba/0x150 [ 374.035689] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 374.040279] do_syscall_64+0xf9/0x620 [ 374.044087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 374.049278] RIP: 0033:0x7f7be320463a [ 374.052988] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 374.071983] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 374.079691] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 374.086960] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 374.094230] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 374.101505] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 374.108792] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 374.133400] erofs: read_super, device -> /dev/loop4 [ 374.138559] erofs: options -> [ 374.142602] erofs: root inode @ nid 36 [ 374.147199] erofs: mounted on /dev/loop4 with opts: . [ 374.169851] erofs: read_super, device -> /dev/loop3 [ 374.175304] erofs: read_super, device -> /dev/loop1 23:46:29 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 43) [ 374.179343] erofs: read_super, device -> /dev/loop2 [ 374.181229] erofs: options -> [ 374.185478] erofs: options -> [ 374.192898] erofs: root inode @ nid 36 [ 374.197520] erofs: mounted on /dev/loop1 with opts: . [ 374.201190] erofs: options -> [ 374.205139] erofs: unmounted for /dev/loop1 [ 374.217824] erofs: root inode @ nid 36 23:46:29 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc3030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:29 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e020000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 374.234117] erofs: root inode @ nid 36 [ 374.238452] erofs: mounted on /dev/loop3 with opts: . [ 374.249031] erofs: unmounted for /dev/loop4 [ 374.256999] erofs: unmounted for /dev/loop3 [ 374.263269] erofs: mounted on /dev/loop2 with opts: . [ 374.275371] erofs: unmounted for /dev/loop2 23:46:29 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xff0f0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:29 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfcfdffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 374.370901] FAULT_INJECTION: forcing a failure. [ 374.370901] name failslab, interval 1, probability 0, space 0, times 0 [ 374.423671] CPU: 0 PID: 22476 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 374.432181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.441544] Call Trace: [ 374.444184] dump_stack+0x1fc/0x2ef [ 374.448098] should_fail.cold+0xa/0xf [ 374.451923] ? setup_fault_attr+0x200/0x200 [ 374.456265] ? lock_acquire+0x170/0x3c0 [ 374.460261] __should_failslab+0x115/0x180 [ 374.464536] should_failslab+0x5/0x10 [ 374.468348] __kmalloc+0x2ab/0x3c0 [ 374.471907] ? __list_lru_init+0xd3/0x7f0 [ 374.476090] __list_lru_init+0xd3/0x7f0 [ 374.480097] ? up_read+0xb3/0x110 [ 374.483579] sget_userns+0x810/0xcd0 [ 374.487396] ? set_bdev_super+0x110/0x110 [ 374.491568] ? ns_test_super+0x50/0x50 [ 374.495602] ? set_bdev_super+0x110/0x110 [ 374.499867] ? ns_test_super+0x50/0x50 [ 374.504200] sget+0x102/0x140 [ 374.507327] mount_bdev+0xf8/0x3b0 [ 374.510857] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 374.516149] erofs_mount+0x8c/0xc0 [ 374.519696] ? erofs_kill_sb+0x20/0x20 [ 374.523588] ? alloc_pages_current+0x19b/0x2a0 [ 374.528190] ? __lockdep_init_map+0x100/0x5a0 [ 374.532716] mount_fs+0xa3/0x310 [ 374.536092] vfs_kern_mount.part.0+0x68/0x470 [ 374.540605] do_mount+0x115c/0x2f50 [ 374.544237] ? cmp_ex_sort+0xc0/0xc0 [ 374.547983] ? __do_page_fault+0x180/0xd60 [ 374.552215] ? copy_mount_string+0x40/0x40 [ 374.556564] ? memset+0x20/0x40 [ 374.559878] ? copy_mount_options+0x26f/0x380 [ 374.564386] ksys_mount+0xcf/0x130 [ 374.567941] __x64_sys_mount+0xba/0x150 [ 374.571972] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 374.576554] do_syscall_64+0xf9/0x620 [ 374.580351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 374.585542] RIP: 0033:0x7f7be320463a [ 374.589263] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 374.608161] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 374.615867] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 374.623492] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 374.630965] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 374.638238] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 374.645503] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 374.700169] erofs: read_super, device -> /dev/loop1 [ 374.704619] erofs: read_super, device -> /dev/loop3 [ 374.709300] erofs: read_super, device -> /dev/loop4 [ 374.710763] erofs: options -> [ 374.715339] erofs: options -> [ 374.723111] erofs: root inode @ nid 36 [ 374.725823] erofs: options -> [ 374.727631] erofs: mounted on /dev/loop3 with opts: . [ 374.735315] erofs: root inode @ nid 36 [ 374.736434] erofs: unmounted for /dev/loop3 [ 374.752053] erofs: read_super, device -> /dev/loop2 [ 374.756389] erofs: root inode @ nid 36 [ 374.763248] erofs: options -> [ 374.765492] erofs: mounted on /dev/loop4 with opts: . [ 374.772829] erofs: root inode @ nid 36 [ 374.773028] erofs: mounted on /dev/loop2 with opts: . [ 374.783575] erofs: unmounted for /dev/loop2 [ 374.794346] erofs: mounted on /dev/loop1 with opts: . 23:46:29 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 44) 23:46:29 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffff1f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:29 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfdfdffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:29 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc4030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 374.896263] erofs: unmounted for /dev/loop1 [ 374.922495] erofs: unmounted for /dev/loop4 [ 374.986511] erofs: read_super, device -> /dev/loop5 [ 374.995057] erofs: options -> [ 374.998645] FAULT_INJECTION: forcing a failure. [ 374.998645] name failslab, interval 1, probability 0, space 0, times 0 [ 375.013531] CPU: 1 PID: 22510 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 375.021430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.030790] Call Trace: [ 375.033647] dump_stack+0x1fc/0x2ef [ 375.037279] should_fail.cold+0xa/0xf [ 375.041084] ? do_mount+0x115c/0x2f50 [ 375.044973] ? setup_fault_attr+0x200/0x200 [ 375.049394] ? blk_queue_enter+0x40b/0xb70 [ 375.053660] __should_failslab+0x115/0x180 [ 375.054025] erofs: read_super, device -> /dev/loop2 [ 375.057912] should_failslab+0x5/0x10 [ 375.066783] kmem_cache_alloc_node+0x54/0x3b0 [ 375.071310] create_task_io_context+0x2c/0x430 [ 375.075933] generic_make_request_checks+0x1c4f/0x22e0 [ 375.081265] ? should_fail_bio.isra.0+0xa0/0xa0 [ 375.085958] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 375.088717] erofs: options -> [ 375.090986] ? kmem_cache_alloc+0x315/0x370 [ 375.091007] generic_make_request+0x23f/0xdf0 [ 375.091024] ? blk_put_request+0x110/0x110 [ 375.091040] ? lock_downgrade+0x720/0x720 [ 375.091062] submit_bio+0xb1/0x430 [ 375.091079] ? generic_make_request+0xdf0/0xdf0 [ 375.091094] ? check_preemption_disabled+0x41/0x280 [ 375.091114] ? guard_bio_eod+0x2a0/0x650 [ 375.091131] submit_bh_wbc+0x5a7/0x760 [ 375.091148] __bread_gfp+0x14e/0x300 [ 375.107763] erofs: root inode @ nid 36 [ 375.111511] erofs_fill_super+0x207/0x12cc [ 375.111530] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 375.111543] ? vsprintf+0x30/0x30 [ 375.111560] ? wait_for_completion_io+0x10/0x10 [ 375.111572] ? set_blocksize+0x163/0x3f0 [ 375.111591] mount_bdev+0x2fc/0x3b0 [ 375.111607] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 375.124542] erofs: mounted on /dev/loop2 with opts: . [ 375.124986] erofs_mount+0x8c/0xc0 [ 375.136958] erofs: unmounted for /dev/loop2 [ 375.140584] ? erofs_kill_sb+0x20/0x20 [ 375.140603] ? alloc_pages_current+0x19b/0x2a0 [ 375.140616] ? __lockdep_init_map+0x100/0x5a0 [ 375.140631] mount_fs+0xa3/0x310 [ 375.140649] vfs_kern_mount.part.0+0x68/0x470 [ 375.140667] do_mount+0x115c/0x2f50 [ 375.140684] ? cmp_ex_sort+0xc0/0xc0 [ 375.140700] ? __do_page_fault+0x180/0xd60 [ 375.140716] ? copy_mount_string+0x40/0x40 [ 375.221572] ? memset+0x20/0x40 [ 375.224854] ? copy_mount_options+0x26f/0x380 [ 375.229368] ksys_mount+0xcf/0x130 [ 375.232923] __x64_sys_mount+0xba/0x150 [ 375.236912] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 375.241511] do_syscall_64+0xf9/0x620 [ 375.245316] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 375.250499] RIP: 0033:0x7f7be320463a [ 375.254759] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 375.273790] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 375.281492] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 375.288760] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 375.296030] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 375.303297] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 375.310579] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 375.325219] erofs: root inode @ nid 36 23:46:30 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000440)={@empty, @ipv4={'\x00', '\xff\xff', @empty}, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r1}) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0xf, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}}, 0x0) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000012c0)={0xffffffffffffffff, 0x20, &(0x7f0000001280)={&(0x7f0000000240)=""/39, 0x27, 0x0, &(0x7f0000000280)=""/4096, 0x1000}}, 0x10) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x2, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, [@jmp={0x5, 0x1, 0xc, 0x0, 0x1, 0x81e7796aaf569bf7, 0xfffffffffffffff0}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x3, &(0x7f00000000c0)=""/3, 0x40f00, 0x0, '\x00', r1, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x0, 0xef, 0x1}, 0x10, r2, 0xffffffffffffffff, 0x0, &(0x7f0000001300)=[0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 375.335238] erofs: mounted on /dev/loop5 with opts: . [ 375.338599] erofs: read_super, device -> /dev/loop3 [ 375.344507] erofs: unmounted for /dev/loop5 [ 375.357944] erofs: options -> [ 375.367199] erofs: root inode @ nid 36 [ 375.373499] erofs: mounted on /dev/loop3 with opts: . [ 375.379831] erofs: unmounted for /dev/loop3 23:46:30 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e030000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:30 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffff7f, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:30 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 45) [ 375.442629] erofs: read_super, device -> /dev/loop4 23:46:30 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfeffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 375.466156] erofs: options -> [ 375.470900] erofs: read_super, device -> /dev/loop1 [ 375.492299] erofs: root inode @ nid 36 [ 375.496020] erofs: options -> [ 375.505365] erofs: root inode @ nid 36 [ 375.512218] erofs: mounted on /dev/loop1 with opts: . [ 375.514161] erofs: mounted on /dev/loop4 with opts: . [ 375.517668] erofs: unmounted for /dev/loop1 [ 375.541747] erofs: read_super, device -> /dev/loop3 [ 375.547260] erofs: options -> [ 375.565105] FAULT_INJECTION: forcing a failure. [ 375.565105] name failslab, interval 1, probability 0, space 0, times 0 [ 375.573826] erofs: root inode @ nid 36 [ 375.597546] CPU: 0 PID: 22538 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 375.600927] erofs: mounted on /dev/loop3 with opts: . [ 375.605455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.605461] Call Trace: [ 375.605486] dump_stack+0x1fc/0x2ef [ 375.605506] should_fail.cold+0xa/0xf [ 375.605529] ? setup_fault_attr+0x200/0x200 [ 375.614500] erofs: unmounted for /dev/loop3 [ 375.620238] ? lock_acquire+0x170/0x3c0 [ 375.620262] __should_failslab+0x115/0x180 [ 375.620278] should_failslab+0x5/0x10 [ 375.620292] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 375.620308] __kmalloc_node+0x38/0x70 [ 375.620326] kvmalloc_node+0x61/0xf0 [ 375.663569] __list_lru_init+0x4c6/0x7f0 [ 375.667622] ? up_read+0xb3/0x110 [ 375.671064] sget_userns+0x810/0xcd0 [ 375.674762] ? set_bdev_super+0x110/0x110 [ 375.678900] ? ns_test_super+0x50/0x50 [ 375.682966] ? set_bdev_super+0x110/0x110 [ 375.687112] ? ns_test_super+0x50/0x50 [ 375.690999] sget+0x102/0x140 [ 375.694109] mount_bdev+0xf8/0x3b0 [ 375.697639] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 375.702905] erofs_mount+0x8c/0xc0 [ 375.706448] ? erofs_kill_sb+0x20/0x20 [ 375.710335] ? alloc_pages_current+0x19b/0x2a0 [ 375.715514] ? __lockdep_init_map+0x100/0x5a0 [ 375.720002] mount_fs+0xa3/0x310 [ 375.723365] vfs_kern_mount.part.0+0x68/0x470 [ 375.727848] do_mount+0x115c/0x2f50 [ 375.731461] ? cmp_ex_sort+0xc0/0xc0 [ 375.735163] ? __do_page_fault+0x180/0xd60 [ 375.739393] ? copy_mount_string+0x40/0x40 [ 375.743710] ? memset+0x20/0x40 [ 375.746979] ? copy_mount_options+0x26f/0x380 [ 375.751461] ksys_mount+0xcf/0x130 [ 375.755104] __x64_sys_mount+0xba/0x150 [ 375.759078] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 375.763660] do_syscall_64+0xf9/0x620 [ 375.767454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 375.772631] RIP: 0033:0x7f7be320463a [ 375.776352] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 375.795243] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 375.802938] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 375.810393] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 23:46:30 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000440)={@empty, @ipv4={'\x00', '\xff\xff', @empty}, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r1}) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0xf, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}}, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000012c0)={0xffffffffffffffff, 0x20, &(0x7f0000001280)={&(0x7f0000000240)=""/39, 0x27, 0x0, &(0x7f0000000280)=""/4096, 0x1000}}, 0x10) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x2, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, [@jmp={0x5, 0x1, 0xc, 0x0, 0x1, 0x81e7796aaf569bf7, 0xfffffffffffffff0}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x3, &(0x7f00000000c0)=""/3, 0x40f00, 0x0, '\x00', r1, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x0, 0xef, 0x1}, 0x10, r2, 0xffffffffffffffff, 0x0, &(0x7f0000001300)=[0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 375.817666] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 375.824992] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 375.832254] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:30 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e040000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:30 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:31 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc5030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:31 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffff8c, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 375.973190] erofs: read_super, device -> /dev/loop2 [ 375.978277] erofs: options -> [ 375.986748] erofs: read_super, device -> /dev/loop1 [ 375.992218] erofs: options -> [ 375.995941] erofs: unmounted for /dev/loop4 23:46:31 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 46) [ 376.028663] erofs: root inode @ nid 36 [ 376.035134] erofs: root inode @ nid 36 [ 376.052971] erofs: mounted on /dev/loop2 with opts: . [ 376.063681] erofs: mounted on /dev/loop1 with opts: . 23:46:31 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 376.078442] erofs: unmounted for /dev/loop2 [ 376.087739] erofs: unmounted for /dev/loop1 [ 376.097296] erofs: read_super, device -> /dev/loop4 [ 376.104021] erofs: options -> [ 376.107682] erofs: root inode @ nid 36 [ 376.113128] erofs: mounted on /dev/loop4 with opts: . 23:46:31 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc6030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:31 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e070000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 376.192604] erofs: read_super, device -> /dev/loop3 [ 376.197657] erofs: options -> [ 376.207164] erofs: read_super, device -> /dev/loop5 [ 376.229109] erofs: unmounted for /dev/loop4 [ 376.238612] erofs: options -> 23:46:31 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 376.250783] erofs: root inode @ nid 36 [ 376.259312] erofs: root inode @ nid 36 [ 376.293413] erofs: mounted on /dev/loop3 with opts: . [ 376.302058] FAULT_INJECTION: forcing a failure. [ 376.302058] name failslab, interval 1, probability 0, space 0, times 0 [ 376.314256] CPU: 1 PID: 22582 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 376.322159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.331518] Call Trace: [ 376.331837] erofs: unmounted for /dev/loop3 [ 376.334291] dump_stack+0x1fc/0x2ef [ 376.334313] should_fail.cold+0xa/0xf [ 376.334332] ? setup_fault_attr+0x200/0x200 [ 376.334345] ? lock_acquire+0x170/0x3c0 [ 376.334363] __should_failslab+0x115/0x180 [ 376.358690] should_failslab+0x5/0x10 [ 376.362506] kmem_cache_alloc+0x277/0x370 [ 376.366672] ? destroy_inode+0x20/0x20 [ 376.370571] alloc_inode+0x18/0x50 [ 376.374119] ? destroy_inode+0x20/0x20 [ 376.378037] alloc_inode+0x5d/0x180 [ 376.381677] iget_locked+0x193/0x480 [ 376.385432] erofs_iget+0x27/0x2720 [ 376.389094] ? do_raw_spin_unlock+0x171/0x230 [ 376.393601] erofs_fill_super+0xf65/0x12cc [ 376.397859] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 376.403158] ? vsprintf+0x30/0x30 [ 376.406637] ? wait_for_completion_io+0x10/0x10 [ 376.411322] ? set_blocksize+0x163/0x3f0 [ 376.415582] mount_bdev+0x2fc/0x3b0 [ 376.419217] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 376.424601] erofs_mount+0x8c/0xc0 [ 376.428175] ? erofs_kill_sb+0x20/0x20 [ 376.432079] ? alloc_pages_current+0x19b/0x2a0 [ 376.436662] ? __lockdep_init_map+0x100/0x5a0 [ 376.441144] mount_fs+0xa3/0x310 [ 376.444501] vfs_kern_mount.part.0+0x68/0x470 [ 376.448999] do_mount+0x115c/0x2f50 [ 376.452662] ? cmp_ex_sort+0xc0/0xc0 [ 376.456377] ? __do_page_fault+0x180/0xd60 [ 376.460602] ? copy_mount_string+0x40/0x40 [ 376.464841] ? memset+0x20/0x40 [ 376.468125] ? copy_mount_options+0x26f/0x380 [ 376.472639] ksys_mount+0xcf/0x130 [ 376.476178] __x64_sys_mount+0xba/0x150 [ 376.480155] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 376.484745] do_syscall_64+0xf9/0x620 [ 376.488573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.493756] RIP: 0033:0x7f7be320463a [ 376.497466] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 376.516446] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 376.524201] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 376.531530] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 23:46:31 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 376.538992] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 376.546291] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 376.553659] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 376.606787] erofs: read_super, device -> /dev/loop1 [ 376.614352] erofs: options -> [ 376.617583] erofs: root inode @ nid 36 [ 376.621904] erofs: mounted on /dev/loop1 with opts: . [ 376.627276] erofs: unmounted for /dev/loop1 [ 376.640313] erofs: read_super, device -> /dev/loop4 [ 376.645834] erofs: read_super, device -> /dev/loop2 23:46:31 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffff5, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:31 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 47) [ 376.673277] erofs: options -> [ 376.676611] erofs: options -> [ 376.686418] erofs: root inode @ nid 36 [ 376.691564] erofs: root inode @ nid 36 [ 376.706125] erofs: mounted on /dev/loop2 with opts: . 23:46:31 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e080000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:31 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xffffffffffff0700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:31 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc7030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 376.733601] erofs: mounted on /dev/loop4 with opts: . [ 376.750643] erofs: unmounted for /dev/loop2 [ 376.787278] erofs: unmounted for /dev/loop4 23:46:31 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x20000000d67) r2 = accept4$llc(0xffffffffffffffff, &(0x7f0000002240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000002280)=0x10, 0x80800) r3 = socket$rxrpc(0x21, 0x2, 0xa) r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000022c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002600)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000800)=[{&(0x7f00000002c0)="37e236b09629f7322bc0dd7b2381cafa4974e8b75491979ef28627273a64ac3e9a2d74a2af4196a455c371601f3c3a0501ab0c7789202029d25af4a805415465832ceca89b54dba5259bea2d2d42af826e337facfcbd301f4fb5a3f3360968607d861cc3d72551bf26dac9", 0x6b}, {&(0x7f0000000340)="2b2827f8ccf5ac60a1962a5a14d3bd969be69d0d037d4bc23101b5523ae99bd6", 0x20}, {&(0x7f0000000380)="16634439bbbd0310bf11d0e8210e36e9a77ae9e7eac5b098604c5c0c2a98e021022306a05e6512a4363cd4579343ff4334f5da6382ae395b4f5505f85097e8998af9d8dc07191825169099cb4a6e6e5b3d860eb4ed0370843c56c311f57c493437639bc4f72d8716b19658838b2b22d64428db4df2ac983dd3fa54d770b10f5674d58f0cacc8c29cc90b99b04d112992cf1ad841aa328df7ffc99dc39740485e1d25ac5c2222fb0685f62c5b4591eb6864fe04b207617620486c5ee215d5d397f81178987df2392d83bd01bd415015d3669271b3f819e8385736aa9b1112273e7251cee3e7f18db853", 0xe9}, {&(0x7f0000000480)="32b3840f5769a8ac414ba757409fad95a6cce90e083f3737295fc55af0c4cd200671e5e1fffffed8099d951ab5524746283540ccd1271c300ab5bc91ba718847fea26c2f0f0413e361c7e025b5aabf92a3cb060f105d588f821463", 0x5b}, {&(0x7f0000000500)="c7cdf45915bdb4635c5bf70af161c161fe5d20dcd38af96c059e30f738c47c5797c50f1b82e21296d2b977d14d9d8cecce97e623b0e9148d1b7076931126988f61171b8304813e7031e3a7393a7a480a97f6809323dedea28a0eb5828f8bd6dbde586f6424d00a044fc7db575a996e1da0afd724752338221823203ee32a4dbd982df3810cb6cea8a8a190b01dfa0afee182883b9989bc1ee6024b970b6e607f710e474fac54b315000f798b475029b3cd569638b5301ccff2c9cd6b1d024be9a4eeea0c5016fbb0da8b13ce8460441ef110cf88e01861abfbbc0929ed4abda88850ae88b3c7e8", 0xe7}, {&(0x7f0000000600)="82c9db975b0c86a87227ca64fc05b17484f8f13a3a8868552e896814128ea81bc083c9b66477839d9d48422c21f89d1818fa1bb072914a206b57c67b05e354ef64e0", 0x42}, {&(0x7f0000000680)="d964c25ef03c85061936301e8a7583da61", 0x11}, {&(0x7f00000006c0)="e566e5deeff19d1eb0ee617b9e88b1ae031c8f7a174d38fcc05e500ae1d5e264eeef6064ed5777112607cce29aedd4d4b8995b34a5c946f4636e0c2fc7a02bdbf9faba4b136f0ad0b97bb725a19409df03d7818c5db5546a534ce605a4af2f93b1cd69a4945f9134d88f0b38fd42084f90adca7a5f7123327492cc47560f13e781a01a2e2082f92b448b656ea9cbbac3bea348277348587e4dfb071e46dc3260e55c47abd25ff4d6f162458167449962d6c72518b678e5340f822f467568b95cf73721cda5b2f2bf2c4f31d9e71e0e221798705349c5d27a86de", 0xda}, {&(0x7f00000007c0)="97890e822a412c20d0a6b6ae15d003b9d77255ac2398a222135ea421724a0a99216265cb1f4c891afd97f7feb02a2e99f3e7", 0x32}], 0x9, &(0x7f0000002300)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xee01}}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4]}}], 0x110, 0x8}}, {{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002440)="e70eca943806f5de6ea4ec8d07049f09f7248475c636791f420d2525b8f3afdc178ae78c0547815a097b7bb9317c8b69074656b5febe45c12c2cb5c984331d1374ebab867271553182e6ebd0f6493a288176f9f9f9f06ffd44697834c44525ab3a5692e7ea7ee5feb48103d1b4d80e99915788848b7ace72ddc8d2dfa10d69a787cdefc23046605bbb", 0x89}, {&(0x7f0000002500)="6b287cb13f88303ce122491d0ae76e70a88d0f23d38367566726a73e716f540ef3ff03fcfda0560d2416615932d8c9164d5eab6fbf47e1f358d7c0ede713368d84bfe4daf10e2bfa9579bc448e049d73c9b81cec07a9a25a127841d90b174bd531bff5c2693a982febac573dcd0de88f6668aa28b1cfc4300074d85fc72e6dca8160d3093f8d52a17fa2751bb01a7341a874eb33eb4a070abbbd313b28c67453ce0f12d764684795e7ba6e57625e30d4ab466b", 0xb3}], 0x2, 0x0, 0x0, 0x8000044}}], 0x2, 0x41) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x140) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 376.841361] erofs: read_super, device -> /dev/loop5 [ 376.853440] erofs: options -> [ 376.857521] erofs: root inode @ nid 36 [ 376.866449] FAULT_INJECTION: forcing a failure. [ 376.866449] name failslab, interval 1, probability 0, space 0, times 0 [ 376.877771] CPU: 0 PID: 22640 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 376.885658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.894998] Call Trace: [ 376.897602] dump_stack+0x1fc/0x2ef [ 376.901225] should_fail.cold+0xa/0xf [ 376.905017] ? setup_fault_attr+0x200/0x200 [ 376.909336] ? lock_acquire+0x170/0x3c0 [ 376.913306] __should_failslab+0x115/0x180 [ 376.917528] should_failslab+0x5/0x10 [ 376.921316] kmem_cache_alloc+0x277/0x370 [ 376.925451] ? destroy_inode+0x20/0x20 [ 376.929334] alloc_inode+0x18/0x50 [ 376.932872] ? destroy_inode+0x20/0x20 [ 376.936746] alloc_inode+0x5d/0x180 [ 376.940376] iget_locked+0x193/0x480 [ 376.944086] erofs_iget+0x27/0x2720 [ 376.947698] ? do_raw_spin_unlock+0x171/0x230 [ 376.952183] erofs_fill_super+0xf65/0x12cc [ 376.956560] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 376.961835] ? vsprintf+0x30/0x30 [ 376.965299] ? wait_for_completion_io+0x10/0x10 [ 376.969966] ? set_blocksize+0x163/0x3f0 [ 376.974030] mount_bdev+0x2fc/0x3b0 [ 376.977722] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 376.983269] erofs_mount+0x8c/0xc0 [ 376.986802] ? erofs_kill_sb+0x20/0x20 [ 376.990691] ? alloc_pages_current+0x19b/0x2a0 [ 376.995307] ? __lockdep_init_map+0x100/0x5a0 [ 376.999791] mount_fs+0xa3/0x310 [ 377.003147] vfs_kern_mount.part.0+0x68/0x470 [ 377.007627] do_mount+0x115c/0x2f50 [ 377.011255] ? cmp_ex_sort+0xc0/0xc0 [ 377.014967] ? __do_page_fault+0x180/0xd60 [ 377.019195] ? copy_mount_string+0x40/0x40 [ 377.023434] ? memset+0x20/0x40 [ 377.026720] ? copy_mount_options+0x26f/0x380 [ 377.031221] ksys_mount+0xcf/0x130 [ 377.034750] __x64_sys_mount+0xba/0x150 [ 377.038716] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 377.043393] do_syscall_64+0xf9/0x620 [ 377.047216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 377.052392] RIP: 0033:0x7f7be320463a [ 377.056092] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 377.074978] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 377.082679] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 377.089933] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 377.097188] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 377.104551] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 377.111813] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 377.163715] erofs: read_super, device -> /dev/loop1 [ 377.170239] erofs: options -> [ 377.178260] erofs: root inode @ nid 36 [ 377.190956] erofs: mounted on /dev/loop1 with opts: . [ 377.197742] erofs: unmounted for /dev/loop1 23:46:32 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffffffffffdef, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:32 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x20000000d67) r2 = accept4$llc(0xffffffffffffffff, &(0x7f0000002240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000002280)=0x10, 0x80800) r3 = socket$rxrpc(0x21, 0x2, 0xa) r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000022c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002600)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000800)=[{&(0x7f00000002c0)="37e236b09629f7322bc0dd7b2381cafa4974e8b75491979ef28627273a64ac3e9a2d74a2af4196a455c371601f3c3a0501ab0c7789202029d25af4a805415465832ceca89b54dba5259bea2d2d42af826e337facfcbd301f4fb5a3f3360968607d861cc3d72551bf26dac9", 0x6b}, {&(0x7f0000000340)="2b2827f8ccf5ac60a1962a5a14d3bd969be69d0d037d4bc23101b5523ae99bd6", 0x20}, {&(0x7f0000000380)="16634439bbbd0310bf11d0e8210e36e9a77ae9e7eac5b098604c5c0c2a98e021022306a05e6512a4363cd4579343ff4334f5da6382ae395b4f5505f85097e8998af9d8dc07191825169099cb4a6e6e5b3d860eb4ed0370843c56c311f57c493437639bc4f72d8716b19658838b2b22d64428db4df2ac983dd3fa54d770b10f5674d58f0cacc8c29cc90b99b04d112992cf1ad841aa328df7ffc99dc39740485e1d25ac5c2222fb0685f62c5b4591eb6864fe04b207617620486c5ee215d5d397f81178987df2392d83bd01bd415015d3669271b3f819e8385736aa9b1112273e7251cee3e7f18db853", 0xe9}, {&(0x7f0000000480)="32b3840f5769a8ac414ba757409fad95a6cce90e083f3737295fc55af0c4cd200671e5e1fffffed8099d951ab5524746283540ccd1271c300ab5bc91ba718847fea26c2f0f0413e361c7e025b5aabf92a3cb060f105d588f821463", 0x5b}, {&(0x7f0000000500)="c7cdf45915bdb4635c5bf70af161c161fe5d20dcd38af96c059e30f738c47c5797c50f1b82e21296d2b977d14d9d8cecce97e623b0e9148d1b7076931126988f61171b8304813e7031e3a7393a7a480a97f6809323dedea28a0eb5828f8bd6dbde586f6424d00a044fc7db575a996e1da0afd724752338221823203ee32a4dbd982df3810cb6cea8a8a190b01dfa0afee182883b9989bc1ee6024b970b6e607f710e474fac54b315000f798b475029b3cd569638b5301ccff2c9cd6b1d024be9a4eeea0c5016fbb0da8b13ce8460441ef110cf88e01861abfbbc0929ed4abda88850ae88b3c7e8", 0xe7}, {&(0x7f0000000600)="82c9db975b0c86a87227ca64fc05b17484f8f13a3a8868552e896814128ea81bc083c9b66477839d9d48422c21f89d1818fa1bb072914a206b57c67b05e354ef64e0", 0x42}, {&(0x7f0000000680)="d964c25ef03c85061936301e8a7583da61", 0x11}, {&(0x7f00000006c0)="e566e5deeff19d1eb0ee617b9e88b1ae031c8f7a174d38fcc05e500ae1d5e264eeef6064ed5777112607cce29aedd4d4b8995b34a5c946f4636e0c2fc7a02bdbf9faba4b136f0ad0b97bb725a19409df03d7818c5db5546a534ce605a4af2f93b1cd69a4945f9134d88f0b38fd42084f90adca7a5f7123327492cc47560f13e781a01a2e2082f92b448b656ea9cbbac3bea348277348587e4dfb071e46dc3260e55c47abd25ff4d6f162458167449962d6c72518b678e5340f822f467568b95cf73721cda5b2f2bf2c4f31d9e71e0e221798705349c5d27a86de", 0xda}, {&(0x7f00000007c0)="97890e822a412c20d0a6b6ae15d003b9d77255ac2398a222135ea421724a0a99216265cb1f4c891afd97f7feb02a2e99f3e7", 0x32}], 0x9, &(0x7f0000002300)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xee01}}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4]}}], 0x110, 0x8}}, {{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002440)="e70eca943806f5de6ea4ec8d07049f09f7248475c636791f420d2525b8f3afdc178ae78c0547815a097b7bb9317c8b69074656b5febe45c12c2cb5c984331d1374ebab867271553182e6ebd0f6493a288176f9f9f9f06ffd44697834c44525ab3a5692e7ea7ee5feb48103d1b4d80e99915788848b7ace72ddc8d2dfa10d69a787cdefc23046605bbb", 0x89}, {&(0x7f0000002500)="6b287cb13f88303ce122491d0ae76e70a88d0f23d38367566726a73e716f540ef3ff03fcfda0560d2416615932d8c9164d5eab6fbf47e1f358d7c0ede713368d84bfe4daf10e2bfa9579bc448e049d73c9b81cec07a9a25a127841d90b174bd531bff5c2693a982febac573dcd0de88f6668aa28b1cfc4300074d85fc72e6dca8160d3093f8d52a17fa2751bb01a7341a874eb33eb4a070abbbd313b28c67453ce0f12d764684795e7ba6e57625e30d4ab466b", 0xb3}], 0x2, 0x0, 0x0, 0x8000044}}], 0x2, 0x41) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x140) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) (async) sendfile(0xffffffffffffffff, r1, 0x0, 0x20000000d67) (async) accept4$llc(0xffffffffffffffff, &(0x7f0000002240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000002280)=0x10, 0x80800) (async) socket$rxrpc(0x21, 0x2, 0xa) (async) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000022c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002600)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000800)=[{&(0x7f00000002c0)="37e236b09629f7322bc0dd7b2381cafa4974e8b75491979ef28627273a64ac3e9a2d74a2af4196a455c371601f3c3a0501ab0c7789202029d25af4a805415465832ceca89b54dba5259bea2d2d42af826e337facfcbd301f4fb5a3f3360968607d861cc3d72551bf26dac9", 0x6b}, {&(0x7f0000000340)="2b2827f8ccf5ac60a1962a5a14d3bd969be69d0d037d4bc23101b5523ae99bd6", 0x20}, {&(0x7f0000000380)="16634439bbbd0310bf11d0e8210e36e9a77ae9e7eac5b098604c5c0c2a98e021022306a05e6512a4363cd4579343ff4334f5da6382ae395b4f5505f85097e8998af9d8dc07191825169099cb4a6e6e5b3d860eb4ed0370843c56c311f57c493437639bc4f72d8716b19658838b2b22d64428db4df2ac983dd3fa54d770b10f5674d58f0cacc8c29cc90b99b04d112992cf1ad841aa328df7ffc99dc39740485e1d25ac5c2222fb0685f62c5b4591eb6864fe04b207617620486c5ee215d5d397f81178987df2392d83bd01bd415015d3669271b3f819e8385736aa9b1112273e7251cee3e7f18db853", 0xe9}, {&(0x7f0000000480)="32b3840f5769a8ac414ba757409fad95a6cce90e083f3737295fc55af0c4cd200671e5e1fffffed8099d951ab5524746283540ccd1271c300ab5bc91ba718847fea26c2f0f0413e361c7e025b5aabf92a3cb060f105d588f821463", 0x5b}, {&(0x7f0000000500)="c7cdf45915bdb4635c5bf70af161c161fe5d20dcd38af96c059e30f738c47c5797c50f1b82e21296d2b977d14d9d8cecce97e623b0e9148d1b7076931126988f61171b8304813e7031e3a7393a7a480a97f6809323dedea28a0eb5828f8bd6dbde586f6424d00a044fc7db575a996e1da0afd724752338221823203ee32a4dbd982df3810cb6cea8a8a190b01dfa0afee182883b9989bc1ee6024b970b6e607f710e474fac54b315000f798b475029b3cd569638b5301ccff2c9cd6b1d024be9a4eeea0c5016fbb0da8b13ce8460441ef110cf88e01861abfbbc0929ed4abda88850ae88b3c7e8", 0xe7}, {&(0x7f0000000600)="82c9db975b0c86a87227ca64fc05b17484f8f13a3a8868552e896814128ea81bc083c9b66477839d9d48422c21f89d1818fa1bb072914a206b57c67b05e354ef64e0", 0x42}, {&(0x7f0000000680)="d964c25ef03c85061936301e8a7583da61", 0x11}, {&(0x7f00000006c0)="e566e5deeff19d1eb0ee617b9e88b1ae031c8f7a174d38fcc05e500ae1d5e264eeef6064ed5777112607cce29aedd4d4b8995b34a5c946f4636e0c2fc7a02bdbf9faba4b136f0ad0b97bb725a19409df03d7818c5db5546a534ce605a4af2f93b1cd69a4945f9134d88f0b38fd42084f90adca7a5f7123327492cc47560f13e781a01a2e2082f92b448b656ea9cbbac3bea348277348587e4dfb071e46dc3260e55c47abd25ff4d6f162458167449962d6c72518b678e5340f822f467568b95cf73721cda5b2f2bf2c4f31d9e71e0e221798705349c5d27a86de", 0xda}, {&(0x7f00000007c0)="97890e822a412c20d0a6b6ae15d003b9d77255ac2398a222135ea421724a0a99216265cb1f4c891afd97f7feb02a2e99f3e7", 0x32}], 0x9, &(0x7f0000002300)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xee01}}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4]}}], 0x110, 0x8}}, {{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002440)="e70eca943806f5de6ea4ec8d07049f09f7248475c636791f420d2525b8f3afdc178ae78c0547815a097b7bb9317c8b69074656b5febe45c12c2cb5c984331d1374ebab867271553182e6ebd0f6493a288176f9f9f9f06ffd44697834c44525ab3a5692e7ea7ee5feb48103d1b4d80e99915788848b7ace72ddc8d2dfa10d69a787cdefc23046605bbb", 0x89}, {&(0x7f0000002500)="6b287cb13f88303ce122491d0ae76e70a88d0f23d38367566726a73e716f540ef3ff03fcfda0560d2416615932d8c9164d5eab6fbf47e1f358d7c0ede713368d84bfe4daf10e2bfa9579bc448e049d73c9b81cec07a9a25a127841d90b174bd531bff5c2693a982febac573dcd0de88f6668aa28b1cfc4300074d85fc72e6dca8160d3093f8d52a17fa2751bb01a7341a874eb33eb4a070abbbd313b28c67453ce0f12d764684795e7ba6e57625e30d4ab466b", 0xb3}], 0x2, 0x0, 0x0, 0x8000044}}], 0x2, 0x41) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) (async) sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x140) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) 23:46:32 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e100000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 377.216246] erofs: read_super, device -> /dev/loop2 [ 377.224961] erofs: read_super, device -> /dev/loop3 [ 377.229998] erofs: options -> [ 377.230062] erofs: root inode @ nid 36 [ 377.230150] erofs: mounted on /dev/loop2 with opts: . [ 377.230270] erofs: unmounted for /dev/loop2 23:46:32 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 48) [ 377.290500] erofs: read_super, device -> /dev/loop4 [ 377.327111] erofs: options -> [ 377.341579] erofs: root inode @ nid 36 [ 377.346921] erofs: options -> [ 377.352450] erofs: mounted on /dev/loop4 with opts: . [ 377.360844] erofs: read_super, device -> /dev/loop1 [ 377.366411] erofs: root inode @ nid 36 [ 377.370787] erofs: options -> 23:46:32 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) ptrace(0x10, r0) (async, rerun: 32) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (rerun: 32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x20000000d67) r2 = accept4$llc(0xffffffffffffffff, &(0x7f0000002240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000002280)=0x10, 0x80800) r3 = socket$rxrpc(0x21, 0x2, 0xa) (async) r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000022c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002600)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000800)=[{&(0x7f00000002c0)="37e236b09629f7322bc0dd7b2381cafa4974e8b75491979ef28627273a64ac3e9a2d74a2af4196a455c371601f3c3a0501ab0c7789202029d25af4a805415465832ceca89b54dba5259bea2d2d42af826e337facfcbd301f4fb5a3f3360968607d861cc3d72551bf26dac9", 0x6b}, {&(0x7f0000000340)="2b2827f8ccf5ac60a1962a5a14d3bd969be69d0d037d4bc23101b5523ae99bd6", 0x20}, {&(0x7f0000000380)="16634439bbbd0310bf11d0e8210e36e9a77ae9e7eac5b098604c5c0c2a98e021022306a05e6512a4363cd4579343ff4334f5da6382ae395b4f5505f85097e8998af9d8dc07191825169099cb4a6e6e5b3d860eb4ed0370843c56c311f57c493437639bc4f72d8716b19658838b2b22d64428db4df2ac983dd3fa54d770b10f5674d58f0cacc8c29cc90b99b04d112992cf1ad841aa328df7ffc99dc39740485e1d25ac5c2222fb0685f62c5b4591eb6864fe04b207617620486c5ee215d5d397f81178987df2392d83bd01bd415015d3669271b3f819e8385736aa9b1112273e7251cee3e7f18db853", 0xe9}, {&(0x7f0000000480)="32b3840f5769a8ac414ba757409fad95a6cce90e083f3737295fc55af0c4cd200671e5e1fffffed8099d951ab5524746283540ccd1271c300ab5bc91ba718847fea26c2f0f0413e361c7e025b5aabf92a3cb060f105d588f821463", 0x5b}, {&(0x7f0000000500)="c7cdf45915bdb4635c5bf70af161c161fe5d20dcd38af96c059e30f738c47c5797c50f1b82e21296d2b977d14d9d8cecce97e623b0e9148d1b7076931126988f61171b8304813e7031e3a7393a7a480a97f6809323dedea28a0eb5828f8bd6dbde586f6424d00a044fc7db575a996e1da0afd724752338221823203ee32a4dbd982df3810cb6cea8a8a190b01dfa0afee182883b9989bc1ee6024b970b6e607f710e474fac54b315000f798b475029b3cd569638b5301ccff2c9cd6b1d024be9a4eeea0c5016fbb0da8b13ce8460441ef110cf88e01861abfbbc0929ed4abda88850ae88b3c7e8", 0xe7}, {&(0x7f0000000600)="82c9db975b0c86a87227ca64fc05b17484f8f13a3a8868552e896814128ea81bc083c9b66477839d9d48422c21f89d1818fa1bb072914a206b57c67b05e354ef64e0", 0x42}, {&(0x7f0000000680)="d964c25ef03c85061936301e8a7583da61", 0x11}, {&(0x7f00000006c0)="e566e5deeff19d1eb0ee617b9e88b1ae031c8f7a174d38fcc05e500ae1d5e264eeef6064ed5777112607cce29aedd4d4b8995b34a5c946f4636e0c2fc7a02bdbf9faba4b136f0ad0b97bb725a19409df03d7818c5db5546a534ce605a4af2f93b1cd69a4945f9134d88f0b38fd42084f90adca7a5f7123327492cc47560f13e781a01a2e2082f92b448b656ea9cbbac3bea348277348587e4dfb071e46dc3260e55c47abd25ff4d6f162458167449962d6c72518b678e5340f822f467568b95cf73721cda5b2f2bf2c4f31d9e71e0e221798705349c5d27a86de", 0xda}, {&(0x7f00000007c0)="97890e822a412c20d0a6b6ae15d003b9d77255ac2398a222135ea421724a0a99216265cb1f4c891afd97f7feb02a2e99f3e7", 0x32}], 0x9, &(0x7f0000002300)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xee01}}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4]}}], 0x110, 0x8}}, {{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002440)="e70eca943806f5de6ea4ec8d07049f09f7248475c636791f420d2525b8f3afdc178ae78c0547815a097b7bb9317c8b69074656b5febe45c12c2cb5c984331d1374ebab867271553182e6ebd0f6493a288176f9f9f9f06ffd44697834c44525ab3a5692e7ea7ee5feb48103d1b4d80e99915788848b7ace72ddc8d2dfa10d69a787cdefc23046605bbb", 0x89}, {&(0x7f0000002500)="6b287cb13f88303ce122491d0ae76e70a88d0f23d38367566726a73e716f540ef3ff03fcfda0560d2416615932d8c9164d5eab6fbf47e1f358d7c0ede713368d84bfe4daf10e2bfa9579bc448e049d73c9b81cec07a9a25a127841d90b174bd531bff5c2693a982febac573dcd0de88f6668aa28b1cfc4300074d85fc72e6dca8160d3093f8d52a17fa2751bb01a7341a874eb33eb4a070abbbd313b28c67453ce0f12d764684795e7ba6e57625e30d4ab466b", 0xb3}], 0x2, 0x0, 0x0, 0x8000044}}], 0x2, 0x41) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x140) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (rerun: 32) 23:46:32 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc8030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 377.374302] erofs: mounted on /dev/loop3 with opts: . [ 377.380545] erofs: read_super, device -> /dev/loop5 [ 377.385578] erofs: options -> [ 377.398682] erofs: read_super, device -> /dev/loop2 [ 377.402844] erofs: root inode @ nid 36 [ 377.408554] erofs: unmounted for /dev/loop3 [ 377.417577] erofs: unmounted for /dev/loop4 [ 377.419762] erofs: options -> [ 377.422350] erofs: root inode @ nid 36 [ 377.434739] erofs: root inode @ nid 36 [ 377.435193] erofs: mounted on /dev/loop1 with opts: . [ 377.444344] erofs: mounted on /dev/loop2 with opts: . [ 377.450713] FAULT_INJECTION: forcing a failure. [ 377.450713] name failslab, interval 1, probability 0, space 0, times 0 [ 377.458482] erofs: unmounted for /dev/loop2 [ 377.463349] erofs: unmounted for /dev/loop1 [ 377.500904] CPU: 0 PID: 22669 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 377.508850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.518209] Call Trace: [ 377.520815] dump_stack+0x1fc/0x2ef [ 377.524468] should_fail.cold+0xa/0xf [ 377.528293] ? setup_fault_attr+0x200/0x200 [ 377.532632] ? lock_acquire+0x170/0x3c0 [ 377.536718] __should_failslab+0x115/0x180 [ 377.540983] should_failslab+0x5/0x10 [ 377.544978] kmem_cache_alloc+0x277/0x370 [ 377.549143] ? destroy_inode+0x20/0x20 [ 377.553140] alloc_inode+0x18/0x50 [ 377.557047] ? destroy_inode+0x20/0x20 [ 377.560962] alloc_inode+0x5d/0x180 [ 377.564604] new_inode+0x1d/0xf0 [ 377.568032] erofs_fill_super+0xde9/0x12cc [ 377.572286] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 377.577576] ? vsprintf+0x30/0x30 [ 377.581035] ? wait_for_completion_io+0x10/0x10 [ 377.585819] ? set_blocksize+0x163/0x3f0 [ 377.589888] mount_bdev+0x2fc/0x3b0 [ 377.593528] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 377.598807] erofs_mount+0x8c/0xc0 [ 377.602349] ? erofs_kill_sb+0x20/0x20 [ 377.606230] ? alloc_pages_current+0x19b/0x2a0 [ 377.610799] ? __lockdep_init_map+0x100/0x5a0 [ 377.615375] mount_fs+0xa3/0x310 [ 377.618735] vfs_kern_mount.part.0+0x68/0x470 [ 377.623217] do_mount+0x115c/0x2f50 [ 377.626926] ? cmp_ex_sort+0xc0/0xc0 [ 377.630645] ? __do_page_fault+0x180/0xd60 [ 377.634982] ? copy_mount_string+0x40/0x40 [ 377.639267] ? memset+0x20/0x40 [ 377.642543] ? copy_mount_options+0x26f/0x380 [ 377.647184] ksys_mount+0xcf/0x130 [ 377.650776] __x64_sys_mount+0xba/0x150 [ 377.654742] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 377.659320] do_syscall_64+0xf9/0x620 [ 377.663114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 377.668309] RIP: 0033:0x7f7be320463a [ 377.672049] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 377.690942] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 23:46:32 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:32 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:32 executing program 0: sched_setparam(0x0, 0x0) ptrace(0x10, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x80, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r0, 0x2, 0xffffffffffffffff, 0x0) ptrace(0x4208, r0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:32 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e140000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 377.698760] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 377.706018] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 377.713454] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 377.720715] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 377.727975] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:32 executing program 0: sched_setparam(0x0, 0x0) (async) ptrace(0x10, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x80, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r0, 0x2, 0xffffffffffffffff, 0x0) (async) ptrace(0x4208, r0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:32 executing program 5: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) (fail_nth: 49) [ 377.840362] erofs: read_super, device -> /dev/loop4 [ 377.845430] erofs: options -> [ 377.847386] erofs: read_super, device -> /dev/loop3 [ 377.857390] erofs: options -> [ 377.861810] erofs: root inode @ nid 36 [ 377.871890] erofs: mounted on /dev/loop3 with opts: . [ 377.882802] erofs: unmounted for /dev/loop3 23:46:32 executing program 0: sched_setparam(0x0, 0x0) (async) ptrace(0x10, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) r0 = gettid() perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x7, 0x80, 0x6, 0x0, 0x0, 0x200, 0x50002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6703abfe, 0x0, @perf_bp={&(0x7f0000000100), 0x11}, 0x1, 0x3ff, 0xb8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80, 0x0, 0x3}, r0, 0x2, 0xffffffffffffffff, 0x0) (async) ptrace(0x4208, r0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 377.893731] erofs: root inode @ nid 36 [ 377.907663] erofs: mounted on /dev/loop4 with opts: . 23:46:33 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffffe, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 377.938999] erofs: read_super, device -> /dev/loop2 23:46:33 executing program 4: syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc9030000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) sched_getscheduler(0x0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) [ 377.966612] erofs: options -> [ 377.982565] erofs: read_super, device -> /dev/loop5 [ 377.987614] erofs: options -> [ 377.992121] erofs: unmounted for /dev/loop4 [ 377.994712] erofs: read_super, device -> /dev/loop1 [ 378.004097] erofs: root inode @ nid 36 [ 378.010278] erofs: options -> [ 378.016306] erofs: root inode @ nid 36 [ 378.022221] erofs: mounted on /dev/loop2 with opts: . [ 378.027449] erofs: root inode @ nid 36 [ 378.027638] erofs: mounted on /dev/loop1 with opts: . [ 378.033074] FAULT_INJECTION: forcing a failure. [ 378.033074] name failslab, interval 1, probability 0, space 0, times 0 [ 378.041472] erofs: unmounted for /dev/loop1 [ 378.050887] erofs: unmounted for /dev/loop2 [ 378.079904] CPU: 0 PID: 22727 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 378.087812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.097174] Call Trace: [ 378.099776] dump_stack+0x1fc/0x2ef [ 378.103444] should_fail.cold+0xa/0xf [ 378.107282] ? setup_fault_attr+0x200/0x200 [ 378.111618] ? lock_acquire+0x170/0x3c0 [ 378.115609] __should_failslab+0x115/0x180 [ 378.119840] should_failslab+0x5/0x10 [ 378.123633] kmem_cache_alloc+0x277/0x370 [ 378.127774] __d_alloc+0x2b/0xa10 [ 378.131222] d_make_root+0x3e/0x90 [ 378.134750] erofs_fill_super+0x102f/0x12cc [ 378.139066] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 378.144333] ? vsprintf+0x30/0x30 [ 378.147778] ? wait_for_completion_io+0x10/0x10 [ 378.152437] ? set_blocksize+0x163/0x3f0 [ 378.156493] mount_bdev+0x2fc/0x3b0 [ 378.160111] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 378.165381] erofs_mount+0x8c/0xc0 [ 378.168914] ? erofs_kill_sb+0x20/0x20 [ 378.172797] ? alloc_pages_current+0x19b/0x2a0 [ 378.177370] ? __lockdep_init_map+0x100/0x5a0 [ 378.181855] mount_fs+0xa3/0x310 [ 378.185216] vfs_kern_mount.part.0+0x68/0x470 [ 378.189705] do_mount+0x115c/0x2f50 [ 378.193325] ? cmp_ex_sort+0xc0/0xc0 [ 378.197040] ? __do_page_fault+0x180/0xd60 [ 378.201275] ? copy_mount_string+0x40/0x40 [ 378.205508] ? memset+0x20/0x40 [ 378.208782] ? copy_mount_options+0x26f/0x380 [ 378.213278] ksys_mount+0xcf/0x130 [ 378.216812] __x64_sys_mount+0xba/0x150 [ 378.220780] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 378.225353] do_syscall_64+0xf9/0x620 [ 378.229151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 378.234331] RIP: 0033:0x7f7be320463a [ 378.238035] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 378.256933] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 378.264657] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 378.272007] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 23:46:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) sched_getscheduler(0x0) (async, rerun: 64) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async, rerun: 32) pipe2(0x0, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) 23:46:33 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e220000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400", 0xa, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 378.279283] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 378.286541] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 378.293807] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 23:46:33 executing program 2: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c041", 0x6, 0x480}, {&(0x7f0000010900), 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) 23:46:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) sched_getscheduler(0x0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sched_setparam(0x0, 0x0) (async) ptrace(0x10, r0) (async) sched_getscheduler(0x0) (async) ptrace$setopts(0x4200, r0, 0x0, 0x200000) (async) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) (async) symlinkat(0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) (async) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) (async) pipe2(0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) (async) [ 378.339318] erofs: read_super, device -> /dev/loop3 [ 378.344368] erofs: options -> [ 378.371949] ------------[ cut here ]------------ [ 378.376740] kernel BUG at fs/inode.c:1571! [ 378.384896] erofs: root inode @ nid 36 [ 378.392510] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 378.397916] CPU: 0 PID: 22727 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 [ 378.401101] erofs: mounted on /dev/loop3 with opts: . [ 378.405801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.405819] RIP: 0010:iput+0x727/0x860 [ 378.405832] Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 84 18 fd ff ff 48 8b 3c 24 e8 33 d9 ee ff e9 0a fd ff ff e8 39 fc b8 ff <0f> 0b e8 32 fc b8 ff 48 89 ef e8 1a f7 ff ff 4c 89 f7 e8 b2 c6 6f [ 378.405838] RSP: 0018:ffff88804ebffa80 EFLAGS: 00010246 [ 378.405854] RAX: 0000000000040000 RBX: 0000000000000040 RCX: ffffc90006122000 [ 378.411594] erofs: unmounted for /dev/loop3 [ 378.420390] RDX: 0000000000040000 RSI: ffffffff81a98937 RDI: 0000000000000007 [ 378.420397] RBP: ffff888054916700 R08: 0000000000000000 R09: 0000000000000000 [ 378.420404] R10: 0000000000000007 R11: 0000000000000000 R12: ffff8880a8e690c0 [ 378.420411] R13: ffff888054916700 R14: 0000000000000000 R15: 00000000fffffff4 [ 378.420420] FS: 00007f7be1b78700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 378.420427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 378.420433] CR2: 0000555557336848 CR3: 000000004ea9e000 CR4: 00000000003406f0 [ 378.420443] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 378.420454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 378.525334] Call Trace: [ 378.527949] erofs_fill_super+0x1205/0x12cc [ 378.532388] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 378.537737] ? vsprintf+0x30/0x30 [ 378.541273] ? wait_for_completion_io+0x10/0x10 [ 378.545921] ? set_blocksize+0x163/0x3f0 [ 378.549967] mount_bdev+0x2fc/0x3b0 [ 378.553577] ? gb_gbphy_register_driver.cold+0x39/0x39 [ 378.558848] erofs_mount+0x8c/0xc0 [ 378.562369] ? erofs_kill_sb+0x20/0x20 [ 378.566238] ? alloc_pages_current+0x19b/0x2a0 [ 378.570803] ? __lockdep_init_map+0x100/0x5a0 [ 378.575297] mount_fs+0xa3/0x310 [ 378.578655] vfs_kern_mount.part.0+0x68/0x470 [ 378.583142] do_mount+0x115c/0x2f50 [ 378.586755] ? cmp_ex_sort+0xc0/0xc0 [ 378.590467] ? __do_page_fault+0x180/0xd60 [ 378.594722] ? copy_mount_string+0x40/0x40 [ 378.598962] ? memset+0x20/0x40 [ 378.602328] ? copy_mount_options+0x26f/0x380 [ 378.606804] ksys_mount+0xcf/0x130 [ 378.610330] __x64_sys_mount+0xba/0x150 [ 378.614290] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 378.618854] do_syscall_64+0xf9/0x620 [ 378.622641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 378.627811] RIP: 0033:0x7f7be320463a [ 378.631507] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 378.650471] RSP: 002b:00007f7be1b77f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 378.658257] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7be320463a [ 378.665516] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7be1b77fe0 [ 378.672773] RBP: 00007f7be1b78020 R08: 00007f7be1b78020 R09: 0000000020000000 [ 378.680033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 378.687287] R13: 0000000020000100 R14: 00007f7be1b77fe0 R15: 0000000020010a00 [ 378.694551] Modules linked in: [ 378.703045] ---[ end trace 27c13c66866fa828 ]--- [ 378.711927] RIP: 0010:iput+0x727/0x860 [ 378.722957] Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 84 18 fd ff ff 48 8b 3c 24 e8 33 d9 ee ff e9 0a fd ff ff e8 39 fc b8 ff <0f> 0b e8 32 fc b8 ff 48 89 ef e8 1a f7 ff ff 4c 89 f7 e8 b2 c6 6f [ 378.747341] RSP: 0018:ffff88804ebffa80 EFLAGS: 00010246 [ 378.752844] RAX: 0000000000040000 RBX: 0000000000000040 RCX: ffffc90006122000 [ 378.761266] RDX: 0000000000040000 RSI: ffffffff81a98937 RDI: 0000000000000007 [ 378.770238] RBP: ffff888054916700 R08: 0000000000000000 R09: 0000000000000000 [ 378.777538] R10: 0000000000000007 R11: 0000000000000000 R12: ffff8880a8e690c0 [ 378.786919] R13: ffff888054916700 R14: 0000000000000000 R15: 00000000fffffff4 [ 378.792938] erofs: read_super, device -> /dev/loop4 [ 378.795170] FS: 00007f7be1b78700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 378.808122] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 378.812563] erofs: options -> [ 378.815095] CR2: 00007fdf62ebe9d0 CR3: 000000004ea9e000 CR4: 00000000003406f0 [ 378.825100] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 378.836931] erofs: read_super, device -> /dev/loop1 23:46:33 executing program 3: open(&(0x7f0000000140)='./file0\x00', 0xea842, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xedc000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="e2e1f5e006c0ed9e010000000c0024", 0xf, 0x400}, {&(0x7f0000010100)="05000000c04100007400000000000000ffffffff000000005cf9000053", 0x1d, 0x480}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000010a00)) [ 378.845065] erofs: options -> [ 378.848000] erofs: read_super, device -> /dev/loop2 [ 378.857933] erofs: options -> [ 378.867028] erofs: root inode @ nid 36 [ 378.867932] erofs: root inode @ nid 36 [ 378.882996] erofs: root inode @ nid 36 23:46:33 executing program 0: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setparam(0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x200000) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x20000000d67) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f00000000c0)=0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000280)={{}, r2, 0x8, @unused=[0x0, 0x7, 0x6, 0x4], @devid}) symlinkat(0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x1b3) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) pipe2(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat(0xffffffffffffffff, 0x0, 0x60800, 0x82) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x6, 0x78, 0x0, 0x0, 0x0, 0x1f, 0x900, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, @perf_bp={&(0x7f0000000000), 0xd}, 0x21000, 0x7fffffffffffffff, 0xffffffff, 0x5, 0x3f, 0x9, 0x4, 0x0, 0x5, 0x0, 0xffffffffffff7fff}, r0, 0x13, r4, 0x8) [ 378.899535] erofs: mounted on /dev/loop4 with opts: . [ 378.910124] erofs: mounted on /dev/loop1 with opts: . [ 378.916963] erofs: mounted on /dev/loop2 with opts: . [ 378.919262] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 378.934091] erofs: unmounted for /dev/loop1 [ 378.948154] Kernel panic - not syncing: Fatal exception [ 378.950736] erofs: unmounted for /dev/loop2 [ 378.953702] Kernel Offset: disabled [ 378.961619] Rebooting in 86400 seconds..