@ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 16:54:10 executing program 4: socketpair$unix(0x1, 0x1, 0x0, 0x0) dup(0xffffffffffffffff) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:10 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000007000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x7, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 697.957713][ T4381] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 697.994886][ T4377] BTRFS error (device loop4): superblock checksum mismatch 16:54:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) [ 698.010285][ T4369] EXT4-fs (loop0): unsupported inode size: 0 [ 698.042141][ T4381] device gre1 entered promiscuous mode 16:54:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x8, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:11 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400002d000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:11 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 698.139250][ T4377] BTRFS error (device loop4): open_ctree failed 16:54:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) [ 698.386831][ T4401] EXT4-fs (loop0): unsupported inode size: 0 [ 698.741538][ T4419] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 698.754336][ T4419] device gre1 entered promiscuous mode 16:54:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625020b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:12 executing program 4: socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:54:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:12 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x9, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:12 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019440000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 699.094722][ T4434] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 699.108744][ T4434] device gre1 entered promiscuous mode 16:54:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) [ 699.150103][ T4427] BTRFS error (device loop4): superblock checksum mismatch [ 699.176717][ T4430] EXT4-fs (loop0): unsupported inode size: 0 16:54:12 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019020300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:12 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xa, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 699.319855][ T4427] BTRFS error (device loop4): open_ctree failed 16:54:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) [ 699.452789][ T4448] EXT4-fs (loop0): unsupported inode size: 0 16:54:12 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 699.648691][ T4464] BTRFS error (device loop4): superblock checksum mismatch [ 699.730724][ T4464] BTRFS error (device loop4): open_ctree failed [ 699.782297][ T4434] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 699.795385][ T4434] device gre1 entered promiscuous mode 16:54:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625030b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:13 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019030300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:54:13 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xb, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:13 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:54:13 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 700.235789][ T4495] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 700.273178][ T4495] device gre1 entered promiscuous mode [ 700.339876][ T4488] EXT4-fs (loop0): unsupported inode size: 0 16:54:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:54:13 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 700.947202][ T4532] validate_nla: 10 callbacks suppressed [ 700.947210][ T4532] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 700.961910][ T4532] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 700.970059][ T4532] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 700.982924][ T4532] device gre1 entered promiscuous mode 16:54:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625040b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019040300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:14 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:14 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:54:14 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xd, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 701.342292][ T4547] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 701.362848][ T4547] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 701.371972][ T4547] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 701.385796][ T4547] device gre1 entered promiscuous mode 16:54:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 701.406466][ T4542] EXT4-fs (loop0): unsupported inode size: 0 16:54:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019050300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:14 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:54:14 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:14 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 701.813415][ T4562] EXT4-fs (loop0): unsupported inode size: 0 [ 702.042951][ T4588] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 702.051306][ T4588] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 702.059665][ T4588] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 702.072167][ T4588] device gre1 entered promiscuous mode 16:54:15 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:15 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:54:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:15 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019060300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625050b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:15 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x10, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:15 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 702.570008][ T4607] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:54:15 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) [ 702.627726][ T4607] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 702.649217][ T4599] EXT4-fs (loop0): unsupported inode size: 0 16:54:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:15 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x11, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 702.684512][ T4607] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 702.721813][ T4607] device gre1 entered promiscuous mode 16:54:15 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 16:54:15 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019070300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:15 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:54:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:16 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) [ 703.148071][ T4639] EXT4-fs (loop0): unsupported inode size: 0 [ 703.365622][ T4664] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 703.375618][ T4664] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 703.384945][ T4664] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 703.396527][ T4664] device gre1 entered promiscuous mode 16:54:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625060b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x12, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:54:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019080300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:16 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 16:54:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 703.747405][ T4679] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) [ 703.795572][ T4679] device gre1 entered promiscuous mode 16:54:16 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) [ 703.846914][ T4678] EXT4-fs (loop0): unsupported inode size: 0 16:54:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x25, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) [ 704.483839][ T4718] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 704.495555][ T4718] device gre1 entered promiscuous mode 16:54:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625080b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:17 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019090300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:17 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 16:54:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:17 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:17 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x5c, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 704.873392][ T4733] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 704.915120][ T4733] device gre1 entered promiscuous mode 16:54:18 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) [ 705.056081][ T4730] EXT4-fs (loop0): unsupported inode size: 0 16:54:18 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x300, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:18 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000190a0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 705.374341][ T4762] EXT4-fs (loop0): unsupported inode size: 0 [ 705.506656][ T4772] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 705.520337][ T4772] device gre1 entered promiscuous mode 16:54:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625090b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:54:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:18 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:18 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000190b0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:18 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x500, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:54:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 705.959637][ T4781] EXT4-fs (loop0): unsupported inode size: 0 [ 705.966450][ T4789] validate_nla: 8 callbacks suppressed [ 705.966457][ T4789] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 705.993950][ T4789] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 706.006854][ T4789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 706.020858][ T4789] device gre1 entered promiscuous mode 16:54:19 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:54:19 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000190c0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:19 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x600, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 706.370237][ T4810] EXT4-fs (loop0): unsupported inode size: 0 [ 706.563081][ T4825] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 706.571428][ T4825] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 706.579645][ T4825] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 706.591970][ T4825] device gre1 entered promiscuous mode 16:54:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e6250a0b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:19 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:54:19 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:54:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:19 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000190d0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:19 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x700, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 706.982242][ T4840] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 706.995936][ T4840] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 707.004594][ T4840] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:20 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) [ 707.032357][ T4840] device gre1 entered promiscuous mode [ 707.059286][ T4834] EXT4-fs (loop0): unsupported inode size: 0 16:54:20 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:54:20 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000190e0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:20 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x900, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 707.393962][ T4862] EXT4-fs (loop0): unsupported inode size: 0 [ 707.780277][ T4877] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 707.788651][ T4877] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 707.797020][ T4877] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 707.808564][ T4877] device gre1 entered promiscuous mode 16:54:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e6250b0b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:54:21 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:21 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019100300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:21 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xa00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 708.232775][ T4894] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 708.241572][ T4894] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 708.249731][ T4894] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 708.263063][ T4894] device gre1 entered promiscuous mode 16:54:21 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xb00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 708.388984][ T4887] EXT4-fs (loop0): unsupported inode size: 0 16:54:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:54:21 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:21 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019110300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 708.590871][ T4916] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 708.626956][ T4916] device gre1 entered promiscuous mode [ 708.749180][ T4920] EXT4-fs (loop0): unsupported inode size: 0 16:54:22 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e6250c0b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:54:22 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:22 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019120300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 709.235620][ T4946] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 709.255228][ T4946] device gre1 entered promiscuous mode 16:54:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) [ 709.293621][ T4947] EXT4-fs (loop0): unsupported inode size: 0 16:54:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:54:22 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019250300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:22 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xd00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:54:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) [ 709.688167][ T4967] EXT4-fs (loop0): unsupported inode size: 0 [ 709.742995][ T4982] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 709.755374][ T4982] device gre1 entered promiscuous mode 16:54:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625100b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:23 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000192d0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:23 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:23 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:54:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:54:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 710.229322][ T5009] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 710.242123][ T5009] device gre1 entered promiscuous mode 16:54:23 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) [ 710.270776][ T4999] EXT4-fs (loop0): unsupported inode size: 0 16:54:23 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1020, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:23 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019480300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 710.572627][ T5029] EXT4-fs (loop0): unsupported inode size: 0 16:54:23 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000194c0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:23 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1100, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 710.836608][ T5042] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 710.863134][ T5042] device gre1 entered promiscuous mode [ 710.878588][ T5037] EXT4-fs (loop0): unsupported inode size: 0 16:54:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625110b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:24 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:54:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:24 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000195c0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:24 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1200, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 711.273314][ T5064] validate_nla: 10 callbacks suppressed [ 711.273320][ T5064] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 711.299136][ T5064] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 711.327746][ T5064] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 711.347460][ T5058] EXT4-fs (loop0): unsupported inode size: 0 16:54:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) [ 711.385180][ T5064] device gre1 entered promiscuous mode 16:54:24 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019600300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:24 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:24 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:54:24 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019680300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 711.735758][ T5086] EXT4-fs (loop0): unsupported inode size: 0 [ 711.966865][ T5105] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 711.989912][ T5105] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 712.024394][ T5105] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 712.038746][ T5104] EXT4-fs (loop0): unsupported inode size: 0 [ 712.062740][ T5105] device gre1 entered promiscuous mode 16:54:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625120b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:25 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2010, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:54:25 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000001280)='/dev/bus/usb/00#/00#\x00', 0x200, 0x802) getpgrp(0x0) memfd_create(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) dup2(0xffffffffffffffff, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045505, &(0x7f0000000100)) 16:54:25 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:25 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000196c0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:25 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 712.448376][ T5121] usb usb2: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 16:54:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) [ 712.553471][ T5129] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 712.562177][ T5128] usb usb2: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 [ 712.577319][ T5122] EXT4-fs (loop0): unsupported inode size: 0 16:54:25 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) [ 712.598689][ T5129] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 16:54:25 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019740300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:25 executing program 3: getpid() syz_open_dev$sndpcmc(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000001a00)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x4, [0x4d0], [0x3a]}) 16:54:25 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2500, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 712.671989][ T5129] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 712.702233][ T5129] device gre1 entered promiscuous mode [ 712.955123][ T5152] EXT4-fs (loop0): unsupported inode size: 0 [ 713.233934][ T5166] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 713.242468][ T5166] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 713.251908][ T5166] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 713.263549][ T5166] device gre1 entered promiscuous mode 16:54:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625140b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x4, [0xe1, 0x0, 0x40000081], [0x3a]}) 16:54:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f00000000c0)=0x8, 0x4) 16:54:26 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000197a0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:26 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x3f00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f00000000c0)=0x8, 0x4) 16:54:26 executing program 3: getpid() syz_open_dev$sndpcmc(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x4, [0x4d0], [0x3a]}) [ 713.642631][ T5183] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 713.657770][ T5183] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 713.678783][ T5183] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 713.726088][ T5176] EXT4-fs (loop0): unsupported inode size: 0 [ 713.733975][ T5183] device gre1 entered promiscuous mode 16:54:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:26 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x4000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:26 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000197d0300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:27 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000000c0)={'mangle\x00'}, &(0x7f0000000140)=0x54) [ 714.182293][ T5213] EXT4-fs (loop0): unsupported inode size: 0 [ 714.440861][ T5225] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 714.453555][ T5225] device gre1 entered promiscuous mode 16:54:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625250b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f00000000c0)=0x8, 0x4) 16:54:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:54:27 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x5c00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:27 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000500e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:27 executing program 3: getpid() sched_setscheduler(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x420000, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x4, [0x4d0], [0x3a]}) [ 714.860615][ T5241] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, 0x0, 0x0) 16:54:27 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0x2, 0x300) readv(r3, &(0x7f0000000880)=[{&(0x7f0000000700)=""/126, 0x7e}], 0x1) tkill(r0, 0x1000000000016) 16:54:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) [ 714.926916][ T5241] device gre1 entered promiscuous mode [ 714.951315][ T5239] EXT4-fs (loop0): unsupported inode size: 0 16:54:28 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000600e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:28 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xedc0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) [ 715.293811][ T5265] EXT4-fs (loop0): unsupported inode size: 0 [ 715.565892][ T5284] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 715.584960][ T5284] device gre1 entered promiscuous mode [ 715.809120][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 715.814933][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 715.820911][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 715.826692][ C1] protocol 88fb is buggy, dev hsr_slave_1 16:54:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625640b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, 0x0, 0x0) 16:54:28 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000700e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:28 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfeffff, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:29 executing program 3: 16:54:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:29 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, 0x0, 0x0) 16:54:29 executing program 3: [ 716.040767][ T5295] EXT4-fs (loop0): unsupported inode size: 0 [ 716.043085][ T5299] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 716.078716][ T5299] device gre1 entered promiscuous mode 16:54:29 executing program 3: 16:54:29 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000900e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:29 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 716.401880][ T5319] EXT4-fs (loop0): unsupported inode size: 0 [ 716.623247][ T5334] validate_nla: 8 callbacks suppressed [ 716.623253][ T5334] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 716.637336][ T5334] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 716.645812][ T5334] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 716.657092][ T5334] device gre1 entered promiscuous mode 16:54:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625dc0b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0), 0x4) 16:54:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:54:30 executing program 3: 16:54:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000a00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:30 executing program 3: [ 717.109905][ T5348] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 717.120883][ T5348] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 717.134259][ T5348] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 717.175223][ T5344] EXT4-fs (loop0): unsupported inode size: 0 [ 717.180126][ T5348] device gre1 entered promiscuous mode 16:54:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000b00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0), 0x4) 16:54:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:54:30 executing program 3: 16:54:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x3000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 717.567643][ T5360] EXT4-fs (loop0): unsupported inode size: 0 [ 717.861648][ T5383] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 717.870967][ T5383] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 717.879297][ T5383] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 717.891968][ T5383] device gre1 entered promiscuous mode 16:54:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625011500fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:31 executing program 3: 16:54:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:54:31 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0), 0x4) 16:54:31 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000c00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:31 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x4000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:31 executing program 3: [ 718.274583][ T5397] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:54:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) [ 718.328847][ T5397] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 718.356011][ T5392] EXT4-fs (loop0): unsupported inode size: 0 16:54:31 executing program 1: 16:54:31 executing program 3: [ 718.406686][ T5397] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 718.422455][ T5397] device gre1 entered promiscuous mode 16:54:31 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000d00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:31 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x5000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 718.737391][ T5420] EXT4-fs (loop0): unsupported inode size: 0 [ 718.962029][ T5429] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 718.970593][ T5429] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 718.978865][ T5429] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 718.993288][ T5429] device gre1 entered promiscuous mode 16:54:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625019403fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:32 executing program 1: 16:54:32 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:32 executing program 3: 16:54:32 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000e00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:32 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x6000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:32 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, 0x0, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_genetlink_get_family_id$tipc(0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x4, [0x561, 0x0, 0x40000084], [0x3a]}) 16:54:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) lstat(0x0, &(0x7f0000000180)) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0), 0x1, 0x0, 0x0, 0x20000046}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r3, 0xaeb7, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 719.418278][ T5442] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 719.455452][ T5442] device gre1 entered promiscuous mode [ 719.470291][ T5440] EXT4-fs (loop0): unsupported inode size: 0 16:54:32 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:32 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000f00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:32 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x7000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:32 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 719.963383][ T5473] EXT4-fs (loop0): unsupported inode size: 0 [ 720.016416][ T5482] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 720.054216][ T5482] device gre1 entered promiscuous mode 16:54:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625019603fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:33 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x40a0, 0x0) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 16:54:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000060101b3f9aaeaf8fa00000000000000"], 0x14}}, 0x0) 16:54:33 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001100e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:33 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x8000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:33 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) lstat(0x0, &(0x7f0000000180)) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0), 0x1, 0x0, 0x0, 0x20000046}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r3, 0xaeb7, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:54:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:54:33 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) [ 720.596024][ T5506] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 720.627991][ T5506] device gre1 entered promiscuous mode [ 720.691581][ T5505] EXT4-fs (loop0): unsupported inode size: 0 16:54:33 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:54:33 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x9000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:33 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001200e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:33 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xb, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 721.134158][ T5540] EXT4-fs (loop0): unsupported inode size: 0 [ 721.364548][ T5551] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 721.376252][ T5551] device gre1 entered promiscuous mode 16:54:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e62501d003fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:34 executing program 3: socketpair$unix(0x1, 0x1, 0x0, 0x0) dup(0xffffffffffffffff) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200), 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x8, 0x4) 16:54:34 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xa000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:34 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001f00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:34 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhost-net\x00', 0x2, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) socket(0x1e, 0x4, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000040)) clock_gettime(0x6, &(0x7f0000000500)={0x0, 0x0}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0)='SEG6\x00') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 721.730683][ T5564] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 721.731115][ T5557] BTRFS error (device loop3): superblock checksum mismatch [ 721.773866][ T5566] validate_nla: 8 callbacks suppressed [ 721.773873][ T5566] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 721.788231][ T5566] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 721.802665][ T5566] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:34 executing program 4: openat$vnet(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhost-net\x00', 0x2, 0x0) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) socket(0x1e, 0x4, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) clock_gettime(0x6, &(0x7f0000000500)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0)='SEG6\x00') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 721.844257][ T5566] device gre1 entered promiscuous mode [ 721.845397][ T5565] EXT4-fs (loop0): unsupported inode size: 0 [ 721.850118][ T5557] BTRFS error (device loop3): open_ctree failed 16:54:34 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019002000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:35 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xb000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:35 executing program 3: openat$vnet(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhost-net\x00', 0x2, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) socket(0x1e, 0x4, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000040)) clock_gettime(0x6, &(0x7f0000000500)={0x0, 0x0}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 16:54:35 executing program 4: openat$vnet(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhost-net\x00', 0x2, 0x0) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) socket(0x1e, 0x4, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) clock_gettime(0x6, &(0x7f0000000500)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0)='SEG6\x00') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 722.109306][ T5580] BTRFS error (device loop1): superblock checksum mismatch [ 722.189177][ T5580] BTRFS error (device loop1): open_ctree failed [ 722.369389][ T5584] EXT4-fs (loop0): unsupported inode size: 0 [ 722.562878][ T5603] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 722.571624][ T5603] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 722.580747][ T5603] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 722.593516][ T5603] device gre1 entered promiscuous mode 16:54:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b02fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:35 executing program 3: openat$vnet(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhost-net\x00', 0x2, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) socket(0x1e, 0x4, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000040)) clock_gettime(0x6, &(0x7f0000000500)={0x0, 0x0}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 16:54:35 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) r12 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r12, &(0x7f0000005780), 0x4000000000000d2, 0x0) fcntl$setflags(r12, 0x2, 0x0) 16:54:35 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019002300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:35 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 722.998984][ T5614] BTRFS error (device loop1): superblock checksum mismatch [ 723.012953][ T5619] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 723.021316][ T26] audit: type=1804 audit(1574009676.033:66): pid=5615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1039/file0" dev="sda1" ino=17795 res=1 16:54:36 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) r12 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r12, &(0x7f0000005780), 0x4000000000000d2, 0x0) fcntl$setflags(r12, 0x2, 0x0) [ 723.059118][ T5619] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 723.067434][ T5619] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 723.086920][ T5613] EXT4-fs (loop0): unsupported inode size: 0 [ 723.089266][ T5614] BTRFS error (device loop1): open_ctree failed 16:54:36 executing program 3 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 723.117513][ T5619] device gre1 entered promiscuous mode 16:54:36 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019002d00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:36 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xd000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 723.298854][ T5626] FAULT_INJECTION: forcing a failure. [ 723.298854][ T5626] name failslab, interval 1, probability 0, space 0, times 0 16:54:36 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 723.382473][ T5626] CPU: 0 PID: 5626 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 723.390334][ T5626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.400421][ T5626] Call Trace: [ 723.403730][ T5626] dump_stack+0x1fb/0x318 [ 723.408128][ T5626] should_fail+0x555/0x770 [ 723.412583][ T5626] __should_failslab+0x11a/0x160 [ 723.417532][ T5626] ? __se_sys_memfd_create+0x10a/0x4b0 [ 723.423002][ T5626] should_failslab+0x9/0x20 [ 723.427513][ T5626] __kmalloc+0x7a/0x340 [ 723.431680][ T5626] __se_sys_memfd_create+0x10a/0x4b0 [ 723.436966][ T5626] ? do_syscall_64+0x1d/0x1c0 [ 723.441642][ T5626] __x64_sys_memfd_create+0x5b/0x70 [ 723.446831][ T5626] do_syscall_64+0xf7/0x1c0 [ 723.451323][ T5626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.451333][ T5626] RIP: 0033:0x45a639 [ 723.451342][ T5626] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:54:36 executing program 3 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 723.451347][ T5626] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 723.451355][ T5626] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 723.451360][ T5626] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 723.451364][ T5626] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 723.451369][ T5626] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 [ 723.451374][ T5626] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 723.451603][ T26] audit: type=1804 audit(1574009676.413:67): pid=5631 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1040/file0" dev="sda1" ino=18333 res=1 [ 723.624801][ T5640] BTRFS error (device loop1): superblock checksum mismatch [ 723.630279][ T5646] FAULT_INJECTION: forcing a failure. [ 723.630279][ T5646] name failslab, interval 1, probability 0, space 0, times 0 [ 723.636317][ T5634] EXT4-fs (loop0): unsupported inode size: 0 [ 723.669383][ T5646] CPU: 0 PID: 5646 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 723.677231][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.677243][ T5646] Call Trace: [ 723.690601][ T5646] dump_stack+0x1fb/0x318 [ 723.694941][ T5646] should_fail+0x555/0x770 [ 723.699371][ T5646] __should_failslab+0x11a/0x160 [ 723.704332][ T5646] ? shmem_alloc_inode+0x1b/0x40 [ 723.709277][ T5646] should_failslab+0x9/0x20 [ 723.713789][ T5646] kmem_cache_alloc+0x56/0x2e0 [ 723.718562][ T5646] ? shmem_match+0x180/0x180 [ 723.723333][ T5646] shmem_alloc_inode+0x1b/0x40 [ 723.723342][ T5646] ? shmem_match+0x180/0x180 [ 723.723352][ T5646] new_inode_pseudo+0x68/0x240 [ 723.723363][ T5646] new_inode+0x28/0x1c0 [ 723.723376][ T5646] shmem_get_inode+0x108/0x6e0 [ 723.723392][ T5646] __shmem_file_setup+0x129/0x280 [ 723.723407][ T5646] shmem_file_setup+0x2f/0x40 [ 723.723419][ T5646] __se_sys_memfd_create+0x28e/0x4b0 [ 723.723431][ T5646] ? do_syscall_64+0x1d/0x1c0 [ 723.723444][ T5646] __x64_sys_memfd_create+0x5b/0x70 [ 723.723454][ T5646] do_syscall_64+0xf7/0x1c0 [ 723.723467][ T5646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.723476][ T5646] RIP: 0033:0x45a639 [ 723.723485][ T5646] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 723.723490][ T5646] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 723.723499][ T5646] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 723.723504][ T5646] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 723.723510][ T5646] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 723.723520][ T5646] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 [ 723.847920][ T5646] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 723.849854][ T5652] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 723.857635][ T5640] BTRFS error (device loop1): open_ctree failed [ 723.866068][ T5652] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 723.879651][ T5652] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 723.897273][ T5652] device gre1 entered promiscuous mode 16:54:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b03fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:37 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) r12 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r12, &(0x7f0000005780), 0x4000000000000d2, 0x0) fcntl$setflags(r12, 0x2, 0x0) 16:54:37 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019003f00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:37 executing program 3 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:37 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 724.371311][ T5667] FAULT_INJECTION: forcing a failure. [ 724.371311][ T5667] name failslab, interval 1, probability 0, space 0, times 0 [ 724.422291][ T5667] CPU: 1 PID: 5667 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 724.430146][ T5667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 724.440210][ T5667] Call Trace: [ 724.443505][ T5667] dump_stack+0x1fb/0x318 [ 724.447820][ T5667] should_fail+0x555/0x770 [ 724.452223][ T5667] __should_failslab+0x11a/0x160 [ 724.457208][ T5667] ? security_inode_alloc+0x36/0x1e0 [ 724.462485][ T5667] should_failslab+0x9/0x20 [ 724.466967][ T5667] kmem_cache_alloc+0x56/0x2e0 [ 724.471720][ T5667] ? rcu_read_lock_sched_held+0x10b/0x170 [ 724.477421][ T5667] security_inode_alloc+0x36/0x1e0 [ 724.482511][ T5667] inode_init_always+0x3b5/0x920 [ 724.487429][ T5667] ? shmem_match+0x180/0x180 [ 724.492001][ T5667] new_inode_pseudo+0x7f/0x240 [ 724.496743][ T5667] new_inode+0x28/0x1c0 [ 724.500896][ T5667] shmem_get_inode+0x108/0x6e0 [ 724.505648][ T5667] __shmem_file_setup+0x129/0x280 [ 724.510747][ T5667] shmem_file_setup+0x2f/0x40 [ 724.515498][ T5667] __se_sys_memfd_create+0x28e/0x4b0 [ 724.520766][ T5667] ? do_syscall_64+0x1d/0x1c0 [ 724.525425][ T5667] __x64_sys_memfd_create+0x5b/0x70 [ 724.530605][ T5667] do_syscall_64+0xf7/0x1c0 [ 724.535178][ T5667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 724.541049][ T5667] RIP: 0033:0x45a639 [ 724.544921][ T5667] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 724.564511][ T5667] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 724.572905][ T5667] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 724.580857][ T5667] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 724.588813][ T5667] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 724.596766][ T5667] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 [ 724.604721][ T5667] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 724.621489][ T5672] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 724.631736][ T26] audit: type=1804 audit(1574009677.653:68): pid=5666 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1041/file0" dev="sda1" ino=18361 res=1 [ 724.660520][ T5672] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 724.672652][ T5669] EXT4-fs (loop0): unsupported inode size: 0 16:54:37 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) r12 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r12, &(0x7f0000005780), 0x4000000000000d2, 0x0) 16:54:37 executing program 3 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 724.694893][ T5668] BTRFS error (device loop1): superblock checksum mismatch [ 724.695477][ T5672] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:37 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019004000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 724.750336][ T5672] device gre1 entered promiscuous mode [ 724.759744][ T5668] BTRFS error (device loop1): open_ctree failed 16:54:37 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x10000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 724.820764][ T26] audit: type=1804 audit(1574009677.843:69): pid=5680 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1042/file0" dev="sda1" ino=17801 res=1 [ 724.821479][ T5682] FAULT_INJECTION: forcing a failure. [ 724.821479][ T5682] name failslab, interval 1, probability 0, space 0, times 0 16:54:37 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) r12 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 725.006461][ T5682] CPU: 0 PID: 5682 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 725.014323][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.024476][ T5682] Call Trace: [ 725.027779][ T5682] dump_stack+0x1fb/0x318 [ 725.032145][ T5682] should_fail+0x555/0x770 [ 725.036582][ T5682] __should_failslab+0x11a/0x160 [ 725.041531][ T5682] ? __d_alloc+0x2d/0x6e0 [ 725.045871][ T5682] should_failslab+0x9/0x20 16:54:38 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 725.045922][ T26] audit: type=1804 audit(1574009678.023:70): pid=5693 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1043/file0" dev="sda1" ino=18366 res=1 [ 725.050382][ T5682] kmem_cache_alloc+0x56/0x2e0 [ 725.050395][ T5682] __d_alloc+0x2d/0x6e0 [ 725.050407][ T5682] ? lockdep_init_map+0x2a/0x680 [ 725.050419][ T5682] d_alloc_pseudo+0x1d/0x70 [ 725.050429][ T5682] alloc_file_pseudo+0xc3/0x260 [ 725.050447][ T5682] __shmem_file_setup+0x1a2/0x280 [ 725.050463][ T5682] shmem_file_setup+0x2f/0x40 [ 725.083103][ T5682] __se_sys_memfd_create+0x28e/0x4b0 [ 725.092520][ T5682] ? do_syscall_64+0x1d/0x1c0 [ 725.092532][ T5682] __x64_sys_memfd_create+0x5b/0x70 [ 725.092541][ T5682] do_syscall_64+0xf7/0x1c0 [ 725.092554][ T5682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.092562][ T5682] RIP: 0033:0x45a639 [ 725.092573][ T5682] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 725.122388][ T5682] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 725.122401][ T5682] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 725.122408][ T5682] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 725.122420][ T5682] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 725.122427][ T5682] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 [ 725.122432][ T5682] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 725.266628][ T5688] EXT4-fs (loop0): unsupported inode size: 0 [ 725.281928][ T5696] BTRFS error (device loop1): superblock checksum mismatch [ 725.294714][ T5700] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 725.308779][ T5700] device gre1 entered promiscuous mode [ 725.369269][ T5696] BTRFS error (device loop1): open_ctree failed 16:54:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b04fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:38 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) socket$inet6(0xa, 0x100800000000002, 0x0) 16:54:38 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:38 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x11000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:38 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019006400e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:38 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 725.664386][ T5716] FAULT_INJECTION: forcing a failure. [ 725.664386][ T5716] name failslab, interval 1, probability 0, space 0, times 0 [ 725.700862][ T26] audit: type=1804 audit(1574009678.723:71): pid=5717 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1044/file0" dev="sda1" ino=18335 res=1 [ 725.729885][ T5716] CPU: 0 PID: 5716 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 725.737783][ T5716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.738682][ T5724] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 725.748015][ T5716] Call Trace: [ 725.748039][ T5716] dump_stack+0x1fb/0x318 [ 725.748055][ T5716] should_fail+0x555/0x770 [ 725.748072][ T5716] __should_failslab+0x11a/0x160 [ 725.748082][ T5716] ? __alloc_file+0x2c/0x390 [ 725.748093][ T5716] should_failslab+0x9/0x20 [ 725.748101][ T5716] kmem_cache_alloc+0x56/0x2e0 [ 725.748113][ T5716] __alloc_file+0x2c/0x390 [ 725.748125][ T5716] alloc_empty_file+0xac/0x1b0 [ 725.748137][ T5716] alloc_file+0x60/0x4c0 [ 725.748152][ T5716] alloc_file_pseudo+0x1d4/0x260 [ 725.748169][ T5716] __shmem_file_setup+0x1a2/0x280 16:54:38 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r11, 0x227a, &(0x7f0000000100)) [ 725.748183][ T5716] shmem_file_setup+0x2f/0x40 [ 725.748194][ T5716] __se_sys_memfd_create+0x28e/0x4b0 [ 725.748203][ T5716] ? do_syscall_64+0x1d/0x1c0 [ 725.748218][ T5716] __x64_sys_memfd_create+0x5b/0x70 [ 725.763812][ T5725] 9pnet: Insufficient options for proto=fd [ 725.765117][ T5716] do_syscall_64+0xf7/0x1c0 [ 725.765138][ T5716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.774462][ T5716] RIP: 0033:0x45a639 [ 725.774475][ T5716] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 725.774481][ T5716] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 725.774490][ T5716] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 725.774500][ T5716] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 725.788486][ T5716] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 725.788493][ T5716] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 16:54:38 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 725.788499][ T5716] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 725.951184][ T5728] 9pnet: Insufficient options for proto=fd [ 725.953605][ T5718] EXT4-fs (loop0): unsupported inode size: 0 [ 725.969374][ T5724] device gre1 entered promiscuous mode [ 725.982939][ T5715] BTRFS error (device loop1): superblock checksum mismatch [ 725.990519][ T26] audit: type=1804 audit(1574009679.003:72): pid=5730 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1045/file0" dev="sda1" ino=16609 res=1 [ 726.022862][ T5734] FAULT_INJECTION: forcing a failure. [ 726.022862][ T5734] name failslab, interval 1, probability 0, space 0, times 0 [ 726.037312][ T5734] CPU: 0 PID: 5734 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 726.045143][ T5734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.055294][ T5734] Call Trace: [ 726.058599][ T5734] dump_stack+0x1fb/0x318 [ 726.062940][ T5734] should_fail+0x555/0x770 [ 726.067372][ T5734] __should_failslab+0x11a/0x160 [ 726.072317][ T5734] ? security_file_alloc+0x36/0x200 [ 726.077520][ T5734] should_failslab+0x9/0x20 [ 726.082022][ T5734] kmem_cache_alloc+0x56/0x2e0 [ 726.086787][ T5734] security_file_alloc+0x36/0x200 [ 726.091816][ T5734] __alloc_file+0xde/0x390 [ 726.096246][ T5734] alloc_empty_file+0xac/0x1b0 [ 726.101019][ T5734] alloc_file+0x60/0x4c0 [ 726.105295][ T5734] alloc_file_pseudo+0x1d4/0x260 [ 726.110251][ T5734] __shmem_file_setup+0x1a2/0x280 [ 726.115277][ T5734] shmem_file_setup+0x2f/0x40 [ 726.119950][ T5734] __se_sys_memfd_create+0x28e/0x4b0 [ 726.125231][ T5734] ? do_syscall_64+0x1d/0x1c0 [ 726.129906][ T5734] __x64_sys_memfd_create+0x5b/0x70 [ 726.135099][ T5734] do_syscall_64+0xf7/0x1c0 [ 726.139604][ T5734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.145487][ T5734] RIP: 0033:0x45a639 [ 726.149372][ T5734] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:54:39 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) 16:54:39 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 726.168973][ T5734] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 726.177386][ T5734] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 726.185388][ T5734] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 726.193354][ T5734] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 726.202189][ T5734] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7fc8f426d4 [ 726.210170][ T5734] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 16:54:39 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001903ac00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:39 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x12000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 726.269794][ T5715] BTRFS error (device loop1): open_ctree failed [ 726.294119][ T26] audit: type=1804 audit(1574009679.313:73): pid=5737 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1046/file0" dev="sda1" ino=16593 res=1 [ 726.353519][ T5740] FAULT_INJECTION: forcing a failure. [ 726.353519][ T5740] name failslab, interval 1, probability 0, space 0, times 0 [ 726.433301][ T5740] CPU: 0 PID: 5740 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 726.441180][ T5740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.451419][ T5740] Call Trace: [ 726.454725][ T5740] dump_stack+0x1fb/0x318 [ 726.459160][ T5740] should_fail+0x555/0x770 [ 726.463655][ T5740] __should_failslab+0x11a/0x160 [ 726.468719][ T5740] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 726.474540][ T5740] should_failslab+0x9/0x20 [ 726.479049][ T5740] __kmalloc+0x7a/0x340 [ 726.483205][ T5740] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 726.488923][ T5740] tomoyo_realpath_from_path+0xdc/0x7c0 [ 726.488941][ T5740] tomoyo_path_perm+0x192/0x850 [ 726.488976][ T5740] tomoyo_path_truncate+0x1c/0x20 [ 726.504383][ T5740] security_path_truncate+0xd5/0x150 [ 726.509679][ T5740] do_sys_ftruncate+0x493/0x710 [ 726.514533][ T5740] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 726.520246][ T5740] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 726.525707][ T5740] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 726.531602][ T5740] ? do_syscall_64+0x1d/0x1c0 [ 726.536269][ T5740] __x64_sys_ftruncate+0x60/0x70 [ 726.541216][ T5740] do_syscall_64+0xf7/0x1c0 [ 726.545725][ T5740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.551594][ T5740] RIP: 0033:0x45a607 [ 726.555470][ T5740] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 726.575055][ T5740] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 726.583460][ T5740] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a607 [ 726.591422][ T5740] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000004 [ 726.599373][ T5740] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 726.607411][ T5740] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 726.615362][ T5740] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 726.630599][ T5753] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 726.635491][ T5742] EXT4-fs (loop0): unsupported inode size: 0 [ 726.656097][ T5753] device gre1 entered promiscuous mode [ 726.658639][ T5740] ERROR: Out of memory at tomoyo_realpath_from_path. [ 726.728228][ T5740] BTRFS error (device loop3): superblock checksum mismatch [ 726.779161][ T5740] BTRFS error (device loop3): open_ctree failed 16:54:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b05fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:40 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:40 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001901b400e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:40 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x20000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:40 executing program 3 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 727.047204][ T5767] FAULT_INJECTION: forcing a failure. [ 727.047204][ T5767] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 727.060542][ T5767] CPU: 0 PID: 5767 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 727.068363][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 727.068369][ T5767] Call Trace: [ 727.068386][ T5767] dump_stack+0x1fb/0x318 [ 727.068408][ T5767] should_fail+0x555/0x770 [ 727.081961][ T5767] should_fail_alloc_page+0x55/0x60 [ 727.081971][ T5767] prepare_alloc_pages+0x283/0x460 [ 727.081984][ T5767] __alloc_pages_nodemask+0xb2/0x5d0 [ 727.082004][ T5767] kmem_getpages+0x4d/0xa00 [ 727.082015][ T5767] cache_grow_begin+0x7e/0x2c0 [ 727.082028][ T5767] cache_alloc_refill+0x311/0x3f0 [ 727.082043][ T5767] ? check_preemption_disabled+0xb7/0x2a0 [ 727.126967][ T5767] __kmalloc+0x318/0x340 [ 727.131203][ T5767] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 727.136903][ T5767] tomoyo_realpath_from_path+0xdc/0x7c0 [ 727.142434][ T5767] tomoyo_path_perm+0x192/0x850 [ 727.147294][ T5767] tomoyo_path_truncate+0x1c/0x20 [ 727.152298][ T5767] security_path_truncate+0xd5/0x150 [ 727.157561][ T5767] do_sys_ftruncate+0x493/0x710 [ 727.162415][ T5767] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 727.168128][ T5767] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 727.173567][ T5767] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 727.179274][ T5767] ? do_syscall_64+0x1d/0x1c0 [ 727.183951][ T5767] __x64_sys_ftruncate+0x60/0x70 [ 727.188874][ T5767] do_syscall_64+0xf7/0x1c0 [ 727.193363][ T5767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 727.199237][ T5767] RIP: 0033:0x45a607 [ 727.203132][ T5767] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 727.223432][ T5767] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 727.231835][ T5767] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a607 [ 727.239880][ T5767] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000004 [ 727.247838][ T5767] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 727.255893][ T5767] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 727.263867][ T5767] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 727.273014][ T26] audit: type=1804 audit(1574009680.083:74): pid=5763 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1047/file0" dev="sda1" ino=16962 res=1 16:54:40 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r10, 0x0) setresuid(r4, r10, r8) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 727.344319][ T5767] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop1 new:/dev/loop3 [ 727.359845][ T5775] validate_nla: 6 callbacks suppressed [ 727.359852][ T5775] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 727.387475][ T5775] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 727.403140][ T5772] EXT4-fs (loop0): unsupported inode size: 0 [ 727.427952][ T5769] BTRFS error (device loop1): superblock checksum mismatch 16:54:40 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r7, 0x0) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r9, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 727.435400][ T26] audit: type=1804 audit(1574009680.453:75): pid=5777 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1048/file0" dev="sda1" ino=17089 res=1 [ 727.453572][ T5775] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 727.474631][ T5775] device gre1 entered promiscuous mode 16:54:40 executing program 3 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:40 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001903bf00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:40 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r7, 0x0) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 727.539616][ T5769] BTRFS error (device loop1): open_ctree failed 16:54:40 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x20100000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 727.775575][ T5793] EXT4-fs (loop0): unsupported inode size: 0 [ 727.796117][ T5801] FAULT_INJECTION: forcing a failure. [ 727.796117][ T5801] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 727.815163][ T5801] CPU: 1 PID: 5801 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 727.823092][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 727.833213][ T5801] Call Trace: [ 727.836508][ T5801] dump_stack+0x1fb/0x318 [ 727.840829][ T5801] should_fail+0x555/0x770 [ 727.845454][ T5801] should_fail_alloc_page+0x55/0x60 [ 727.850646][ T5801] prepare_alloc_pages+0x283/0x460 [ 727.855880][ T5801] __alloc_pages_nodemask+0xb2/0x5d0 [ 727.861166][ T5801] alloc_pages_vma+0x4f7/0xd50 [ 727.865933][ T5801] shmem_alloc_and_acct_page+0x425/0xbb0 [ 727.871572][ T5801] shmem_getpage_gfp+0x2313/0x2a90 [ 727.876689][ T5801] shmem_write_begin+0xcb/0x1b0 [ 727.881528][ T5801] generic_perform_write+0x25d/0x4e0 [ 727.886827][ T5801] __generic_file_write_iter+0x235/0x500 [ 727.892445][ T5801] generic_file_write_iter+0x48e/0x630 [ 727.897889][ T5801] __vfs_write+0x5a1/0x740 [ 727.902487][ T5801] vfs_write+0x275/0x590 [ 727.906718][ T5801] __x64_sys_pwrite64+0x162/0x1d0 [ 727.911831][ T5801] do_syscall_64+0xf7/0x1c0 [ 727.916423][ T5801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 727.922342][ T5801] RIP: 0033:0x414437 [ 727.926228][ T5801] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 727.945821][ T5801] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 727.954222][ T5801] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 727.962190][ T5801] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000004 [ 727.970148][ T5801] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 727.978286][ T5801] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 727.986368][ T5801] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 728.133935][ T5810] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 728.142466][ T5810] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 728.151444][ T5810] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 728.173532][ T5810] device gre1 entered promiscuous mode 16:54:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b06fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:41 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r7, 0x0) socket(0x10, 0x2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:41 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001903c000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:41 executing program 3 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:41 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x25000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 728.552415][ T5824] FAULT_INJECTION: forcing a failure. [ 728.552415][ T5824] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 728.578854][ T5825] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 728.587806][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 728.587814][ T26] audit: type=1804 audit(1574009681.603:78): pid=5822 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1051/file0" dev="sda1" ino=17121 res=1 [ 728.588710][ T5824] CPU: 1 PID: 5824 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 728.607063][ T5825] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 728.617779][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.617786][ T5824] Call Trace: [ 728.617808][ T5824] dump_stack+0x1fb/0x318 [ 728.617825][ T5824] should_fail+0x555/0x770 [ 728.617841][ T5824] should_fail_alloc_page+0x55/0x60 [ 728.617849][ T5824] prepare_alloc_pages+0x283/0x460 [ 728.617862][ T5824] __alloc_pages_nodemask+0xb2/0x5d0 [ 728.617883][ T5824] alloc_pages_vma+0x4f7/0xd50 [ 728.617905][ T5824] shmem_alloc_and_acct_page+0x425/0xbb0 [ 728.625969][ T5825] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 728.633827][ T5824] shmem_getpage_gfp+0x2313/0x2a90 [ 728.633865][ T5824] shmem_write_begin+0xcb/0x1b0 [ 728.633879][ T5824] generic_perform_write+0x25d/0x4e0 [ 728.633899][ T5824] __generic_file_write_iter+0x235/0x500 [ 728.647227][ T5824] generic_file_write_iter+0x48e/0x630 [ 728.647251][ T5824] __vfs_write+0x5a1/0x740 [ 728.647277][ T5824] vfs_write+0x275/0x590 [ 728.647294][ T5824] __x64_sys_pwrite64+0x162/0x1d0 [ 728.656016][ T5824] do_syscall_64+0xf7/0x1c0 [ 728.656032][ T5824] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 728.656042][ T5824] RIP: 0033:0x414437 16:54:41 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r7, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 728.656052][ T5824] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 728.656058][ T5824] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 728.656071][ T5824] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 728.666334][ T5824] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000004 [ 728.666340][ T5824] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 728.666346][ T5824] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 728.666352][ T5824] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 728.800572][ T5820] BTRFS error (device loop1): superblock checksum mismatch [ 728.831032][ T5818] EXT4-fs (loop0): unsupported inode size: 0 16:54:41 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019ffe000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:41 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 728.856953][ T5825] device gre1 entered promiscuous mode [ 728.862099][ T26] audit: type=1804 audit(1574009681.873:79): pid=5833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1052/file0" dev="sda1" ino=17169 res=1 16:54:42 executing program 3 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:42 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x3f000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 728.999164][ T5820] BTRFS error (device loop1): open_ctree failed [ 729.031606][ T26] audit: type=1804 audit(1574009682.053:80): pid=5841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1053/file0" dev="sda1" ino=16802 res=1 [ 729.066882][ T5844] FAULT_INJECTION: forcing a failure. [ 729.066882][ T5844] name failslab, interval 1, probability 0, space 0, times 0 [ 729.079522][ T5844] CPU: 1 PID: 5844 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 729.079529][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.079534][ T5844] Call Trace: [ 729.079551][ T5844] dump_stack+0x1fb/0x318 [ 729.079570][ T5844] should_fail+0x555/0x770 [ 729.079586][ T5844] __should_failslab+0x11a/0x160 [ 729.079597][ T5844] ? xas_create+0x1197/0x1910 [ 729.079606][ T5844] should_failslab+0x9/0x20 [ 729.079619][ T5844] kmem_cache_alloc+0x56/0x2e0 [ 729.097491][ T5844] xas_create+0x1197/0x1910 [ 729.132864][ T5844] xas_create_range+0x142/0x700 [ 729.137723][ T5844] shmem_add_to_page_cache+0x91e/0x1290 [ 729.143307][ T5844] shmem_getpage_gfp+0x121e/0x2a90 [ 729.148437][ T5844] shmem_write_begin+0xcb/0x1b0 [ 729.153288][ T5844] generic_perform_write+0x25d/0x4e0 [ 729.158584][ T5844] __generic_file_write_iter+0x235/0x500 [ 729.164220][ T5844] generic_file_write_iter+0x48e/0x630 [ 729.169700][ T5844] __vfs_write+0x5a1/0x740 [ 729.174126][ T5844] vfs_write+0x275/0x590 [ 729.178367][ T5844] __x64_sys_pwrite64+0x162/0x1d0 [ 729.183394][ T5844] do_syscall_64+0xf7/0x1c0 [ 729.187892][ T5844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.193788][ T5844] RIP: 0033:0x414437 16:54:42 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) socket(0x10, 0x2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 729.197674][ T5844] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 729.217398][ T5844] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 729.225896][ T5844] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 729.225902][ T5844] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000004 [ 729.225908][ T5844] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 729.225919][ T5844] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 729.225924][ T5844] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 729.292023][ T5842] EXT4-fs (loop0): unsupported inode size: 0 [ 729.332756][ T5844] BTRFS error (device loop3): superblock checksum mismatch [ 729.371107][ T5856] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 729.376682][ T26] audit: type=1804 audit(1574009682.393:81): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1054/file0" dev="sda1" ino=17249 res=1 [ 729.403285][ T5856] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 729.412133][ T5844] BTRFS error (device loop3): open_ctree failed [ 729.433722][ T5856] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 729.468841][ T5856] device gre1 entered promiscuous mode 16:54:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b07fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:42 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="8000000038040000197fff00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:42 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:42 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x40000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:42 executing program 3 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 729.830701][ T5869] FAULT_INJECTION: forcing a failure. [ 729.830701][ T5869] name failslab, interval 1, probability 0, space 0, times 0 [ 729.880827][ T5874] BTRFS error (device loop1): superblock checksum mismatch [ 729.895207][ T26] audit: type=1804 audit(1574009682.913:82): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1055/file0" dev="sda1" ino=17186 res=1 [ 729.896023][ T5869] CPU: 1 PID: 5869 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 729.926878][ T5869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.928713][ T5879] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 729.936954][ T5869] Call Trace: [ 729.936977][ T5869] dump_stack+0x1fb/0x318 [ 729.936992][ T5869] should_fail+0x555/0x770 [ 729.937008][ T5869] __should_failslab+0x11a/0x160 [ 729.937019][ T5869] ? __alloc_file+0x2c/0x390 [ 729.937027][ T5869] should_failslab+0x9/0x20 [ 729.937035][ T5869] kmem_cache_alloc+0x56/0x2e0 [ 729.937045][ T5869] __alloc_file+0x2c/0x390 [ 729.937056][ T5869] alloc_empty_file+0xac/0x1b0 [ 729.937070][ T5869] path_openat+0x9e/0x4420 [ 729.945422][ T5879] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 729.948515][ T5869] ? __kasan_kmalloc+0x178/0x1b0 [ 729.948532][ T5869] ? __lock_acquire+0xc75/0x1be0 [ 729.948553][ T5869] ? __kasan_check_write+0x14/0x20 [ 729.948578][ T5869] do_filp_open+0x192/0x3d0 [ 729.953057][ T5879] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:43 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 729.957311][ T5869] ? _raw_spin_unlock+0x2c/0x50 [ 729.957338][ T5869] do_sys_open+0x29f/0x560 [ 729.957353][ T5869] __x64_sys_open+0x87/0x90 [ 729.966857][ T5869] do_syscall_64+0xf7/0x1c0 [ 729.966873][ T5869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.966883][ T5869] RIP: 0033:0x4143d1 [ 729.966893][ T5869] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 729.966898][ T5869] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 729.976220][ T5869] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 729.976227][ T5869] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 729.976232][ T5869] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 729.976237][ T5869] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 729.976242][ T5869] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 730.108929][ T5873] EXT4-fs (loop0): unsupported inode size: 0 16:54:43 executing program 3 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 730.159219][ T5874] BTRFS error (device loop1): open_ctree failed [ 730.164936][ T26] audit: type=1804 audit(1574009683.183:83): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1056/file0" dev="sda1" ino=17265 res=1 [ 730.194711][ T5879] device gre1 entered promiscuous mode 16:54:43 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 730.233576][ T5888] FAULT_INJECTION: forcing a failure. [ 730.233576][ T5888] name failslab, interval 1, probability 0, space 0, times 0 [ 730.273472][ T5888] CPU: 1 PID: 5888 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 16:54:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 730.281349][ T5888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.291510][ T5888] Call Trace: [ 730.294834][ T5888] dump_stack+0x1fb/0x318 [ 730.299186][ T5888] should_fail+0x555/0x770 [ 730.303623][ T5888] __should_failslab+0x11a/0x160 [ 730.308569][ T5888] ? security_file_alloc+0x36/0x200 [ 730.313795][ T5888] should_failslab+0x9/0x20 [ 730.318305][ T5888] kmem_cache_alloc+0x56/0x2e0 [ 730.323079][ T5888] security_file_alloc+0x36/0x200 [ 730.328125][ T5888] __alloc_file+0xde/0x390 [ 730.332556][ T5888] alloc_empty_file+0xac/0x1b0 [ 730.337425][ T5888] path_openat+0x9e/0x4420 [ 730.341852][ T5888] ? __kasan_kmalloc+0x178/0x1b0 [ 730.346835][ T5888] ? __lock_acquire+0xc75/0x1be0 [ 730.351934][ T5888] ? __kasan_check_write+0x14/0x20 [ 730.357077][ T5888] do_filp_open+0x192/0x3d0 [ 730.361585][ T5888] ? _raw_spin_unlock+0x2c/0x50 [ 730.366737][ T5888] do_sys_open+0x29f/0x560 [ 730.371260][ T5888] __x64_sys_open+0x87/0x90 [ 730.375765][ T5888] do_syscall_64+0xf7/0x1c0 [ 730.380287][ T5888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.386176][ T5888] RIP: 0033:0x4143d1 [ 730.390085][ T5888] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 730.409690][ T5888] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 730.418105][ T5888] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 16:54:43 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x5c000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:43 executing program 3 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 730.426076][ T5888] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 730.435046][ T5888] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 730.443026][ T5888] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 730.450985][ T5888] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 730.564914][ T26] audit: type=1804 audit(1574009683.583:84): pid=5893 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1057/file0" dev="sda1" ino=17105 res=1 [ 730.593508][ T5903] FAULT_INJECTION: forcing a failure. [ 730.593508][ T5903] name failslab, interval 1, probability 0, space 0, times 0 [ 730.618963][ T5894] BTRFS error (device loop1): superblock checksum mismatch [ 730.659265][ T5903] CPU: 0 PID: 5903 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 730.667121][ T5903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.677172][ T5903] Call Trace: [ 730.680461][ T5903] dump_stack+0x1fb/0x318 [ 730.684812][ T5903] should_fail+0x555/0x770 [ 730.689229][ T5903] __should_failslab+0x11a/0x160 [ 730.694145][ T5903] ? __alloc_file+0x2c/0x390 [ 730.698713][ T5903] should_failslab+0x9/0x20 [ 730.703195][ T5903] kmem_cache_alloc+0x56/0x2e0 [ 730.707937][ T5903] __alloc_file+0x2c/0x390 [ 730.712946][ T5903] alloc_empty_file+0xac/0x1b0 [ 730.717698][ T5903] path_openat+0x9e/0x4420 [ 730.722102][ T5903] ? __kasan_kmalloc+0x178/0x1b0 [ 730.727023][ T5903] ? __lock_acquire+0xc75/0x1be0 [ 730.731937][ T5903] ? rcu_read_lock_sched_held+0x10b/0x170 [ 730.737655][ T5903] do_filp_open+0x192/0x3d0 [ 730.742140][ T5903] ? _raw_spin_unlock+0x2c/0x50 [ 730.746980][ T5903] do_sys_open+0x29f/0x560 [ 730.751380][ T5903] __x64_sys_open+0x87/0x90 [ 730.755864][ T5903] do_syscall_64+0xf7/0x1c0 [ 730.760350][ T5903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.766218][ T5903] RIP: 0033:0x4143d1 [ 730.770092][ T5903] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 730.789676][ T5903] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 730.798064][ T5903] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 730.806012][ T5903] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 730.813963][ T5903] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 730.822088][ T5903] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 730.830037][ T5903] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 730.842677][ T5906] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 730.867299][ T5906] device gre1 entered promiscuous mode [ 730.889309][ T5894] BTRFS error (device loop1): open_ctree failed 16:54:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b08fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:44 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000200e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:44 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:44 executing program 3 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:44 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x8cffffff, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:44 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 731.201703][ T5923] FAULT_INJECTION: forcing a failure. [ 731.201703][ T5923] name failslab, interval 1, probability 0, space 0, times 0 [ 731.215762][ T5924] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 731.229261][ T5923] CPU: 1 PID: 5923 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 731.237086][ T5923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.247266][ T5923] Call Trace: [ 731.248111][ T26] audit: type=1804 audit(1574009684.263:85): pid=5926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1058/file0" dev="sda1" ino=17409 res=1 [ 731.250561][ T5923] dump_stack+0x1fb/0x318 [ 731.250576][ T5923] should_fail+0x555/0x770 [ 731.250594][ T5923] __should_failslab+0x11a/0x160 [ 731.250607][ T5923] ? __alloc_file+0x2c/0x390 [ 731.250617][ T5923] should_failslab+0x9/0x20 [ 731.250625][ T5923] kmem_cache_alloc+0x56/0x2e0 [ 731.250638][ T5923] __alloc_file+0x2c/0x390 [ 731.250650][ T5923] alloc_empty_file+0xac/0x1b0 [ 731.292669][ T5923] path_openat+0x9e/0x4420 [ 731.292685][ T5923] ? __kasan_kmalloc+0x178/0x1b0 [ 731.292700][ T5923] ? __lock_acquire+0xc75/0x1be0 [ 731.292710][ T5923] ? rcu_read_lock_sched_held+0x10b/0x170 [ 731.292743][ T5923] do_filp_open+0x192/0x3d0 [ 731.292758][ T5923] ? _raw_spin_unlock+0x2c/0x50 [ 731.292784][ T5923] do_sys_open+0x29f/0x560 [ 731.292798][ T5923] __x64_sys_open+0x87/0x90 16:54:44 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) socket(0x10, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:44 executing program 3 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 731.292811][ T5923] do_syscall_64+0xf7/0x1c0 [ 731.292822][ T5923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.292835][ T5923] RIP: 0033:0x4143d1 [ 731.302068][ T5923] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 731.302075][ T5923] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 731.302084][ T5923] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 731.302089][ T5923] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 731.302095][ T5923] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 731.302100][ T5923] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 731.302106][ T5923] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 731.461054][ T5924] device gre1 entered promiscuous mode [ 731.464434][ T5918] BTRFS error (device loop1): superblock checksum mismatch [ 731.485954][ T5925] EXT4-fs (loop0): unsupported inode size: 0 [ 731.497255][ T5932] FAULT_INJECTION: forcing a failure. [ 731.497255][ T5932] name failslab, interval 1, probability 0, space 0, times 0 [ 731.530543][ T5932] CPU: 1 PID: 5932 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 731.538392][ T5932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.538899][ T26] audit: type=1804 audit(1574009684.553:86): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1059/file0" dev="sda1" ino=17441 res=1 [ 731.548617][ T5932] Call Trace: [ 731.548637][ T5932] dump_stack+0x1fb/0x318 [ 731.548652][ T5932] should_fail+0x555/0x770 [ 731.548669][ T5932] __should_failslab+0x11a/0x160 [ 731.548683][ T5932] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 731.548693][ T5932] should_failslab+0x9/0x20 [ 731.548703][ T5932] __kmalloc+0x7a/0x340 [ 731.548712][ T5932] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 731.548723][ T5932] tomoyo_realpath_from_path+0xdc/0x7c0 [ 731.548742][ T5932] tomoyo_check_open_permission+0x1ce/0x9d0 [ 731.548775][ T5932] tomoyo_file_open+0x141/0x190 [ 731.548786][ T5932] security_file_open+0x65/0x2f0 [ 731.548799][ T5932] do_dentry_open+0x351/0x10c0 [ 731.548818][ T5932] vfs_open+0x73/0x80 [ 731.639595][ T5932] path_openat+0x1397/0x4420 [ 731.644225][ T5932] do_filp_open+0x192/0x3d0 [ 731.648748][ T5932] do_sys_open+0x29f/0x560 [ 731.653182][ T5932] __x64_sys_open+0x87/0x90 [ 731.657690][ T5932] do_syscall_64+0xf7/0x1c0 [ 731.662193][ T5932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.668079][ T5932] RIP: 0033:0x4143d1 [ 731.671971][ T5932] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 731.691667][ T5932] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 731.700080][ T5932] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 731.708050][ T5932] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 731.716115][ T5932] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:54:44 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) socket(0x10, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:44 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc0ed0000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 731.724085][ T5932] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 731.732053][ T5932] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 731.742675][ T5932] ERROR: Out of memory at tomoyo_realpath_from_path. 16:54:44 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000400e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 731.819870][ T5918] BTRFS error (device loop1): open_ctree failed [ 731.858582][ T5932] BTRFS error (device loop3): superblock checksum mismatch [ 731.894405][ T26] audit: type=1804 audit(1574009684.913:87): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1060/file0" dev="sda1" ino=17378 res=1 16:54:44 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) socket(0x10, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 731.982914][ T5932] BTRFS error (device loop3): open_ctree failed [ 732.017680][ T5955] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 732.036876][ T5955] device gre1 entered promiscuous mode [ 732.113084][ T5949] EXT4-fs (loop0): unsupported inode size: 0 16:54:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b09fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:45 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:45 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:45 executing program 3 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:45 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xf6ffffff, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:45 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000500e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 732.451152][ T5975] FAULT_INJECTION: forcing a failure. [ 732.451152][ T5975] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 732.464408][ T5975] CPU: 1 PID: 5975 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 732.472219][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.482285][ T5975] Call Trace: [ 732.485586][ T5975] dump_stack+0x1fb/0x318 [ 732.490179][ T5975] should_fail+0x555/0x770 [ 732.494616][ T5975] should_fail_alloc_page+0x55/0x60 [ 732.499837][ T5975] prepare_alloc_pages+0x283/0x460 [ 732.504966][ T5975] __alloc_pages_nodemask+0xb2/0x5d0 [ 732.509149][ T5977] validate_nla: 6 callbacks suppressed [ 732.509156][ T5977] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 732.510261][ T5975] kmem_getpages+0x4d/0xa00 [ 732.510277][ T5975] cache_grow_begin+0x7e/0x2c0 [ 732.510292][ T5975] cache_alloc_refill+0x311/0x3f0 [ 732.510302][ T5975] ? check_preemption_disabled+0xb7/0x2a0 [ 732.510317][ T5975] __kmalloc+0x318/0x340 16:54:45 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 732.516345][ T5977] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 732.524277][ T5975] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 732.524291][ T5975] tomoyo_realpath_from_path+0xdc/0x7c0 [ 732.524309][ T5975] tomoyo_check_open_permission+0x1ce/0x9d0 [ 732.524345][ T5975] tomoyo_file_open+0x141/0x190 [ 732.524358][ T5975] security_file_open+0x65/0x2f0 [ 732.524371][ T5975] do_dentry_open+0x351/0x10c0 [ 732.524389][ T5975] vfs_open+0x73/0x80 [ 732.524400][ T5975] path_openat+0x1397/0x4420 [ 732.524443][ T5975] do_filp_open+0x192/0x3d0 [ 732.524474][ T5975] do_sys_open+0x29f/0x560 [ 732.524491][ T5975] __x64_sys_open+0x87/0x90 [ 732.524503][ T5975] do_syscall_64+0xf7/0x1c0 [ 732.524519][ T5975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.534025][ T5977] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 732.538849][ T5975] RIP: 0033:0x4143d1 [ 732.538861][ T5975] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 732.538866][ T5975] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 732.538876][ T5975] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 732.538882][ T5975] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 732.538888][ T5975] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 732.538893][ T5975] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 16:54:45 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}}}, &(0x7f0000000240)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 732.538899][ T5975] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 732.708257][ T5977] device gre1 entered promiscuous mode [ 732.754030][ T5966] EXT4-fs (loop0): unsupported inode size: 0 [ 732.771757][ T5975] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop1 new:/dev/loop3 16:54:45 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r3 = gettid() ptrace$cont(0x9, r3, 0x7, 0x7) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x28, 0x4) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 732.802729][ T5971] BTRFS error (device loop1): superblock checksum mismatch 16:54:45 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfeffffff, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:45 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000600e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:45 executing program 3 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 732.969312][ T5971] BTRFS error (device loop1): open_ctree failed [ 733.031345][ T6004] FAULT_INJECTION: forcing a failure. [ 733.031345][ T6004] name failslab, interval 1, probability 0, space 0, times 0 [ 733.061799][ T6004] CPU: 0 PID: 6004 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 733.069645][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.079708][ T6004] Call Trace: [ 733.079727][ T6004] dump_stack+0x1fb/0x318 [ 733.079743][ T6004] should_fail+0x555/0x770 [ 733.079762][ T6004] __should_failslab+0x11a/0x160 [ 733.079775][ T6004] ? tomoyo_encode2+0x273/0x5a0 [ 733.079784][ T6004] should_failslab+0x9/0x20 [ 733.079794][ T6004] __kmalloc+0x7a/0x340 [ 733.079806][ T6004] tomoyo_encode2+0x273/0x5a0 [ 733.079827][ T6004] tomoyo_realpath_from_path+0x769/0x7c0 [ 733.079846][ T6004] tomoyo_check_open_permission+0x1ce/0x9d0 [ 733.079879][ T6004] tomoyo_file_open+0x141/0x190 [ 733.131596][ T6004] security_file_open+0x65/0x2f0 [ 733.136611][ T6004] do_dentry_open+0x351/0x10c0 [ 733.141361][ T6004] vfs_open+0x73/0x80 [ 733.145322][ T6004] path_openat+0x1397/0x4420 [ 733.149921][ T6004] do_filp_open+0x192/0x3d0 [ 733.154421][ T6004] do_sys_open+0x29f/0x560 [ 733.158824][ T6004] __x64_sys_open+0x87/0x90 [ 733.163309][ T6004] do_syscall_64+0xf7/0x1c0 [ 733.167828][ T6004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 733.173701][ T6004] RIP: 0033:0x4143d1 [ 733.177682][ T6004] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 733.197266][ T6004] RSP: 002b:00007f7fc8f41a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 733.205657][ T6004] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 733.213618][ T6004] RDX: 00007f7fc8f41b0a RSI: 0000000000000002 RDI: 00007f7fc8f41b00 [ 733.221567][ T6004] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 733.229530][ T6004] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 733.237492][ T6004] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 733.249455][ T6004] ERROR: Out of memory at tomoyo_realpath_from_path. [ 733.274002][ T6000] EXT4-fs (loop0): unsupported inode size: 0 [ 733.322795][ T6013] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 733.336993][ T6013] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 733.347829][ T6013] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 733.384662][ T6004] BTRFS error (device loop3): superblock checksum mismatch [ 733.398116][ T6013] device gre1 entered promiscuous mode [ 733.504921][ T6004] BTRFS error (device loop3): open_ctree failed 16:54:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0afffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:46 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r2 = gettid() ptrace$cont(0x9, r2, 0x7, 0x7) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:46 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:46 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffff0000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:46 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000700e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:46 executing program 3 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 733.919951][ T6024] FAULT_INJECTION: forcing a failure. [ 733.919951][ T6024] name failslab, interval 1, probability 0, space 0, times 0 [ 733.939217][ T6024] CPU: 1 PID: 6024 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 733.939609][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 733.939617][ T26] audit: type=1804 audit(1574009686.963:93): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1066/file0" dev="sda1" ino=17521 res=1 [ 733.947606][ T6024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.947612][ T6024] Call Trace: [ 733.947630][ T6024] dump_stack+0x1fb/0x318 [ 733.947648][ T6024] should_fail+0x555/0x770 [ 733.947664][ T6024] __should_failslab+0x11a/0x160 [ 733.965173][ T6034] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 733.977336][ T6024] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 733.977346][ T6024] should_failslab+0x9/0x20 [ 733.977355][ T6024] __kmalloc+0x7a/0x340 [ 733.977363][ T6024] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 733.977375][ T6024] tomoyo_realpath_from_path+0xdc/0x7c0 [ 733.977392][ T6024] tomoyo_path_number_perm+0x166/0x640 [ 733.977422][ T6024] ? smack_file_ioctl+0x226/0x2e0 [ 733.997951][ T6034] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 733.999566][ T6024] ? __fget+0x3f1/0x510 [ 733.999584][ T6024] tomoyo_file_ioctl+0x23/0x30 [ 733.999596][ T6024] security_file_ioctl+0x6d/0xd0 [ 733.999610][ T6024] __x64_sys_ioctl+0xa3/0x120 [ 733.999623][ T6024] do_syscall_64+0xf7/0x1c0 [ 733.999638][ T6024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 733.999646][ T6024] RIP: 0033:0x45a4a7 [ 733.999658][ T6024] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 734.004916][ T6034] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 734.013412][ T6024] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 734.013422][ T6024] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 734.013428][ T6024] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 734.013433][ T6024] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 734.013439][ T6024] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 734.013445][ T6024] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 16:54:47 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) creat(&(0x7f0000000000)='./file0\x00', 0xa1) gettid() r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 734.117007][ T6024] ERROR: Out of memory at tomoyo_realpath_from_path. [ 734.130115][ T6022] BTRFS error (device loop1): superblock checksum mismatch [ 734.175925][ T6029] EXT4-fs (loop0): unsupported inode size: 0 [ 734.196057][ T26] audit: type=1804 audit(1574009687.213:94): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1067/file0" dev="sda1" ino=17649 res=1 16:54:47 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:47 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000800e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 734.255596][ T6034] device gre1 entered promiscuous mode 16:54:47 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfffffe00, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 734.319258][ T6022] BTRFS error (device loop1): open_ctree failed [ 734.335457][ T6024] BTRFS error (device loop3): superblock checksum mismatch 16:54:47 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 734.439275][ T6024] BTRFS error (device loop3): open_ctree failed [ 734.452803][ T26] audit: type=1804 audit(1574009687.453:95): pid=6050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1068/file0" dev="sda1" ino=17489 res=1 16:54:47 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 734.616217][ T6055] BTRFS error (device loop1): superblock checksum mismatch [ 734.639982][ T6052] EXT4-fs (loop0): unsupported inode size: 0 [ 734.679474][ T6055] BTRFS error (device loop1): open_ctree failed [ 734.764107][ T6068] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 734.773444][ T6068] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 734.784858][ T6068] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 734.803180][ T6068] device gre1 entered promiscuous mode 16:54:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0bfffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:48 executing program 3 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:48 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffffff7f, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:48 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:48 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000900e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:48 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 735.156013][ T6080] FAULT_INJECTION: forcing a failure. [ 735.156013][ T6080] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 735.169284][ T6080] CPU: 0 PID: 6080 Comm: syz-executor.3 Not tainted 5.4.0-rc7+ #0 [ 735.169292][ T6080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.169297][ T6080] Call Trace: [ 735.169315][ T6080] dump_stack+0x1fb/0x318 [ 735.169330][ T6080] should_fail+0x555/0x770 [ 735.169347][ T6080] should_fail_alloc_page+0x55/0x60 [ 735.169356][ T6080] prepare_alloc_pages+0x283/0x460 [ 735.169370][ T6080] __alloc_pages_nodemask+0xb2/0x5d0 [ 735.169381][ T6080] ? stack_trace_save+0x150/0x150 [ 735.169398][ T6080] kmem_getpages+0x4d/0xa00 [ 735.169410][ T6080] cache_grow_begin+0x7e/0x2c0 [ 735.169424][ T6080] cache_alloc_refill+0x311/0x3f0 [ 735.187506][ T6080] ? check_preemption_disabled+0xb7/0x2a0 [ 735.187523][ T6080] __kmalloc+0x318/0x340 [ 735.187533][ T6080] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 735.187546][ T6080] tomoyo_realpath_from_path+0xdc/0x7c0 [ 735.187565][ T6080] tomoyo_path_number_perm+0x166/0x640 [ 735.262267][ T6080] ? smack_file_ioctl+0x226/0x2e0 [ 735.267295][ T6080] ? __fget+0x3f1/0x510 [ 735.271447][ T6080] tomoyo_file_ioctl+0x23/0x30 [ 735.276330][ T6080] security_file_ioctl+0x6d/0xd0 [ 735.281260][ T6080] __x64_sys_ioctl+0xa3/0x120 [ 735.285933][ T6080] do_syscall_64+0xf7/0x1c0 [ 735.290428][ T6080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.296301][ T6080] RIP: 0033:0x45a4a7 [ 735.300177][ T6080] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 735.320026][ T6080] RSP: 002b:00007f7fc8f41a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 735.328421][ T6080] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 735.336386][ T6080] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 735.344446][ T6080] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:54:48 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket(0x8, 0x4, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 735.352401][ T6080] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 735.360454][ T6080] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000003 [ 735.386109][ T6084] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 735.431692][ T6084] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 735.454003][ T6084] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 735.454101][ T6077] BTRFS error (device loop1): superblock checksum mismatch 16:54:48 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) socket(0x8, 0x4, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 735.483236][ T6078] EXT4-fs (loop0): unsupported inode size: 0 [ 735.496566][ T6084] device gre1 entered promiscuous mode [ 735.514544][ T6077] BTRFS error (device loop1): open_ctree failed 16:54:48 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000a00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:48 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffffff8c, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:48 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 735.598673][ T6080] BTRFS error (device loop3): superblock checksum mismatch [ 735.708061][ T26] audit: type=1804 audit(1574009688.723:96): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1072/file0" dev="sda1" ino=17473 res=1 16:54:48 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 735.793395][ T6105] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop3 new:/dev/loop1 [ 735.857501][ T6107] EXT4-fs (loop0): unsupported inode size: 0 [ 735.877738][ T26] audit: type=1804 audit(1574009688.893:97): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1073/file0" dev="sda1" ino=17826 res=1 [ 735.973731][ T6080] BTRFS error (device loop3): open_ctree failed [ 736.138756][ T6122] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 736.161016][ T6122] device gre1 entered promiscuous mode 16:54:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0cfffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:49 executing program 4: r0 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:49 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000b00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:49 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:49 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfffffff6, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 736.548809][ T6133] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop1 new:/dev/loop3 [ 736.565217][ T26] audit: type=1804 audit(1574009689.583:98): pid=6135 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1074/file0" dev="sda1" ino=17828 res=1 16:54:49 executing program 4: fsopen(&(0x7f0000000040)='tmpfs\x00', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 736.592165][ T6138] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 736.630933][ T6138] device gre1 entered promiscuous mode [ 736.635202][ T6132] BTRFS error (device loop1): superblock checksum mismatch 16:54:49 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='\ntrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:49 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 736.706835][ T6140] EXT4-fs (loop0): unsupported inode size: 0 [ 736.709171][ T6132] BTRFS error (device loop1): open_ctree failed [ 736.716091][ T26] audit: type=1804 audit(1574009689.743:99): pid=6145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1075/file0" dev="sda1" ino=17830 res=1 16:54:49 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000c00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 736.837406][ T26] audit: type=1804 audit(1574009689.853:100): pid=6152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1076/file0" dev="sda1" ino=17816 res=1 16:54:49 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfffffffe, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:49 executing program 4: creat(0x0, 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 737.099456][ T6162] EXT4-fs (loop0): unsupported inode size: 0 [ 737.294043][ T6176] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 737.306233][ T6176] device gre1 entered promiscuous mode 16:54:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0dfffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:50 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='%trfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:50 executing program 4: creat(0x0, 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:50 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000d00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:50 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xedc000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:50 executing program 4: creat(0x0, 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 737.766468][ T6182] BTRFS error (device loop1): superblock checksum mismatch [ 737.771877][ T6194] validate_nla: 6 callbacks suppressed [ 737.771884][ T6194] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 737.794059][ T6194] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 737.803341][ T6194] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 737.832200][ T6194] device gre1 entered promiscuous mode 16:54:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 737.872841][ T6192] EXT4-fs (loop0): unsupported inode size: 0 [ 737.903695][ T6182] BTRFS error (device loop1): open_ctree failed 16:54:50 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:51 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000e00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:51 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='\\trfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 738.219564][ T6213] EXT4-fs (loop0): unsupported inode size: 0 [ 738.287950][ T6226] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 738.301584][ T6226] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 738.312807][ T6226] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 738.336689][ T6226] device gre1 entered promiscuous mode [ 738.365640][ T6222] BTRFS error (device loop1): superblock checksum mismatch [ 738.429214][ T6222] BTRFS error (device loop1): open_ctree failed 16:54:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0efffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:51 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000f00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:51 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfeffff00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:51 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='b\nrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 738.888426][ T6243] BTRFS error (device loop1): superblock checksum mismatch [ 738.898767][ T6253] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 738.924881][ T6253] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 738.933395][ T6253] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 738.945431][ T6253] device gre1 entered promiscuous mode [ 738.998802][ T6242] EXT4-fs (loop0): unsupported inode size: 0 [ 739.009650][ T6243] BTRFS error (device loop1): open_ctree failed 16:54:52 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='b%rfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:52 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x100000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 739.231434][ T26] audit: type=1804 audit(1574009692.253:101): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1083/file0" dev="sda1" ino=17850 res=1 16:54:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 739.314406][ T6278] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 739.377008][ T6278] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 739.405940][ T6278] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 739.416184][ T26] audit: type=1804 audit(1574009692.433:102): pid=6288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1084/file0" dev="sda1" ino=17537 res=1 [ 739.446674][ T6278] device gre1 entered promiscuous mode [ 739.514407][ T6287] BTRFS error (device loop1): superblock checksum mismatch [ 739.594075][ T6287] BTRFS error (device loop1): open_ctree failed 16:54:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b0ffffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:52 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:52 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x200000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:52 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='b\\rfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:52 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 739.973508][ T6310] BTRFS error (device loop1): superblock checksum mismatch 16:54:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 740.007130][ T26] audit: type=1804 audit(1574009693.023:103): pid=6317 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1085/file0" dev="sda1" ino=17845 res=1 [ 740.041228][ T6320] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 740.054166][ T6320] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 740.059432][ T6310] BTRFS error (device loop1): open_ctree failed [ 740.064813][ T6320] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 740.086609][ T6320] device gre1 entered promiscuous mode [ 740.135446][ T6307] EXT4-fs (loop0): unsupported inode size: 0 16:54:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 740.179874][ T26] audit: type=1804 audit(1574009693.203:104): pid=6330 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1086/file0" dev="sda1" ino=17857 res=1 16:54:53 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x300000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:53 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='bt\nfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 740.327159][ T26] audit: type=1804 audit(1574009693.343:105): pid=6337 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1087/file0" dev="sda1" ino=17842 res=1 16:54:53 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001100e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 740.483653][ T6345] EXT4-fs (loop0): unsupported inode size: 0 [ 740.567069][ T6335] BTRFS error (device loop1): superblock checksum mismatch 16:54:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b10fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:53 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019001200e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:53 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='bt%fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:53 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x400000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 740.675225][ T6335] BTRFS error (device loop1): open_ctree failed 16:54:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 740.745955][ T26] audit: type=1804 audit(1574009693.763:106): pid=6367 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1088/file0" dev="sda1" ino=17838 res=1 16:54:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 740.837018][ T6375] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 740.837851][ T26] audit: type=1804 audit(1574009693.853:107): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1089/file0" dev="sda1" ino=17855 res=1 16:54:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 740.891825][ T6375] device gre1 entered promiscuous mode [ 740.964723][ T6371] EXT4-fs (loop0): unsupported inode size: 0 16:54:54 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='bt\\fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:54 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x500000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:54 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019002300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 741.104136][ T26] audit: type=1804 audit(1574009694.123:108): pid=6392 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1090/file0" dev="sda1" ino=17864 res=1 16:54:54 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 741.291174][ T6387] BTRFS error (device loop1): superblock checksum mismatch [ 741.340397][ T26] audit: type=1804 audit(1574009694.363:109): pid=6411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1091/file0" dev="sda1" ino=17863 res=1 [ 741.393061][ T6402] EXT4-fs (loop0): unsupported inode size: 0 [ 741.409677][ T6387] BTRFS error (device loop1): open_ctree failed [ 741.512868][ T6420] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 741.526127][ T6420] device gre1 entered promiscuous mode 16:54:55 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b11fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:55 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x600000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:55 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btr\ns\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:55 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019002d00e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 742.053267][ T6442] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 742.076636][ T6442] device gre1 entered promiscuous mode 16:54:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 742.082391][ T26] audit: type=1804 audit(1574009695.093:110): pid=6433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1092/file0" dev="sda1" ino=17887 res=1 [ 742.136170][ T6434] EXT4-fs (loop0): unsupported inode size: 0 [ 742.172681][ T6436] BTRFS error (device loop1): superblock checksum mismatch 16:54:55 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btr%s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:55 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x700000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:55 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019006400e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 742.289359][ T6436] BTRFS error (device loop1): open_ctree failed 16:54:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 742.607788][ T6473] BTRFS error (device loop1): superblock checksum mismatch [ 742.616494][ T6464] EXT4-fs (loop0): unsupported inode size: 0 [ 742.844470][ T6484] validate_nla: 6 callbacks suppressed [ 742.844477][ T6484] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 742.909285][ T6473] BTRFS error (device loop1): open_ctree failed [ 742.936275][ T6484] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 742.956072][ T6484] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 743.034042][ T6484] device gre1 entered promiscuous mode 16:54:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b12fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:56 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btr.s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:56 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x800000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:56 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900e000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:56 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 743.611962][ T6506] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 743.642811][ T6504] BTRFS error (device loop1): superblock checksum mismatch [ 743.648759][ T6506] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 743.687465][ T6506] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 743.704742][ T6506] device gre1 entered promiscuous mode 16:54:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 743.733379][ T6502] EXT4-fs (loop0): unsupported inode size: 0 [ 743.749298][ T6504] BTRFS error (device loop1): open_ctree failed 16:54:56 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btr/s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:56 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x900000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:56 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900b401e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:57 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 744.053619][ T6537] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 744.086134][ T6537] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 744.125733][ T6537] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 744.142944][ T6537] device gre1 entered promiscuous mode [ 744.222149][ T6533] EXT4-fs (loop0): unsupported inode size: 0 [ 744.232042][ T6543] BTRFS error (device loop1): superblock checksum mismatch [ 744.339285][ T6543] BTRFS error (device loop1): open_ctree failed 16:54:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b13fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:57 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btr\\s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:57 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xa00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:57 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900ac03e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:57 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 744.611429][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 744.611437][ T26] audit: type=1804 audit(1574009697.633:116): pid=6565 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1098/file0" dev="sda1" ino=17901 res=1 [ 744.646319][ T6577] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:54:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:57 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 744.668915][ T6577] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 744.677575][ T6577] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 744.690353][ T6577] device gre1 entered promiscuous mode 16:54:57 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xb00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:57 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900bf03e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 744.757015][ T6564] EXT4-fs (loop0): unsupported inode size: 0 [ 744.766685][ T26] audit: type=1804 audit(1574009697.783:117): pid=6584 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1099/file0" dev="sda1" ino=17893 res=1 16:54:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:54:57 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf\n\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 744.987320][ T26] audit: type=1804 audit(1574009698.003:118): pid=6595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1100/file0" dev="sda1" ino=17911 res=1 [ 745.104978][ T6609] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 745.121082][ T6609] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 745.129855][ T6609] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 745.144731][ T6609] device gre1 entered promiscuous mode [ 745.185763][ T6603] EXT4-fs (loop0): unsupported inode size: 0 16:54:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b14fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(0x0, 0x0, 0x0) 16:54:58 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:58 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900c003e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:54:58 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf#\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 745.695807][ T6642] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:54:58 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf%\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(0x0, 0x0, 0x0) [ 745.737372][ T6642] device gre1 entered promiscuous mode [ 745.822055][ T6640] EXT4-fs (loop0): unsupported inode size: 0 16:54:58 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(0x0, 0x0, 0x0) 16:54:58 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xd00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:58 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000044e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 746.193306][ T6667] EXT4-fs (loop0): unsupported inode size: 0 [ 746.326342][ T6683] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 746.338107][ T6683] device gre1 entered promiscuous mode 16:54:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b25fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:54:59 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf*\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:59 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:59 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:54:59 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900e0ffe60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 746.717724][ T6703] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 746.731864][ T6703] device gre1 entered promiscuous mode 16:54:59 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf+\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:54:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 746.840093][ T6690] BTRFS error (device loop4): superblock checksum mismatch [ 746.851971][ T6698] EXT4-fs (loop0): unsupported inode size: 0 16:54:59 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfffffffffffffff, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:00 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000302e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 747.050759][ T6690] BTRFS error (device loop4): open_ctree failed 16:55:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) [ 747.228855][ T6734] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 747.240459][ T6729] EXT4-fs (loop0): unsupported inode size: 0 [ 747.263242][ T6734] device gre1 entered promiscuous mode 16:55:00 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b2ffffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:00 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:00 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000303e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:00 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf-\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 16:55:00 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1100000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 747.857567][ T6762] BTRFS error (device loop4): superblock checksum mismatch [ 747.868931][ T6776] validate_nla: 8 callbacks suppressed [ 747.868938][ T6776] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 747.884312][ T6776] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 747.904084][ T6776] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 747.925410][ T6776] device gre1 entered promiscuous mode 16:55:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) [ 747.965294][ T6762] BTRFS error (device loop4): open_ctree failed [ 747.993851][ T6764] EXT4-fs (loop0): unsupported inode size: 0 16:55:01 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1200000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:01 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:01 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000304e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) [ 748.348876][ T6793] BTRFS error (device loop4): superblock checksum mismatch [ 748.403086][ T6793] BTRFS error (device loop4): open_ctree failed [ 748.403456][ T6811] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 748.421642][ T6811] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 748.437928][ T6811] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 748.452076][ T6811] device gre1 entered promiscuous mode [ 748.520279][ T6807] EXT4-fs (loop0): unsupported inode size: 0 16:55:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b3afffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:01 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2000000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:01 executing program 4: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:01 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000305e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf/\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) [ 748.939312][ T6848] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 748.947887][ T6848] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 748.956995][ T6848] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 748.979928][ T6848] device gre1 entered promiscuous mode [ 749.001446][ T6841] BTRFS error (device loop4): superblock checksum mismatch 16:55:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 16:55:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:02 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2010000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 749.060384][ T6835] EXT4-fs (loop0): unsupported inode size: 0 [ 749.089199][ T6841] BTRFS error (device loop4): open_ctree failed 16:55:02 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000306e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:02 executing program 4: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfL\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 749.517760][ T6882] BTRFS error (device loop4): superblock checksum mismatch [ 749.530486][ T6873] EXT4-fs (loop0): unsupported inode size: 0 [ 749.629187][ T6882] BTRFS error (device loop4): open_ctree failed [ 749.702253][ T6899] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 749.718513][ T6899] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 749.734721][ T6899] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 749.751357][ T6899] device gre1 entered promiscuous mode 16:55:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b48fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:03 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2500000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:03 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:55:03 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000307e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:03 executing program 4 (fault-call:4 fault-nth:0): creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 16:55:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfX\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:03 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 750.167482][ T6924] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 750.190108][ T6924] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 750.199861][ T6924] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:03 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) [ 750.215412][ T6924] device gre1 entered promiscuous mode 16:55:03 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x3f00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 750.283580][ T6919] EXT4-fs (loop0): unsupported inode size: 0 16:55:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrf\\\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:03 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000308e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 750.376202][ T26] audit: type=1804 audit(1574009703.393:119): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1110/file0" dev="sda1" ino=18377 res=1 16:55:03 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2, 0x0) [ 750.641753][ T6948] EXT4-fs (loop0): unsupported inode size: 0 [ 750.766221][ T6966] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 750.797081][ T6966] device gre1 entered promiscuous mode 16:55:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b4cfffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 16:55:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3, 0x0) 16:55:04 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x4000000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:04 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000309e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfc\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 751.265967][ T6992] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4, 0x0) 16:55:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) [ 751.333291][ T6992] device gre1 entered promiscuous mode [ 751.339941][ T6984] EXT4-fs (loop0): unsupported inode size: 0 16:55:04 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900030ae60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:04 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x5c00000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfd\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 751.497170][ T26] audit: type=1804 audit(1574009704.513:120): pid=7006 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1113/file0" dev="sda1" ino=17860 res=1 16:55:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5, 0x0) [ 751.765880][ T7014] EXT4-fs (loop0): unsupported inode size: 0 [ 751.832962][ T7031] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 751.891798][ T7031] device gre1 entered promiscuous mode 16:55:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b60fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:55:05 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900030be60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:05 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x8cffffff00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:05 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfh\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6, 0x0) 16:55:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7, 0x0) [ 752.487761][ T7060] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 752.509951][ T7054] EXT4-fs (loop0): unsupported inode size: 0 [ 752.527349][ T7060] device gre1 entered promiscuous mode 16:55:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 16:55:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x8, 0x0) 16:55:05 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900030ce60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:05 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfi\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:05 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xf6ffffff00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 752.803609][ T26] audit: type=1804 audit(1574009705.823:121): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1117/file0" dev="sda1" ino=18405 res=1 [ 752.965732][ T7082] EXT4-fs (loop0): unsupported inode size: 0 16:55:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b68fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x9, 0x0) 16:55:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:55:06 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xfeffffff00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:06 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900030de60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:06 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfl\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xa, 0x0) 16:55:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) [ 753.447668][ T7131] validate_nla: 8 callbacks suppressed [ 753.447676][ T7131] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xb, 0x0) [ 753.488207][ T7122] EXT4-fs (loop0): unsupported inode size: 0 [ 753.499986][ T7131] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 753.520922][ T7131] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:06 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffff000000000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 753.542337][ T7131] device gre1 entered promiscuous mode 16:55:06 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900030ee60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xc, 0x0) [ 753.897014][ T26] audit: type=1804 audit(1574009706.913:122): pid=7165 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1121/file0" dev="sda1" ino=18413 res=1 [ 753.967227][ T7164] EXT4-fs (loop0): unsupported inode size: 0 [ 754.134340][ T7176] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 754.143533][ T7176] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 754.152003][ T7176] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 754.164314][ T7176] device gre1 entered promiscuous mode 16:55:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b6cfffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfo\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 16:55:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xd, 0x0) 16:55:07 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffffff7f00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:07 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000310e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xe, 0x0) [ 754.645138][ T7195] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 754.655052][ T7195] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 754.665800][ T7195] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 754.687095][ T7195] device gre1 entered promiscuous mode 16:55:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) [ 754.726396][ T7182] EXT4-fs (loop0): unsupported inode size: 0 16:55:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfp\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:07 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffffffff00000000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x10, 0x0) 16:55:07 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000311e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 755.055261][ T26] audit: type=1804 audit(1574009708.073:123): pid=7226 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1124/file0" dev="sda1" ino=18443 res=1 [ 755.151868][ T7227] EXT4-fs (loop0): unsupported inode size: 0 [ 755.353805][ T7241] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 755.363233][ T7241] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 755.371809][ T7241] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 755.383414][ T7241] device gre1 entered promiscuous mode 16:55:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b74fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:08 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x11, 0x0) 16:55:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:55:08 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xffffffffffffff0f, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:08 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000312e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:08 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrft\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:08 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x12, 0x0) [ 755.871029][ T7264] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 755.885220][ T7264] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 755.899759][ T7264] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 16:55:09 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfu\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 755.954893][ T7264] device gre1 entered promiscuous mode [ 755.970974][ T7257] EXT4-fs (loop0): unsupported inode size: 0 16:55:09 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'%rans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:09 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000325e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:09 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x25, 0x0) [ 756.473937][ T7287] EXT4-fs (loop0): unsupported inode size: 0 [ 756.567945][ T7305] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 756.582078][ T7305] device gre1 entered promiscuous mode 16:55:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b7afffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:09 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x37, 0x0) 16:55:09 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfx\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:09 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'\\rans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:55:09 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900032de60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x48, 0x0) [ 756.976112][ T7323] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 756.990340][ T7323] device gre1 entered promiscuous mode [ 757.054059][ T7314] EXT4-fs (loop0): unsupported inode size: 0 16:55:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:55:10 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000348e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfz\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 757.131511][ T26] audit: type=1804 audit(1574009710.153:124): pid=7334 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1129/file0" dev="sda1" ino=16913 res=1 16:55:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'t\\ans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4c, 0x0) [ 757.411540][ T7346] EXT4-fs (loop0): unsupported inode size: 0 [ 757.424815][ T26] audit: type=1804 audit(1574009710.443:125): pid=7359 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1130/file0" dev="sda1" ino=16913 res=1 [ 757.594702][ T7367] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 757.606505][ T7367] device gre1 entered promiscuous mode 16:55:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f03", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 16:55:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5c, 0x0) 16:55:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tr\\ns=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:10 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900034ce60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 757.942877][ T26] audit: type=1804 audit(1574009710.963:126): pid=7383 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1131/file0" dev="sda1" ino=16881 res=1 [ 757.978438][ T7382] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x68, 0x0) [ 758.016337][ T7382] device gre1 entered promiscuous mode [ 758.032182][ T7376] EXT4-fs (loop0): unsupported inode size: 0 16:55:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tra%s=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6c, 0x0) 16:55:11 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900035ce60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) [ 758.155306][ T26] audit: type=1804 audit(1574009711.173:127): pid=7393 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1132/file0" dev="sda1" ino=16881 res=1 16:55:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 758.287802][ T26] audit: type=1804 audit(1574009711.303:128): pid=7403 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1133/file0" dev="sda1" ino=16705 res=1 [ 758.432406][ T7406] EXT4-fs (loop0): unsupported inode size: 0 16:55:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f04", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x74, 0x0) 16:55:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 16:55:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran#=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:11 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000360e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 758.589819][ T26] audit: type=1804 audit(1574009711.613:129): pid=7428 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1134/file0" dev="sda1" ino=16730 res=1 16:55:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7a, 0x0) 16:55:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 758.662639][ T7442] validate_nla: 8 callbacks suppressed [ 758.662647][ T7442] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x300, 0x0) [ 758.713793][ T7442] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 758.723096][ T7442] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 758.748064][ T7442] device gre1 entered promiscuous mode 16:55:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) [ 758.821759][ T7441] EXT4-fs (loop0): unsupported inode size: 0 16:55:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran%=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x05', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:12 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000368e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 759.234710][ T7478] EXT4-fs (loop0): unsupported inode size: 0 [ 759.283571][ T7491] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 759.297982][ T7491] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 759.311819][ T7491] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 759.327198][ T7491] device gre1 entered promiscuous mode 16:55:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f05", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:12 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x500, 0x0) 16:55:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:55:12 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran*=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:12 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900036ce60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 759.757800][ T26] audit: type=1804 audit(1574009712.773:130): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1137/file0" dev="sda1" ino=16865 res=1 [ 759.769792][ T7511] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 759.797965][ T7511] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 759.807702][ T7511] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:12 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x600, 0x0) [ 759.851951][ T7511] device gre1 entered promiscuous mode 16:55:13 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran+=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 759.971897][ T7507] EXT4-fs (loop0): unsupported inode size: 0 16:55:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:55:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\a', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:13 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000374e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x700, 0x0) [ 760.214065][ T7546] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 760.241511][ T7546] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 760.285815][ T7546] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 760.303545][ T7546] device gre1 entered promiscuous mode [ 760.372563][ T7537] EXT4-fs (loop0): unsupported inode size: 0 16:55:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f06", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x900, 0x0) 16:55:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 16:55:13 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran-=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:13 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900037ae60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\b', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 760.933238][ T26] audit: type=1804 audit(1574009713.953:131): pid=7575 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1140/file0" dev="sda1" ino=16945 res=1 16:55:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xa00, 0x0) 16:55:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:55:14 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\t', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 760.992841][ T7584] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 761.013955][ T7584] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 761.028734][ T7584] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 761.042492][ T7584] device gre1 entered promiscuous mode 16:55:14 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran.=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 761.102131][ T7576] EXT4-fs (loop0): unsupported inode size: 0 16:55:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xb00, 0x0) 16:55:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="80000000380400001900037de60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 761.538895][ T7618] EXT4-fs (loop0): unsupported inode size: 0 [ 761.593861][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 761.606920][ T7624] device gre1 entered promiscuous mode 16:55:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f08", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xc00, 0x0) 16:55:14 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\n', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:55:14 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran0=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300000400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 761.972919][ T26] audit: type=1804 audit(1574009714.993:132): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1143/file0" dev="sda1" ino=16865 res=1 [ 761.984414][ T7641] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xcff, 0x0) [ 762.042411][ T7641] device gre1 entered promiscuous mode 16:55:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 16:55:15 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranI=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 762.146210][ T7632] EXT4-fs (loop0): unsupported inode size: 0 16:55:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xd00, 0x0) 16:55:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xe00, 0x0) [ 762.287153][ T26] audit: type=1804 audit(1574009715.303:133): pid=7662 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1145/file0" dev="sda1" ino=16705 res=1 16:55:15 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\v', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 762.515061][ T7680] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 762.538292][ T7680] device gre1 entered promiscuous mode 16:55:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f09", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:55:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60200006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1100, 0x0) 16:55:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranL=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\f', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 763.081967][ T26] audit: type=1804 audit(1574009716.103:134): pid=7705 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1147/file0" dev="sda1" ino=17329 res=1 [ 763.113337][ T7708] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1200, 0x0) [ 763.128595][ T7708] device gre1 entered promiscuous mode 16:55:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) [ 763.255340][ T7694] EXT4-fs (loop0): unsupported inode size: 0 16:55:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranQ=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2000, 0x0) 16:55:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\r', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 763.425119][ T7731] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60300006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 763.465012][ T26] audit: type=1804 audit(1574009716.483:135): pid=7736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1149/file0" dev="sda1" ino=17233 res=1 [ 763.514160][ T7731] device gre1 entered promiscuous mode 16:55:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f0a", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2500, 0x0) 16:55:16 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 16:55:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranR=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 763.774461][ T7751] EXT4-fs (loop0): unsupported inode size: 0 16:55:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:17 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3700, 0x0) [ 763.899166][ T26] audit: type=1804 audit(1574009716.913:136): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1150/file0" dev="sda1" ino=17297 res=1 [ 763.913713][ T7772] validate_nla: 10 callbacks suppressed [ 763.913720][ T7772] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 763.981545][ T7772] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 763.999346][ T7772] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:17 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3f00, 0x0) 16:55:17 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranS=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 764.133846][ T7772] device gre1 entered promiscuous mode 16:55:17 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 764.194184][ T7792] EXT4-fs (loop0): unsupported inode size: 0 16:55:17 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60500006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 764.473358][ T7812] EXT4-fs (loop0): unsupported inode size: 0 [ 764.692980][ T7829] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 764.707090][ T7829] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 764.715312][ T7829] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 764.733060][ T7829] device gre1 entered promiscuous mode 16:55:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f0b", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4000, 0x0) 16:55:18 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranT=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:18 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60600006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:18 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x11', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 765.115280][ T26] audit: type=1804 audit(1574009718.133:137): pid=7841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1153/file0" dev="sda1" ino=17601 res=1 16:55:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4800, 0x0) [ 765.155621][ T7849] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 765.184949][ T7849] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 765.195758][ T26] audit: type=1800 audit(1574009718.133:138): pid=7841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=17601 res=0 [ 765.199184][ T7849] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 765.228500][ T26] audit: type=1800 audit(1574009718.143:139): pid=7846 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=17601 res=0 [ 765.251642][ T7849] device gre1 entered promiscuous mode [ 765.303777][ T7844] EXT4-fs (loop0): unsupported inode size: 0 16:55:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4c00, 0x0) [ 765.356189][ T26] audit: type=1804 audit(1574009718.363:140): pid=7862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1154/file0" dev="sda1" ino=17714 res=1 16:55:18 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x12', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:18 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranV=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 765.396237][ T26] audit: type=1800 audit(1574009718.363:141): pid=7862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=17714 res=0 [ 765.417714][ T26] audit: type=1800 audit(1574009718.373:142): pid=7863 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=17714 res=0 16:55:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5c00, 0x0) 16:55:18 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60700006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 765.702369][ T7893] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 765.723505][ T7893] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 765.738983][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 765.759736][ T7893] device gre1 entered promiscuous mode [ 766.027043][ T7897] EXT4-fs (loop0): unsupported inode size: 0 16:55:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f10", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:19 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6800, 0x0) 16:55:19 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranX=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:19 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs%', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:19 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60a00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:19 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6c00, 0x0) [ 766.199389][ T7950] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 766.216809][ T7950] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 766.226461][ T7950] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 766.242671][ T7947] EXT4-fs (loop0): unsupported inode size: 0 16:55:19 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:19 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60b00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 766.286578][ T7950] device gre1 entered promiscuous mode 16:55:19 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tran\\=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:19 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7400, 0x0) 16:55:19 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7a00, 0x0) [ 766.529502][ T7970] EXT4-fs (loop0): unsupported inode size: 0 16:55:19 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsL', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 766.793390][ T8003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 766.806601][ T8003] device gre1 entered promiscuous mode 16:55:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f11", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:20 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60c00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:20 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xff0c, 0x0) 16:55:20 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranb=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:20 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\\', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 767.238224][ T8024] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 767.268397][ T8024] device gre1 entered promiscuous mode 16:55:20 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1000000, 0x0) 16:55:20 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs`', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 767.292715][ T8016] EXT4-fs (loop0): unsupported inode size: 0 16:55:20 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2000000, 0x0) [ 767.361966][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 767.361974][ T26] audit: type=1804 audit(1574009720.383:160): pid=8029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1162/file0" dev="sda1" ino=17929 res=1 16:55:20 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60d00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:20 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranc=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 767.565567][ T26] audit: type=1804 audit(1574009720.583:161): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1163/file0" dev="sda1" ino=17889 res=1 16:55:20 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3000000, 0x0) 16:55:20 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsh', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 767.722857][ T8047] EXT4-fs (loop0): unsupported inode size: 0 [ 767.745502][ T26] audit: type=1804 audit(1574009720.763:162): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1164/file0" dev="sda1" ino=17943 res=1 [ 767.826190][ T8059] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 767.838739][ T8059] device gre1 entered promiscuous mode 16:55:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f12", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:21 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4000000, 0x0) 16:55:21 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60f00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:21 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trand=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:21 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsl', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 768.318056][ T26] audit: type=1804 audit(1574009721.333:163): pid=8082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1165/file0" dev="sda1" ino=17947 res=1 16:55:21 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5000000, 0x0) [ 768.376163][ T8089] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 768.412286][ T8089] device gre1 entered promiscuous mode [ 768.448557][ T26] audit: type=1804 audit(1574009721.463:164): pid=8093 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1166/file0" dev="sda1" ino=17947 res=1 16:55:21 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6000000, 0x0) 16:55:21 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trang=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 768.509759][ T8081] EXT4-fs (loop0): unsupported inode size: 0 16:55:21 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfst', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:21 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e61400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 768.653676][ T26] audit: type=1804 audit(1574009721.673:165): pid=8105 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1167/file0" dev="sda1" ino=17947 res=1 16:55:21 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7000000, 0x0) [ 768.862266][ T26] audit: type=1804 audit(1574009721.883:166): pid=8123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1168/file0" dev="sda1" ino=17947 res=1 16:55:21 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x8000000, 0x0) [ 768.948857][ T8117] EXT4-fs (loop0): unsupported inode size: 0 [ 769.024879][ T8134] validate_nla: 8 callbacks suppressed [ 769.024887][ T8134] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 769.044767][ T26] audit: type=1804 audit(1574009722.063:167): pid=8133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1169/file0" dev="sda1" ino=17959 res=1 [ 769.047630][ T8134] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 769.078930][ T8134] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 769.116991][ T8134] device gre1 entered promiscuous mode 16:55:22 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f14", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:22 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranh=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsz', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:22 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e61800006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:22 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x9000000, 0x0) [ 769.512397][ T26] audit: type=1804 audit(1574009722.533:168): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1170/file0" dev="sda1" ino=17961 res=1 [ 769.548822][ T8151] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:22 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xa000000, 0x0) [ 769.574443][ T8151] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 769.586863][ T8151] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 769.608753][ T8151] device gre1 entered promiscuous mode [ 769.633874][ T8146] EXT4-fs (loop0): unsupported inode size: 0 16:55:22 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xb000000, 0x0) 16:55:22 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e62500006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:22 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trani=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 769.692105][ T26] audit: type=1804 audit(1574009722.713:169): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1171/file0" dev="sda1" ino=17961 res=1 16:55:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:22 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xc000000, 0x0) [ 769.903152][ T8170] EXT4-fs (loop0): unsupported inode size: 0 16:55:23 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e62d00006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 770.228358][ T8190] EXT4-fs (loop0): unsupported inode size: 0 [ 770.306845][ T8204] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 770.315230][ T8204] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 770.324873][ T8204] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 770.345047][ T8204] device gre1 entered promiscuous mode 16:55:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f64", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:23 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xd000000, 0x0) 16:55:23 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:23 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranl=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:23 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e66400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:23 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xe000000, 0x0) [ 770.698429][ T8209] BTRFS error (device loop3): superblock checksum mismatch [ 770.712248][ T8214] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop3 new:/dev/loop1 [ 770.739227][ T8223] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 770.776000][ T8223] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 770.793256][ T8223] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 770.803570][ T8209] BTRFS error (device loop3): open_ctree failed 16:55:23 executing program 1 (fault-call:3 fault-nth:0): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 770.837432][ T8217] EXT4-fs (loop0): unsupported inode size: 0 [ 770.854314][ T8223] device gre1 entered promiscuous mode 16:55:23 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x10000000, 0x0) 16:55:24 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trano=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 770.969125][ T8209] BTRFS error (device loop3): superblock checksum mismatch 16:55:24 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60003006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 771.054445][ T8243] FAULT_INJECTION: forcing a failure. [ 771.054445][ T8243] name failslab, interval 1, probability 0, space 0, times 0 [ 771.070344][ T8209] BTRFS error (device loop3): open_ctree failed [ 771.102803][ T8243] CPU: 0 PID: 8243 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 771.110660][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.120723][ T8243] Call Trace: [ 771.124007][ T8243] dump_stack+0x1fb/0x318 [ 771.128346][ T8243] should_fail+0x555/0x770 [ 771.128365][ T8243] __should_failslab+0x11a/0x160 [ 771.128380][ T8243] ? __se_sys_memfd_create+0x10a/0x4b0 [ 771.143174][ T8243] should_failslab+0x9/0x20 [ 771.147685][ T8243] __kmalloc+0x7a/0x340 [ 771.151937][ T8243] __se_sys_memfd_create+0x10a/0x4b0 [ 771.157226][ T8243] ? do_syscall_64+0x1d/0x1c0 [ 771.161917][ T8243] __x64_sys_memfd_create+0x5b/0x70 [ 771.167125][ T8243] do_syscall_64+0xf7/0x1c0 [ 771.171726][ T8243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 771.177621][ T8243] RIP: 0033:0x45a639 [ 771.181606][ T8243] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:55:24 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 771.201218][ T8243] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 771.209641][ T8243] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 771.217622][ T8243] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 771.225601][ T8243] RBP: 000000000075bfc8 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 771.233667][ T8243] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465df46d4 [ 771.241818][ T8243] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 771.337946][ T8248] EXT4-fs (loop0): unsupported inode size: 0 [ 771.520525][ T8265] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 771.537161][ T8265] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 771.545698][ T8265] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 771.558404][ T8265] device gre1 entered promiscuous mode 16:55:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f76", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:24 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x11000000, 0x0) 16:55:24 executing program 1 (fault-call:3 fault-nth:1): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:24 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranp=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:24 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e69703006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:24 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 772.008618][ T8278] FAULT_INJECTION: forcing a failure. [ 772.008618][ T8278] name failslab, interval 1, probability 0, space 0, times 0 [ 772.022582][ T8277] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 772.061521][ T8277] device gre1 entered promiscuous mode [ 772.071204][ T8278] CPU: 1 PID: 8278 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 772.079064][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.089124][ T8278] Call Trace: [ 772.092429][ T8278] dump_stack+0x1fb/0x318 [ 772.096940][ T8278] should_fail+0x555/0x770 [ 772.101379][ T8278] __should_failslab+0x11a/0x160 [ 772.106361][ T8278] ? shmem_alloc_inode+0x1b/0x40 [ 772.111302][ T8278] should_failslab+0x9/0x20 [ 772.115885][ T8278] kmem_cache_alloc+0x56/0x2e0 [ 772.120735][ T8278] ? shmem_match+0x180/0x180 [ 772.125504][ T8278] shmem_alloc_inode+0x1b/0x40 [ 772.130273][ T8278] ? shmem_match+0x180/0x180 [ 772.134877][ T8278] new_inode_pseudo+0x68/0x240 [ 772.139662][ T8278] new_inode+0x28/0x1c0 [ 772.143822][ T8278] shmem_get_inode+0x108/0x6e0 [ 772.148627][ T8278] __shmem_file_setup+0x129/0x280 [ 772.153671][ T8278] shmem_file_setup+0x2f/0x40 16:55:25 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x12000000, 0x0) 16:55:25 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x20000000, 0x0) [ 772.158349][ T8278] __se_sys_memfd_create+0x28e/0x4b0 [ 772.163640][ T8278] ? do_syscall_64+0x1d/0x1c0 [ 772.168323][ T8278] __x64_sys_memfd_create+0x5b/0x70 [ 772.173530][ T8278] do_syscall_64+0xf7/0x1c0 [ 772.178053][ T8278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 772.183949][ T8278] RIP: 0033:0x45a639 [ 772.187848][ T8278] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:55:25 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x25000000, 0x0) 16:55:25 executing program 1 (fault-call:3 fault-nth:2): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 772.207547][ T8278] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 772.215966][ T8278] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 772.224992][ T8278] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 772.232976][ T8278] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 772.241048][ T8278] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465e156d4 [ 772.249060][ T8278] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 772.336740][ T8275] EXT4-fs (loop0): unsupported inode size: 0 [ 772.388596][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 772.388603][ T26] audit: type=1804 audit(1574009725.403:178): pid=8304 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1180/file0" dev="sda1" ino=17986 res=1 [ 772.419493][ T8305] FAULT_INJECTION: forcing a failure. [ 772.419493][ T8305] name failslab, interval 1, probability 0, space 0, times 0 [ 772.433959][ T8305] CPU: 0 PID: 8305 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 772.441959][ T8305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.452115][ T8305] Call Trace: [ 772.455409][ T8305] dump_stack+0x1fb/0x318 [ 772.459746][ T8305] should_fail+0x555/0x770 [ 772.464168][ T8305] __should_failslab+0x11a/0x160 [ 772.469110][ T8305] ? security_inode_alloc+0x36/0x1e0 [ 772.474395][ T8305] should_failslab+0x9/0x20 [ 772.478896][ T8305] kmem_cache_alloc+0x56/0x2e0 [ 772.483659][ T8305] ? rcu_read_lock_sched_held+0x10b/0x170 [ 772.489381][ T8305] security_inode_alloc+0x36/0x1e0 [ 772.494508][ T8305] inode_init_always+0x3b5/0x920 [ 772.499440][ T8305] ? shmem_match+0x180/0x180 [ 772.504145][ T8305] new_inode_pseudo+0x7f/0x240 [ 772.509012][ T8305] new_inode+0x28/0x1c0 [ 772.513171][ T8305] shmem_get_inode+0x108/0x6e0 [ 772.517920][ T8305] __shmem_file_setup+0x129/0x280 [ 772.523051][ T8305] shmem_file_setup+0x2f/0x40 [ 772.527720][ T8305] __se_sys_memfd_create+0x28e/0x4b0 [ 772.532998][ T8305] ? do_syscall_64+0x1d/0x1c0 [ 772.537708][ T8305] __x64_sys_memfd_create+0x5b/0x70 [ 772.542889][ T8305] do_syscall_64+0xf7/0x1c0 [ 772.547369][ T8305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 772.553360][ T8305] RIP: 0033:0x45a639 [ 772.557242][ T8305] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 772.576835][ T8305] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 16:55:25 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranq=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 772.585241][ T8305] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 772.593196][ T8305] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 772.601286][ T8305] RBP: 000000000075bfc8 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 772.609358][ T8305] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465df46d4 [ 772.617594][ T8305] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:25 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x37000000, 0x0) [ 772.767025][ T26] audit: type=1804 audit(1574009725.783:179): pid=8314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1181/file0" dev="sda1" ino=17951 res=1 [ 772.792353][ T8318] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 772.806444][ T8318] device gre1 entered promiscuous mode 16:55:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f78", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:26 executing program 1 (fault-call:3 fault-nth:3): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:26 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6a403006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:26 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3f000000, 0x0) 16:55:26 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trant=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 773.235460][ T8334] FAULT_INJECTION: forcing a failure. [ 773.235460][ T8334] name failslab, interval 1, probability 0, space 0, times 0 [ 773.244508][ T26] audit: type=1804 audit(1574009726.253:180): pid=8330 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1182/file0" dev="sda1" ino=17991 res=1 [ 773.284598][ T8334] CPU: 1 PID: 8334 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 773.292439][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.294704][ T8331] BTRFS error (device loop3): superblock checksum mismatch [ 773.302496][ T8334] Call Trace: [ 773.302538][ T8334] dump_stack+0x1fb/0x318 [ 773.302566][ T8334] should_fail+0x555/0x770 [ 773.302586][ T8334] __should_failslab+0x11a/0x160 [ 773.302596][ T8334] ? __d_alloc+0x2d/0x6e0 [ 773.302605][ T8334] should_failslab+0x9/0x20 [ 773.302618][ T8334] kmem_cache_alloc+0x56/0x2e0 [ 773.316420][ T8339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 773.317532][ T8334] __d_alloc+0x2d/0x6e0 [ 773.317546][ T8334] ? lockdep_init_map+0x2a/0x680 [ 773.317559][ T8334] d_alloc_pseudo+0x1d/0x70 [ 773.317569][ T8334] alloc_file_pseudo+0xc3/0x260 [ 773.317588][ T8334] __shmem_file_setup+0x1a2/0x280 [ 773.327349][ T8334] shmem_file_setup+0x2f/0x40 16:55:26 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x40000000, 0x0) 16:55:26 executing program 1 (fault-call:3 fault-nth:4): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 773.327365][ T8334] __se_sys_memfd_create+0x28e/0x4b0 [ 773.327378][ T8334] ? do_syscall_64+0x1d/0x1c0 [ 773.327391][ T8334] __x64_sys_memfd_create+0x5b/0x70 [ 773.327402][ T8334] do_syscall_64+0xf7/0x1c0 [ 773.327415][ T8334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 773.327430][ T8334] RIP: 0033:0x45a639 [ 773.336253][ T8334] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 773.336266][ T8334] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 773.336277][ T8334] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 773.336283][ T8334] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 773.336289][ T8334] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 773.336295][ T8334] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465e156d4 [ 773.336301][ T8334] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 773.477856][ T8331] BTRFS error (device loop3): open_ctree failed [ 773.497380][ T8336] EXT4-fs (loop0): unsupported inode size: 0 [ 773.510679][ T26] audit: type=1804 audit(1574009726.533:181): pid=8344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1183/file0" dev="sda1" ino=18002 res=1 [ 773.550706][ T8349] FAULT_INJECTION: forcing a failure. [ 773.550706][ T8349] name failslab, interval 1, probability 0, space 0, times 0 [ 773.579567][ T8349] CPU: 1 PID: 8349 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 773.587492][ T8349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.587501][ T8349] Call Trace: [ 773.601033][ T8349] dump_stack+0x1fb/0x318 [ 773.601050][ T8349] should_fail+0x555/0x770 [ 773.601067][ T8349] __should_failslab+0x11a/0x160 [ 773.601082][ T8349] ? __alloc_file+0x2c/0x390 [ 773.609784][ T8349] should_failslab+0x9/0x20 [ 773.609794][ T8349] kmem_cache_alloc+0x56/0x2e0 [ 773.609806][ T8349] __alloc_file+0x2c/0x390 [ 773.609818][ T8349] alloc_empty_file+0xac/0x1b0 [ 773.609828][ T8349] alloc_file+0x60/0x4c0 [ 773.609841][ T8349] alloc_file_pseudo+0x1d4/0x260 16:55:26 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x48000000, 0x0) 16:55:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 773.609860][ T8349] __shmem_file_setup+0x1a2/0x280 [ 773.619346][ T8349] shmem_file_setup+0x2f/0x40 [ 773.619359][ T8349] __se_sys_memfd_create+0x28e/0x4b0 [ 773.619370][ T8349] ? do_syscall_64+0x1d/0x1c0 [ 773.619382][ T8349] __x64_sys_memfd_create+0x5b/0x70 [ 773.619391][ T8349] do_syscall_64+0xf7/0x1c0 [ 773.619405][ T8349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 773.619414][ T8349] RIP: 0033:0x45a639 [ 773.619424][ T8349] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 773.619433][ T8349] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 773.628676][ T8349] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 773.628682][ T8349] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 773.628688][ T8349] RBP: 000000000075bfc8 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 773.628693][ T8349] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465df46d4 16:55:26 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranu=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 773.628698][ T8349] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 773.757227][ T8339] device gre1 entered promiscuous mode 16:55:26 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e62904006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 773.897009][ T8358] BTRFS error (device loop3): superblock checksum mismatch [ 773.918706][ T26] audit: type=1804 audit(1574009726.933:182): pid=8362 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1184/file0" dev="sda1" ino=17989 res=1 [ 774.014141][ T8358] BTRFS error (device loop3): open_ctree failed [ 774.043145][ T8373] validate_nla: 6 callbacks suppressed [ 774.043151][ T8373] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 774.057964][ T8373] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 774.067263][ T8373] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 774.088370][ T8369] EXT4-fs (loop0): unsupported inode size: 0 [ 774.117118][ T8373] device gre1 entered promiscuous mode [ 774.150468][ T8358] BTRFS error (device loop3): superblock checksum mismatch [ 774.229439][ T8358] BTRFS error (device loop3): open_ctree failed 16:55:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f79", @ANYRES32=0x0, @ANYBLOB="b56d08000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:27 executing program 1 (fault-call:3 fault-nth:5): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:27 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4c000000, 0x0) 16:55:27 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e62a04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:27 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranw=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:27 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 774.403110][ T8388] FAULT_INJECTION: forcing a failure. [ 774.403110][ T8388] name failslab, interval 1, probability 0, space 0, times 0 [ 774.421461][ T26] audit: type=1804 audit(1574009727.443:183): pid=8386 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1185/file0" dev="sda1" ino=17995 res=1 [ 774.429840][ T8388] CPU: 1 PID: 8388 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 774.453111][ T8388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.453119][ T8388] Call Trace: [ 774.453139][ T8388] dump_stack+0x1fb/0x318 [ 774.453153][ T8388] should_fail+0x555/0x770 [ 774.453169][ T8388] __should_failslab+0x11a/0x160 [ 774.453180][ T8388] ? security_file_alloc+0x36/0x200 [ 774.453188][ T8388] should_failslab+0x9/0x20 [ 774.453196][ T8388] kmem_cache_alloc+0x56/0x2e0 [ 774.453214][ T8388] security_file_alloc+0x36/0x200 [ 774.500210][ T8388] __alloc_file+0xde/0x390 [ 774.504249][ T8396] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 774.504649][ T8388] alloc_empty_file+0xac/0x1b0 [ 774.517558][ T8388] alloc_file+0x60/0x4c0 [ 774.521833][ T8388] alloc_file_pseudo+0x1d4/0x260 [ 774.526785][ T8388] __shmem_file_setup+0x1a2/0x280 [ 774.531843][ T8388] shmem_file_setup+0x2f/0x40 [ 774.536575][ T8388] __se_sys_memfd_create+0x28e/0x4b0 [ 774.538316][ T8396] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 16:55:27 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5c000000, 0x0) 16:55:27 executing program 1 (fault-call:3 fault-nth:6): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 774.541868][ T8388] ? do_syscall_64+0x1d/0x1c0 [ 774.541883][ T8388] __x64_sys_memfd_create+0x5b/0x70 [ 774.541893][ T8388] do_syscall_64+0xf7/0x1c0 [ 774.541910][ T8388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 774.541920][ T8388] RIP: 0033:0x45a639 [ 774.541930][ T8388] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 774.541936][ T8388] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 774.541946][ T8388] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 774.541952][ T8388] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 774.541957][ T8388] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 774.541962][ T8388] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fd465e156d4 [ 774.541967][ T8388] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 774.558586][ T8396] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 774.668048][ T8394] EXT4-fs (loop0): unsupported inode size: 0 [ 774.676457][ T8396] device gre1 entered promiscuous mode [ 774.713337][ T26] audit: type=1804 audit(1574009727.733:184): pid=8403 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1186/file0" dev="sda1" ino=18006 res=1 [ 774.715025][ T8402] FAULT_INJECTION: forcing a failure. [ 774.715025][ T8402] name failslab, interval 1, probability 0, space 0, times 0 [ 774.756475][ T8402] CPU: 0 PID: 8402 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 774.765189][ T8402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.765194][ T8402] Call Trace: [ 774.765210][ T8402] dump_stack+0x1fb/0x318 [ 774.765225][ T8402] should_fail+0x555/0x770 [ 774.765243][ T8402] __should_failslab+0x11a/0x160 [ 774.765256][ T8402] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 774.765265][ T8402] should_failslab+0x9/0x20 [ 774.765273][ T8402] __kmalloc+0x7a/0x340 [ 774.765282][ T8402] ? tomoyo_realpath_from_path+0xca/0x7c0 16:55:27 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x68000000, 0x0) [ 774.765295][ T8402] tomoyo_realpath_from_path+0xdc/0x7c0 [ 774.765312][ T8402] tomoyo_path_perm+0x192/0x850 [ 774.765349][ T8402] tomoyo_path_truncate+0x1c/0x20 [ 774.765359][ T8402] security_path_truncate+0xd5/0x150 [ 774.765389][ T8402] do_sys_ftruncate+0x493/0x710 [ 774.765405][ T8402] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 774.765416][ T8402] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 774.765429][ T8402] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 774.787643][ T8402] ? do_syscall_64+0x1d/0x1c0 [ 774.787659][ T8402] __x64_sys_ftruncate+0x60/0x70 [ 774.787671][ T8402] do_syscall_64+0xf7/0x1c0 [ 774.787687][ T8402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 774.787698][ T8402] RIP: 0033:0x45a607 [ 774.787712][ T8402] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 774.899681][ T8402] RSP: 002b:00007fd465e14a88 EFLAGS: 00000213 ORIG_RAX: 000000000000004d 16:55:28 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65004006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 774.908080][ T8402] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a607 [ 774.916126][ T8402] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000007 [ 774.924100][ T8402] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 774.932097][ T8402] R10: 0000000000010000 R11: 0000000000000213 R12: 0000000000000007 [ 774.940225][ T8402] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 774.953716][ T8402] ERROR: Out of memory at tomoyo_realpath_from_path. 16:55:28 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranx=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 775.083965][ T26] audit: type=1804 audit(1574009728.103:185): pid=8414 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1187/file0" dev="sda1" ino=17997 res=1 16:55:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 775.148959][ T8423] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 775.165340][ T8423] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 775.178304][ T8423] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 775.235482][ T8423] device gre1 entered promiscuous mode [ 775.253639][ T8420] EXT4-fs (loop0): unsupported inode size: 0 [ 775.318035][ T8430] BTRFS error (device loop3): superblock checksum mismatch [ 775.380112][ T8430] BTRFS error (device loop3): open_ctree failed 16:55:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d02000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:28 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6c000000, 0x0) 16:55:28 executing program 1 (fault-call:3 fault-nth:7): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:28 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65104006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:28 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'tranz=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 775.436025][ T8430] BTRFS error (device loop3): superblock checksum mismatch [ 775.486189][ T8430] BTRFS error (device loop3): open_ctree failed [ 775.539432][ T8449] FAULT_INJECTION: forcing a failure. [ 775.539432][ T8449] name failslab, interval 1, probability 0, space 0, times 0 [ 775.558468][ T8452] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 775.561956][ T26] audit: type=1804 audit(1574009728.573:186): pid=8450 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1188/file0" dev="sda1" ino=18004 res=1 [ 775.567139][ T8449] CPU: 0 PID: 8449 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 775.598555][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.608743][ T8449] Call Trace: [ 775.612051][ T8449] dump_stack+0x1fb/0x318 [ 775.616496][ T8449] should_fail+0x555/0x770 [ 775.618220][ T8452] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 775.620934][ T8449] __should_failslab+0x11a/0x160 [ 775.620948][ T8449] ? tomoyo_encode2+0x273/0x5a0 16:55:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 775.620957][ T8449] should_failslab+0x9/0x20 [ 775.620966][ T8449] __kmalloc+0x7a/0x340 [ 775.620980][ T8449] tomoyo_encode2+0x273/0x5a0 [ 775.620993][ T8449] ? dynamic_dname+0xf0/0xf0 [ 775.621003][ T8449] tomoyo_realpath_from_path+0x769/0x7c0 [ 775.621019][ T8449] tomoyo_path_perm+0x192/0x850 [ 775.621069][ T8449] tomoyo_path_truncate+0x1c/0x20 [ 775.629988][ T8452] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 775.634250][ T8449] security_path_truncate+0xd5/0x150 [ 775.634266][ T8449] do_sys_ftruncate+0x493/0x710 [ 775.634281][ T8449] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 775.634293][ T8449] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 775.634301][ T8449] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 775.634311][ T8449] ? do_syscall_64+0x1d/0x1c0 [ 775.634321][ T8449] __x64_sys_ftruncate+0x60/0x70 [ 775.634334][ T8449] do_syscall_64+0xf7/0x1c0 [ 775.643821][ T8449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 775.643831][ T8449] RIP: 0033:0x45a607 16:55:28 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x74000000, 0x0) [ 775.643842][ T8449] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 775.643848][ T8449] RSP: 002b:00007fd465e14a88 EFLAGS: 00000213 ORIG_RAX: 000000000000004d [ 775.643857][ T8449] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a607 [ 775.643863][ T8449] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000007 [ 775.643875][ T8449] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 775.643880][ T8449] R10: 0000000000010000 R11: 0000000000000213 R12: 0000000000000007 [ 775.643886][ T8449] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 775.675542][ T8449] ERROR: Out of memory at tomoyo_realpath_from_path. [ 775.815578][ T8452] device gre1 entered promiscuous mode [ 775.828669][ T8448] EXT4-fs (loop0): unsupported inode size: 0 [ 775.893081][ T26] audit: type=1804 audit(1574009728.913:187): pid=8463 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1189/file0" dev="sda1" ino=18009 res=1 16:55:29 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65204006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:29 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=%d,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:29 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7a000000, 0x0) [ 776.029278][ T8460] BTRFS error (device loop3): superblock checksum mismatch 16:55:29 executing program 1 (fault-call:3 fault-nth:8): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 776.093514][ T8478] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:29 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xeaffffff, 0x0) [ 776.148644][ T8478] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 776.155570][ T8482] 9pnet: Could not find request transport: %d [ 776.179744][ T8460] BTRFS error (device loop3): open_ctree failed [ 776.181478][ T8478] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 776.206431][ T8478] device gre1 entered promiscuous mode [ 776.220533][ T8484] FAULT_INJECTION: forcing a failure. [ 776.220533][ T8484] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 776.234182][ T8484] CPU: 1 PID: 8484 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 776.241982][ T8484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.241989][ T8484] Call Trace: [ 776.242007][ T8484] dump_stack+0x1fb/0x318 [ 776.242026][ T8484] should_fail+0x555/0x770 [ 776.242051][ T8484] should_fail_alloc_page+0x55/0x60 [ 776.242060][ T8484] prepare_alloc_pages+0x283/0x460 [ 776.242075][ T8484] __alloc_pages_nodemask+0xb2/0x5d0 [ 776.259887][ T8484] alloc_pages_vma+0x4f7/0xd50 [ 776.259908][ T8484] shmem_alloc_and_acct_page+0x425/0xbb0 [ 776.259943][ T8484] shmem_getpage_gfp+0x2313/0x2a90 [ 776.259976][ T8484] shmem_write_begin+0xcb/0x1b0 [ 776.259991][ T8484] generic_perform_write+0x25d/0x4e0 [ 776.260015][ T8484] __generic_file_write_iter+0x235/0x500 [ 776.300394][ T8484] generic_file_write_iter+0x48e/0x630 [ 776.300419][ T8484] __vfs_write+0x5a1/0x740 [ 776.300444][ T8484] vfs_write+0x275/0x590 [ 776.300461][ T8484] __x64_sys_pwrite64+0x162/0x1d0 [ 776.300476][ T8484] do_syscall_64+0xf7/0x1c0 [ 776.300491][ T8484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 776.300500][ T8484] RIP: 0033:0x414437 [ 776.300509][ T8484] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 776.300514][ T8484] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 776.300523][ T8484] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 776.300528][ T8484] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000007 [ 776.300539][ T8484] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 776.311434][ T8484] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000007 [ 776.311440][ T8484] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 776.456207][ T8492] 9pnet: Could not find request transport: %d [ 776.486825][ T8476] EXT4-fs (loop0): unsupported inode size: 0 16:55:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d03000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:29 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xefffffff, 0x0) 16:55:29 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=.d,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 776.539614][ T8460] BTRFS error (device loop3): superblock checksum mismatch 16:55:29 executing program 1 (fault-call:3 fault-nth:9): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 776.636331][ T8460] BTRFS error (device loop3): open_ctree failed 16:55:29 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65304006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 776.703234][ T8506] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:29 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:29 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xf7ffffff, 0x0) [ 776.744254][ T8507] 9pnet: Could not find request transport: .d [ 776.785608][ T8506] device gre1 entered promiscuous mode [ 776.803316][ T8511] FAULT_INJECTION: forcing a failure. [ 776.803316][ T8511] name failslab, interval 1, probability 0, space 0, times 0 [ 776.816165][ T8511] CPU: 1 PID: 8511 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 776.823964][ T8511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.834036][ T8511] Call Trace: [ 776.837325][ T8511] dump_stack+0x1fb/0x318 [ 776.841646][ T8511] should_fail+0x555/0x770 [ 776.846308][ T8511] __should_failslab+0x11a/0x160 [ 776.851225][ T8511] ? xas_create+0x1197/0x1910 [ 776.856487][ T8511] should_failslab+0x9/0x20 [ 776.860971][ T8511] kmem_cache_alloc+0x56/0x2e0 [ 776.865716][ T8511] xas_create+0x1197/0x1910 [ 776.870301][ T8511] xas_create_range+0x142/0x700 [ 776.875161][ T8511] shmem_add_to_page_cache+0x91e/0x1290 [ 776.880711][ T8511] shmem_getpage_gfp+0x121e/0x2a90 [ 776.885835][ T8511] shmem_write_begin+0xcb/0x1b0 [ 776.890684][ T8511] generic_perform_write+0x25d/0x4e0 [ 776.895958][ T8511] __generic_file_write_iter+0x235/0x500 [ 776.901573][ T8511] generic_file_write_iter+0x48e/0x630 [ 776.907023][ T8511] __vfs_write+0x5a1/0x740 [ 776.911441][ T8511] vfs_write+0x275/0x590 [ 776.915668][ T8511] __x64_sys_pwrite64+0x162/0x1d0 [ 776.920677][ T8511] do_syscall_64+0xf7/0x1c0 [ 776.926996][ T8511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 776.932866][ T8511] RIP: 0033:0x414437 [ 776.936737][ T8511] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 776.956320][ T8511] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 776.964721][ T8511] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 776.972671][ T8511] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000007 [ 776.980715][ T8511] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 776.988666][ T8511] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000007 [ 776.996614][ T8511] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:30 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xfeffffff, 0x0) 16:55:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65404006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 777.064196][ T8513] EXT4-fs (loop0): unsupported inode size: 0 [ 777.081425][ T8524] 9pnet: Could not find request transport: .d [ 777.096466][ T8522] BTRFS error (device loop3): superblock checksum mismatch 16:55:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=/d,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 777.159377][ T8522] BTRFS error (device loop3): open_ctree failed [ 777.225198][ T8534] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 777.293129][ T8534] device gre1 entered promiscuous mode 16:55:30 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xff0c0000, 0x0) 16:55:30 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 777.335938][ T8541] 9pnet: Could not find request transport: /d [ 777.371143][ T8531] EXT4-fs (loop0): unsupported inode size: 0 [ 777.505599][ T8551] 9pnet: Could not find request transport: /d 16:55:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d04000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:30 executing program 1 (fault-call:3 fault-nth:10): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:30 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xffffffea, 0x0) 16:55:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65504006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=\\d,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 777.612897][ T8556] BTRFS error (device loop3): superblock checksum mismatch [ 777.679535][ T8556] BTRFS error (device loop3): open_ctree failed [ 777.727144][ T8568] FAULT_INJECTION: forcing a failure. [ 777.727144][ T8568] name failslab, interval 1, probability 0, space 0, times 0 [ 777.738252][ T8572] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 777.760974][ T8571] 9pnet: Could not find request transport: \d [ 777.776303][ T8572] device gre1 entered promiscuous mode [ 777.778763][ T8568] CPU: 0 PID: 8568 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 777.789621][ T8568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.789628][ T8568] Call Trace: [ 777.789648][ T8568] dump_stack+0x1fb/0x318 [ 777.789665][ T8568] should_fail+0x555/0x770 [ 777.789681][ T8568] __should_failslab+0x11a/0x160 [ 777.789692][ T8568] ? getname_flags+0xba/0x640 [ 777.789702][ T8568] should_failslab+0x9/0x20 16:55:30 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xffffffef, 0x0) [ 777.789718][ T8568] kmem_cache_alloc+0x56/0x2e0 [ 777.803070][ T8568] ? check_preemption_disabled+0xb7/0x2a0 [ 777.803086][ T8568] getname_flags+0xba/0x640 [ 777.803099][ T8568] getname+0x19/0x20 [ 777.803111][ T8568] do_sys_open+0x261/0x560 [ 777.803128][ T8568] __x64_sys_open+0x87/0x90 [ 777.803142][ T8568] do_syscall_64+0xf7/0x1c0 [ 777.803158][ T8568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 777.865059][ T8568] RIP: 0033:0x4143d1 16:55:30 executing program 1 (fault-call:3 fault-nth:11): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 777.865072][ T8568] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 777.865078][ T8568] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 777.865087][ T8568] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 777.865094][ T8568] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 777.865099][ T8568] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:55:31 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 777.865105][ T8568] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 777.865111][ T8568] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:31 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xfffffff7, 0x0) [ 778.017205][ T8564] EXT4-fs (loop0): unsupported inode size: 0 [ 778.035709][ T8583] FAULT_INJECTION: forcing a failure. [ 778.035709][ T8583] name failslab, interval 1, probability 0, space 0, times 0 [ 778.054486][ T8587] 9pnet: Could not find request transport: \d [ 778.101109][ T8583] CPU: 1 PID: 8583 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 778.109098][ T8583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.119173][ T8583] Call Trace: [ 778.122477][ T8583] dump_stack+0x1fb/0x318 [ 778.126914][ T8583] should_fail+0x555/0x770 [ 778.131328][ T8583] __should_failslab+0x11a/0x160 [ 778.136384][ T8583] ? getname_flags+0xba/0x640 [ 778.141073][ T8583] should_failslab+0x9/0x20 [ 778.145616][ T8583] kmem_cache_alloc+0x56/0x2e0 [ 778.150397][ T8583] ? check_preemption_disabled+0xb7/0x2a0 [ 778.156140][ T8583] getname_flags+0xba/0x640 [ 778.160655][ T8583] getname+0x19/0x20 [ 778.164552][ T8583] do_sys_open+0x261/0x560 [ 778.168984][ T8583] __x64_sys_open+0x87/0x90 [ 778.173501][ T8583] do_syscall_64+0xf7/0x1c0 [ 778.178001][ T8583] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.183890][ T8583] RIP: 0033:0x4143d1 [ 778.187777][ T8583] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 778.208167][ T8583] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 778.216571][ T8583] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 778.225068][ T8583] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 778.233171][ T8583] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 778.241145][ T8583] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 778.249240][ T8583] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 778.274664][ T8591] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:31 executing program 1 (fault-call:3 fault-nth:12): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:31 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fI,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 778.306355][ T8588] BTRFS error (device loop3): superblock checksum mismatch 16:55:31 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65604006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 778.372787][ T8591] device gre1 entered promiscuous mode [ 778.383969][ T8588] BTRFS error (device loop3): open_ctree failed [ 778.426070][ T8601] FAULT_INJECTION: forcing a failure. [ 778.426070][ T8601] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 778.439322][ T8601] CPU: 0 PID: 8601 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 778.447131][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.457197][ T8601] Call Trace: [ 778.460508][ T8601] dump_stack+0x1fb/0x318 [ 778.464865][ T8601] should_fail+0x555/0x770 [ 778.469303][ T8601] should_fail_alloc_page+0x55/0x60 [ 778.474508][ T8601] prepare_alloc_pages+0x283/0x460 [ 778.479990][ T8601] __alloc_pages_nodemask+0xb2/0x5d0 [ 778.485307][ T8601] ? __kasan_check_write+0x14/0x20 [ 778.490434][ T8601] kmem_getpages+0x4d/0xa00 [ 778.494938][ T8601] cache_grow_begin+0x7e/0x2c0 [ 778.499695][ T8601] cache_alloc_refill+0x311/0x3f0 [ 778.499708][ T8601] ? check_preemption_disabled+0xb7/0x2a0 [ 778.499722][ T8601] kmem_cache_alloc+0x2b9/0x2e0 [ 778.499732][ T8601] ? getname_flags+0xba/0x640 [ 778.499744][ T8601] getname_flags+0xba/0x640 [ 778.499757][ T8601] getname+0x19/0x20 [ 778.499768][ T8601] do_sys_open+0x261/0x560 [ 778.499782][ T8601] __x64_sys_open+0x87/0x90 [ 778.499797][ T8601] do_syscall_64+0xf7/0x1c0 [ 778.510858][ T8601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.510869][ T8601] RIP: 0033:0x4143d1 [ 778.510880][ T8601] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 778.510885][ T8601] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 778.510898][ T8601] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 778.510905][ T8601] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 778.510910][ T8601] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 778.510916][ T8601] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 778.510922][ T8601] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 778.648607][ T8605] EXT4-fs (loop0): unsupported inode size: 0 [ 778.714283][ T8608] 9pnet: Could not find request transport: fI 16:55:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d05000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:31 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xfffffffe, 0x0) 16:55:31 executing program 1 (fault-call:3 fault-nth:13): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:31 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65704006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 778.769237][ T8588] BTRFS error (device loop3): superblock checksum mismatch 16:55:31 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1000000000000, 0x0) 16:55:31 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fQ,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 778.866733][ T8623] FAULT_INJECTION: forcing a failure. [ 778.866733][ T8623] name failslab, interval 1, probability 0, space 0, times 0 [ 778.880013][ T8623] CPU: 1 PID: 8623 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 778.887825][ T8623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.897960][ T8623] Call Trace: [ 778.901258][ T8623] dump_stack+0x1fb/0x318 [ 778.905575][ T8623] should_fail+0x555/0x770 [ 778.910067][ T8623] __should_failslab+0x11a/0x160 [ 778.914988][ T8623] ? __alloc_file+0x2c/0x390 [ 778.919574][ T8623] should_failslab+0x9/0x20 [ 778.924061][ T8623] kmem_cache_alloc+0x56/0x2e0 [ 778.928810][ T8623] __alloc_file+0x2c/0x390 [ 778.933298][ T8623] alloc_empty_file+0xac/0x1b0 [ 778.938052][ T8623] path_openat+0x9e/0x4420 [ 778.942457][ T8623] ? __kasan_kmalloc+0x178/0x1b0 [ 778.947416][ T8623] ? __lock_acquire+0xc75/0x1be0 [ 778.952339][ T8623] ? rcu_read_lock_sched_held+0x10b/0x170 [ 778.958056][ T8623] do_filp_open+0x192/0x3d0 [ 778.962640][ T8623] ? _raw_spin_unlock+0x2c/0x50 [ 778.967499][ T8623] do_sys_open+0x29f/0x560 [ 778.971914][ T8623] __x64_sys_open+0x87/0x90 [ 778.976423][ T8623] do_syscall_64+0xf7/0x1c0 [ 778.980917][ T8623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.986793][ T8623] RIP: 0033:0x4143d1 [ 778.990669][ T8623] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 779.010342][ T8623] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 779.018736][ T8623] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 779.026705][ T8623] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 779.034662][ T8623] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 779.042739][ T8623] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 779.050693][ T8623] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 779.108928][ T8632] validate_nla: 8 callbacks suppressed [ 779.108936][ T8632] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 779.114877][ T8588] BTRFS error (device loop3): open_ctree failed [ 779.144220][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 779.144228][ T26] audit: type=1804 audit(1574009732.163:189): pid=8631 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1200/file0" dev="sda1" ino=18040 res=1 [ 779.147009][ T8632] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 779.183278][ T8635] 9pnet: Could not find request transport: fQ [ 779.191917][ T8632] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:32 executing program 1 (fault-call:3 fault-nth:14): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:32 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:32 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x100000000000000, 0x0) [ 779.211665][ T8632] device gre1 entered promiscuous mode [ 779.319140][ T8640] FAULT_INJECTION: forcing a failure. [ 779.319140][ T8640] name failslab, interval 1, probability 0, space 0, times 0 [ 779.345375][ T8640] CPU: 0 PID: 8640 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 779.353236][ T8640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.364253][ T8640] Call Trace: 16:55:32 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x200000000000000, 0x0) [ 779.367554][ T8640] dump_stack+0x1fb/0x318 [ 779.371898][ T8640] should_fail+0x555/0x770 [ 779.376328][ T8640] __should_failslab+0x11a/0x160 [ 779.377185][ T26] audit: type=1804 audit(1574009732.363:190): pid=8642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1201/file0" dev="sda1" ino=18030 res=1 [ 779.381269][ T8640] ? security_file_alloc+0x36/0x200 [ 779.381280][ T8640] should_failslab+0x9/0x20 [ 779.381289][ T8640] kmem_cache_alloc+0x56/0x2e0 [ 779.381302][ T8640] security_file_alloc+0x36/0x200 [ 779.381316][ T8640] __alloc_file+0xde/0x390 [ 779.381329][ T8640] alloc_empty_file+0xac/0x1b0 [ 779.410388][ T8640] path_openat+0x9e/0x4420 [ 779.410403][ T8640] ? __kasan_kmalloc+0x178/0x1b0 [ 779.410417][ T8640] ? __lock_acquire+0xc75/0x1be0 [ 779.410429][ T8640] ? rcu_read_lock_sched_held+0x10b/0x170 [ 779.410462][ T8640] do_filp_open+0x192/0x3d0 [ 779.410477][ T8640] ? _raw_spin_unlock+0x2c/0x50 [ 779.419728][ T8640] do_sys_open+0x29f/0x560 [ 779.419744][ T8640] __x64_sys_open+0x87/0x90 [ 779.419758][ T8640] do_syscall_64+0xf7/0x1c0 [ 779.419771][ T8640] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.419783][ T8640] RIP: 0033:0x4143d1 [ 779.487376][ T8640] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 779.506974][ T8640] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 779.515364][ T8640] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 779.523311][ T8640] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 779.531260][ T8640] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 779.540064][ T8640] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 779.548022][ T8640] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:32 executing program 1 (fault-call:3 fault-nth:15): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 779.572119][ T8648] 9pnet: Could not find request transport: fQ 16:55:32 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fR,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 779.624318][ T26] audit: type=1804 audit(1574009732.643:191): pid=8650 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1202/file0" dev="sda1" ino=18035 res=1 [ 779.655940][ T8636] EXT4-fs (loop0): unsupported inode size: 0 [ 779.707281][ T8657] FAULT_INJECTION: forcing a failure. [ 779.707281][ T8657] name failslab, interval 1, probability 0, space 0, times 0 [ 779.721116][ T8657] CPU: 0 PID: 8657 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 779.728933][ T8657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.728939][ T8657] Call Trace: [ 779.728958][ T8657] dump_stack+0x1fb/0x318 [ 779.728980][ T8657] should_fail+0x555/0x770 [ 779.729003][ T8657] __should_failslab+0x11a/0x160 [ 779.729016][ T8657] ? tomoyo_encode2+0x273/0x5a0 [ 779.729025][ T8657] should_failslab+0x9/0x20 [ 779.729033][ T8657] __kmalloc+0x7a/0x340 [ 779.729047][ T8657] tomoyo_encode2+0x273/0x5a0 [ 779.729067][ T8657] tomoyo_realpath_from_path+0x769/0x7c0 [ 779.729088][ T8657] tomoyo_check_open_permission+0x1ce/0x9d0 [ 779.729124][ T8657] tomoyo_file_open+0x141/0x190 [ 779.729137][ T8657] security_file_open+0x65/0x2f0 [ 779.729151][ T8657] do_dentry_open+0x351/0x10c0 [ 779.729173][ T8657] vfs_open+0x73/0x80 [ 779.729184][ T8657] path_openat+0x1397/0x4420 [ 779.729232][ T8657] do_filp_open+0x192/0x3d0 [ 779.729258][ T8657] do_sys_open+0x29f/0x560 [ 779.747086][ T8657] __x64_sys_open+0x87/0x90 [ 779.747103][ T8657] do_syscall_64+0xf7/0x1c0 [ 779.747118][ T8657] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.747127][ T8657] RIP: 0033:0x4143d1 [ 779.747142][ T8657] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 779.756883][ T8657] RSP: 002b:00007fd465e14a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 779.756894][ T8657] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 779.756900][ T8657] RDX: 00007fd465e14b0a RSI: 0000000000000002 RDI: 00007fd465e14b00 [ 779.756906][ T8657] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 779.756912][ T8657] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 779.756918][ T8657] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 779.757221][ T8657] ERROR: Out of memory at tomoyo_realpath_from_path. [ 779.775915][ T8659] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 779.876866][ T8661] 9pnet: Could not find request transport: fR [ 779.901218][ T8659] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 779.928512][ T8659] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 779.952210][ T8651] BTRFS error (device loop3): superblock checksum mismatch [ 779.977708][ T8657] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop3 new:/dev/loop1 [ 779.995294][ T8659] device gre1 entered promiscuous mode [ 780.031087][ T8669] 9pnet: Could not find request transport: fR [ 780.071244][ T8651] BTRFS error (device loop3): open_ctree failed 16:55:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d06000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:33 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x300000000000000, 0x0) 16:55:33 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65804006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:33 executing program 1 (fault-call:3 fault-nth:16): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:33 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fS,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 780.144853][ T8651] BTRFS error (device loop3): superblock checksum mismatch [ 780.218258][ T8651] BTRFS error (device loop3): open_ctree failed [ 780.263744][ T8681] 9pnet: Could not find request transport: fS [ 780.274495][ T26] audit: type=1804 audit(1574009733.293:192): pid=8683 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1203/file0" dev="sda1" ino=18081 res=1 [ 780.298567][ T8680] FAULT_INJECTION: forcing a failure. [ 780.298567][ T8680] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 780.311870][ T8680] CPU: 1 PID: 8680 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 780.319675][ T8680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.329768][ T8680] Call Trace: [ 780.333070][ T8680] dump_stack+0x1fb/0x318 [ 780.337413][ T8680] should_fail+0x555/0x770 [ 780.341820][ T8680] should_fail_alloc_page+0x55/0x60 [ 780.346999][ T8680] prepare_alloc_pages+0x283/0x460 [ 780.352124][ T8680] __alloc_pages_nodemask+0xb2/0x5d0 [ 780.357404][ T8680] ? stack_trace_save+0x150/0x150 [ 780.362416][ T8680] kmem_getpages+0x4d/0xa00 [ 780.366899][ T8680] cache_grow_begin+0x7e/0x2c0 [ 780.371644][ T8680] cache_alloc_refill+0x311/0x3f0 [ 780.376649][ T8680] ? check_preemption_disabled+0xb7/0x2a0 [ 780.382347][ T8680] __kmalloc+0x318/0x340 [ 780.386570][ T8680] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 780.392272][ T8680] tomoyo_realpath_from_path+0xdc/0x7c0 [ 780.397822][ T8680] tomoyo_path_number_perm+0x166/0x640 [ 780.404247][ T8680] ? smack_file_ioctl+0x226/0x2e0 [ 780.409259][ T8680] ? __fget+0x3f1/0x510 [ 780.413399][ T8680] tomoyo_file_ioctl+0x23/0x30 [ 780.418147][ T8680] security_file_ioctl+0x6d/0xd0 [ 780.423068][ T8680] __x64_sys_ioctl+0xa3/0x120 [ 780.427731][ T8680] do_syscall_64+0xf7/0x1c0 [ 780.432215][ T8680] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.438095][ T8680] RIP: 0033:0x45a4a7 [ 780.441980][ T8680] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:55:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 780.461913][ T8680] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 780.470306][ T8680] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 780.478538][ T8680] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 780.487100][ T8680] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 780.495062][ T8680] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 780.503013][ T8680] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:33 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x400000000000000, 0x0) [ 780.548583][ T8687] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 780.557514][ T8687] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 780.566139][ T8687] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 780.578857][ T8687] device gre1 entered promiscuous mode [ 780.628361][ T8682] EXT4-fs (loop0): unsupported inode size: 0 16:55:33 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x500000000000000, 0x0) 16:55:33 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65904006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 780.665435][ T26] audit: type=1804 audit(1574009733.683:193): pid=8696 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1204/file0" dev="sda1" ino=18145 res=1 [ 780.686955][ T8698] 9pnet: Could not find request transport: fS 16:55:33 executing program 1 (fault-call:3 fault-nth:17): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 780.744803][ T8697] BTRFS error (device loop3): superblock checksum mismatch 16:55:33 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fT,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 780.837960][ T26] audit: type=1804 audit(1574009733.853:194): pid=8706 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1205/file0" dev="sda1" ino=18033 res=1 [ 780.869672][ T8697] BTRFS error (device loop3): open_ctree failed [ 780.873249][ T8712] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:33 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x600000000000000, 0x0) [ 780.937823][ T8712] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 780.955054][ T8717] 9pnet: Could not find request transport: fT [ 780.967566][ T8720] FAULT_INJECTION: forcing a failure. [ 780.967566][ T8720] name failslab, interval 1, probability 0, space 0, times 0 [ 780.988255][ T8720] CPU: 1 PID: 8720 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 780.996191][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.006258][ T8720] Call Trace: [ 781.006278][ T8720] dump_stack+0x1fb/0x318 [ 781.006295][ T8720] should_fail+0x555/0x770 [ 781.006310][ T8720] __should_failslab+0x11a/0x160 [ 781.006323][ T8720] ? tomoyo_encode2+0x273/0x5a0 [ 781.006332][ T8720] should_failslab+0x9/0x20 [ 781.006339][ T8720] __kmalloc+0x7a/0x340 [ 781.006352][ T8720] tomoyo_encode2+0x273/0x5a0 [ 781.006366][ T8720] tomoyo_realpath_from_path+0x769/0x7c0 [ 781.006391][ T8720] tomoyo_check_open_permission+0x1ce/0x9d0 [ 781.006431][ T8720] tomoyo_file_open+0x141/0x190 [ 781.028192][ T8720] security_file_open+0x65/0x2f0 [ 781.028211][ T8720] do_dentry_open+0x351/0x10c0 [ 781.028232][ T8720] vfs_open+0x73/0x80 [ 781.057909][ T26] audit: type=1804 audit(1574009734.073:195): pid=8722 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1206/file0" dev="sda1" ino=18225 res=1 [ 781.062783][ T8720] path_openat+0x1397/0x4420 [ 781.062838][ T8720] do_filp_open+0x192/0x3d0 [ 781.062868][ T8720] do_sys_open+0x29f/0x560 [ 781.062882][ T8720] __x64_sys_open+0x87/0x90 [ 781.062896][ T8720] do_syscall_64+0xf7/0x1c0 [ 781.062912][ T8720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.067845][ T8712] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 781.071737][ T8720] RIP: 0033:0x4143d1 [ 781.071750][ T8720] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 781.071756][ T8720] RSP: 002b:00007fd465df3a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 781.071766][ T8720] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 781.071771][ T8720] RDX: 00007fd465df3b0a RSI: 0000000000000002 RDI: 00007fd465df3b00 [ 781.071776][ T8720] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 781.071780][ T8720] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 781.071786][ T8720] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 781.089838][ T8720] ERROR: Out of memory at tomoyo_realpath_from_path. [ 781.216608][ T8712] device gre1 entered promiscuous mode [ 781.268032][ T8708] EXT4-fs (loop0): unsupported inode size: 0 [ 781.281813][ T8731] 9pnet: Could not find request transport: fT 16:55:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d07000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:34 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x700000000000000, 0x0) 16:55:34 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfsA', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:34 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fV,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:34 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e65a04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:34 executing program 1 (fault-call:3 fault-nth:18): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 781.544516][ T8742] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 781.592630][ T26] audit: type=1804 audit(1574009734.613:196): pid=8743 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1207/file0" dev="sda1" ino=18039 res=1 [ 781.614953][ T8742] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 781.634921][ T8755] FAULT_INJECTION: forcing a failure. 16:55:34 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x800000000000000, 0x0) 16:55:34 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs ', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 781.634921][ T8755] name failslab, interval 1, probability 0, space 0, times 0 [ 781.657499][ T8753] 9pnet: Could not find request transport: fV [ 781.665013][ T8742] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 781.693747][ T8755] CPU: 1 PID: 8755 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 781.694445][ T8742] device gre1 entered promiscuous mode [ 781.701603][ T8755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.701610][ T8755] Call Trace: [ 781.701630][ T8755] dump_stack+0x1fb/0x318 [ 781.701645][ T8755] should_fail+0x555/0x770 [ 781.701662][ T8755] __should_failslab+0x11a/0x160 [ 781.701673][ T8755] ? tomoyo_encode2+0x273/0x5a0 [ 781.701688][ T8755] should_failslab+0x9/0x20 [ 781.743673][ T8755] __kmalloc+0x7a/0x340 [ 781.747955][ T8755] tomoyo_encode2+0x273/0x5a0 [ 781.752637][ T8755] tomoyo_realpath_from_path+0x769/0x7c0 [ 781.758262][ T8755] tomoyo_check_open_permission+0x1ce/0x9d0 [ 781.764162][ T8755] tomoyo_file_open+0x141/0x190 [ 781.769008][ T8755] security_file_open+0x65/0x2f0 [ 781.773933][ T8755] do_dentry_open+0x351/0x10c0 [ 781.778695][ T8755] vfs_open+0x73/0x80 [ 781.782671][ T8755] path_openat+0x1397/0x4420 [ 781.787611][ T8755] do_filp_open+0x192/0x3d0 [ 781.792106][ T8755] do_sys_open+0x29f/0x560 [ 781.796518][ T8755] __x64_sys_open+0x87/0x90 [ 781.801004][ T8755] do_syscall_64+0xf7/0x1c0 [ 781.805495][ T8755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.811509][ T8755] RIP: 0033:0x4143d1 [ 781.815388][ T8755] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 781.837131][ T8755] RSP: 002b:00007fd465df3a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 781.849874][ T8755] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 781.857834][ T8755] RDX: 00007fd465df3b0a RSI: 0000000000000002 RDI: 00007fd465df3b00 [ 781.865914][ T8755] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 781.873869][ T8755] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 781.883093][ T8755] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 781.893398][ T8755] ERROR: Out of memory at tomoyo_realpath_from_path. [ 781.951777][ T8766] 9pnet: Could not find request transport: fV [ 781.968450][ T8754] EXT4-fs (loop0): unsupported inode size: 0 16:55:35 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x900000000000000, 0x0) [ 781.989669][ T26] audit: type=1804 audit(1574009735.013:197): pid=8768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1208/file0" dev="sda1" ino=18257 res=1 16:55:35 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=f\\,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:35 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xa00000000000000, 0x0) [ 782.098438][ T26] audit: type=1804 audit(1574009735.113:198): pid=8773 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1209/file0" dev="sda1" ino=18027 res=1 [ 782.153698][ T8777] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:35 executing program 1 (fault-call:3 fault-nth:19): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 782.240852][ T8786] 9pnet: Could not find request transport: f\ [ 782.245952][ T8777] device gre1 entered promiscuous mode [ 782.334116][ T8792] FAULT_INJECTION: forcing a failure. [ 782.334116][ T8792] name failslab, interval 1, probability 0, space 0, times 0 [ 782.347621][ T8792] CPU: 1 PID: 8792 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 782.355437][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.365513][ T8792] Call Trace: [ 782.368799][ T8792] dump_stack+0x1fb/0x318 [ 782.373139][ T8792] should_fail+0x555/0x770 [ 782.377582][ T8792] __should_failslab+0x11a/0x160 [ 782.382542][ T8792] ? radix_tree_node_alloc+0x1a1/0x370 [ 782.387990][ T8792] should_failslab+0x9/0x20 [ 782.392506][ T8792] kmem_cache_alloc+0x56/0x2e0 [ 782.397261][ T8792] radix_tree_node_alloc+0x1a1/0x370 [ 782.402543][ T8792] idr_get_free+0x2b8/0x8c0 [ 782.407035][ T8792] idr_alloc_cyclic+0x18b/0x550 [ 782.411889][ T8792] __kernfs_new_node+0x124/0x6b0 [ 782.416818][ T8792] ? bd_set_size+0x97/0xb0 [ 782.421223][ T8792] kernfs_create_dir_ns+0x9b/0x230 [ 782.426324][ T8792] internal_create_group+0x207/0xd80 [ 782.431604][ T8792] sysfs_create_group+0x1f/0x30 [ 782.436438][ T8792] loop_set_fd+0xf54/0x1470 [ 782.440972][ T8792] lo_ioctl+0xd5/0x2200 [ 782.445109][ T8792] ? __kasan_slab_free+0x12a/0x1e0 [ 782.450207][ T8792] ? kasan_slab_free+0xe/0x10 [ 782.454867][ T8792] ? kfree+0x115/0x200 [ 782.458936][ T8792] ? tomoyo_path_number_perm+0x4e1/0x640 [ 782.464548][ T8792] ? tomoyo_file_ioctl+0x23/0x30 [ 782.469482][ T8792] ? security_file_ioctl+0x6d/0xd0 [ 782.474575][ T8792] ? __x64_sys_ioctl+0xa3/0x120 [ 782.479406][ T8792] ? do_syscall_64+0xf7/0x1c0 [ 782.484068][ T8792] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.490125][ T8792] ? debug_check_no_obj_freed+0x505/0x5b0 [ 782.495839][ T8792] ? rcu_lock_release+0x9/0x30 [ 782.500611][ T8792] ? rcu_lock_release+0x9/0x30 [ 782.505369][ T8792] ? lo_release+0x1f0/0x1f0 [ 782.509942][ T8792] blkdev_ioctl+0x807/0x2980 [ 782.514518][ T8792] ? tomoyo_path_number_perm+0x53e/0x640 [ 782.520411][ T8792] block_ioctl+0xbd/0x100 [ 782.524722][ T8792] ? blkdev_iopoll+0x100/0x100 [ 782.529483][ T8792] do_vfs_ioctl+0x744/0x1730 [ 782.534053][ T8792] ? __fget+0x3f1/0x510 [ 782.538213][ T8792] ? tomoyo_file_ioctl+0x23/0x30 [ 782.543131][ T8792] ? security_file_ioctl+0xa1/0xd0 [ 782.548244][ T8792] __x64_sys_ioctl+0xe3/0x120 [ 782.552922][ T8792] do_syscall_64+0xf7/0x1c0 [ 782.557413][ T8792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.563373][ T8792] RIP: 0033:0x45a4a7 [ 782.567254][ T8792] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 782.587452][ T8792] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 782.595845][ T8792] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 782.603813][ T8792] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 782.611771][ T8792] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 782.619726][ T8792] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 782.627687][ T8792] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 782.662561][ T8796] 9pnet: Could not find request transport: f\ 16:55:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d09000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:35 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60018006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:35 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:35 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xb00000000000000, 0x0) 16:55:35 executing program 1 (fault-call:3 fault-nth:20): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:35 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fb,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 782.884414][ T8812] FAULT_INJECTION: forcing a failure. [ 782.884414][ T8812] name failslab, interval 1, probability 0, space 0, times 0 [ 782.888870][ T8813] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 782.912189][ T8813] device gre1 entered promiscuous mode [ 782.920996][ T8814] 9pnet: Could not find request transport: fb [ 782.942531][ T8812] CPU: 0 PID: 8812 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 782.950395][ T8812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.950402][ T8812] Call Trace: [ 782.950421][ T8812] dump_stack+0x1fb/0x318 [ 782.950436][ T8812] should_fail+0x555/0x770 [ 782.950454][ T8812] __should_failslab+0x11a/0x160 [ 782.950466][ T8812] ? tomoyo_encode2+0x273/0x5a0 [ 782.950475][ T8812] should_failslab+0x9/0x20 [ 782.950482][ T8812] __kmalloc+0x7a/0x340 [ 782.950503][ T8812] tomoyo_encode2+0x273/0x5a0 [ 782.963872][ T8812] tomoyo_realpath_from_path+0x769/0x7c0 [ 782.963892][ T8812] tomoyo_path_number_perm+0x166/0x640 [ 782.963923][ T8812] ? smack_file_ioctl+0x226/0x2e0 [ 782.972619][ T8812] ? __fget+0x3f1/0x510 [ 782.972634][ T8812] tomoyo_file_ioctl+0x23/0x30 [ 782.972645][ T8812] security_file_ioctl+0x6d/0xd0 [ 782.972658][ T8812] __x64_sys_ioctl+0xa3/0x120 [ 782.972679][ T8812] do_syscall_64+0xf7/0x1c0 [ 782.972695][ T8812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.972703][ T8812] RIP: 0033:0x45a4a7 [ 782.972712][ T8812] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 782.972717][ T8812] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 783.072507][ T8812] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 783.080465][ T8812] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 16:55:36 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xc00000000000000, 0x0) [ 783.088478][ T8812] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 783.096482][ T8812] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 783.104463][ T8812] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 783.118493][ T8811] EXT4-fs (loop0): unsupported inode size: 0 [ 783.149178][ T8812] ERROR: Out of memory at tomoyo_realpath_from_path. [ 783.164750][ T8806] BTRFS error (device loop3): superblock checksum mismatch 16:55:36 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6fa25006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 783.229375][ T8806] BTRFS error (device loop3): open_ctree failed [ 783.238054][ T8826] 9pnet: Could not find request transport: fb 16:55:36 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xd00000000000000, 0x0) [ 783.317012][ T8830] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 783.331056][ T8830] device gre1 entered promiscuous mode 16:55:36 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fg,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 783.384368][ T8806] BTRFS error (device loop3): superblock checksum mismatch 16:55:36 executing program 1 (fault-call:3 fault-nth:21): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:36 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 783.429303][ T8806] BTRFS error (device loop3): open_ctree failed [ 783.484670][ T8839] 9pnet: Could not find request transport: fg 16:55:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d0a000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:36 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xe00000000000000, 0x0) 16:55:36 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1000000000000000, 0x0) [ 783.589294][ T8834] EXT4-fs (loop0): unsupported inode size: 0 [ 783.613651][ T8846] FAULT_INJECTION: forcing a failure. [ 783.613651][ T8846] name failslab, interval 1, probability 0, space 0, times 0 [ 783.641111][ T8846] CPU: 0 PID: 8846 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 783.649177][ T8846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.659238][ T8846] Call Trace: [ 783.662527][ T8846] dump_stack+0x1fb/0x318 [ 783.666851][ T8846] should_fail+0x555/0x770 [ 783.671368][ T8846] __should_failslab+0x11a/0x160 [ 783.676296][ T8846] ? __kernfs_new_node+0x97/0x6b0 [ 783.681308][ T8846] should_failslab+0x9/0x20 [ 783.685809][ T8846] kmem_cache_alloc+0x56/0x2e0 [ 783.690576][ T8846] __kernfs_new_node+0x97/0x6b0 [ 783.695412][ T8846] ? bd_set_size+0x97/0xb0 [ 783.699812][ T8846] kernfs_create_dir_ns+0x9b/0x230 [ 783.704925][ T8846] internal_create_group+0x207/0xd80 [ 783.710237][ T8846] sysfs_create_group+0x1f/0x30 [ 783.715072][ T8846] loop_set_fd+0xf54/0x1470 [ 783.719564][ T8846] lo_ioctl+0xd5/0x2200 [ 783.723698][ T8846] ? __kasan_slab_free+0x12a/0x1e0 [ 783.728795][ T8846] ? kasan_slab_free+0xe/0x10 [ 783.733452][ T8846] ? kfree+0x115/0x200 [ 783.737509][ T8846] ? tomoyo_path_number_perm+0x4e1/0x640 [ 783.743129][ T8846] ? tomoyo_file_ioctl+0x23/0x30 [ 783.748177][ T8846] ? security_file_ioctl+0x6d/0xd0 [ 783.753277][ T8846] ? __x64_sys_ioctl+0xa3/0x120 [ 783.758137][ T8846] ? do_syscall_64+0xf7/0x1c0 [ 783.763276][ T8846] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.769342][ T8846] ? debug_check_no_obj_freed+0x505/0x5b0 [ 783.775174][ T8846] ? rcu_lock_release+0x9/0x30 [ 783.779940][ T8846] ? rcu_lock_release+0x9/0x30 [ 783.789567][ T8846] ? lo_release+0x1f0/0x1f0 [ 783.794765][ T8846] blkdev_ioctl+0x807/0x2980 [ 783.799408][ T8846] ? tomoyo_path_number_perm+0x53e/0x640 [ 783.805040][ T8846] block_ioctl+0xbd/0x100 [ 783.809380][ T8846] ? blkdev_iopoll+0x100/0x100 [ 783.814401][ T8846] do_vfs_ioctl+0x744/0x1730 [ 783.818993][ T8846] ? __fget+0x3f1/0x510 [ 783.823148][ T8846] ? tomoyo_file_ioctl+0x23/0x30 [ 783.828088][ T8846] ? security_file_ioctl+0xa1/0xd0 [ 783.833191][ T8846] __x64_sys_ioctl+0xe3/0x120 [ 783.837896][ T8846] do_syscall_64+0xf7/0x1c0 [ 783.842393][ T8846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.848276][ T8846] RIP: 0033:0x45a4a7 [ 783.852167][ T8846] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 783.871783][ T8846] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 783.880207][ T8846] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 783.888186][ T8846] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 783.896207][ T8846] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 783.904214][ T8846] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 783.912190][ T8846] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 783.935625][ T8855] 9pnet: Could not find request transport: fg 16:55:37 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6ff25006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:37 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1100000000000000, 0x0) [ 784.012568][ T8861] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 784.032268][ T8861] device gre1 entered promiscuous mode [ 784.052154][ T8853] BTRFS error (device loop3): superblock checksum mismatch 16:55:37 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fl,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:37 executing program 1 (fault-call:3 fault-nth:22): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 784.119230][ T8853] BTRFS error (device loop3): open_ctree failed [ 784.186469][ T8872] FAULT_INJECTION: forcing a failure. [ 784.186469][ T8872] name failslab, interval 1, probability 0, space 0, times 0 [ 784.218118][ T8872] CPU: 0 PID: 8872 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 784.225977][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.236321][ T8872] Call Trace: [ 784.236341][ T8872] dump_stack+0x1fb/0x318 [ 784.236360][ T8872] should_fail+0x555/0x770 [ 784.236378][ T8872] __should_failslab+0x11a/0x160 [ 784.236389][ T8872] ? loop_set_fd+0x1470/0x1470 [ 784.236397][ T8872] should_failslab+0x9/0x20 [ 784.236404][ T8872] kmem_cache_alloc_trace+0x5d/0x2f0 [ 784.236415][ T8872] ? __kthread_create_on_node+0xb2/0x3b0 [ 784.236427][ T8872] ? loop_set_fd+0x1470/0x1470 [ 784.236436][ T8872] __kthread_create_on_node+0xb2/0x3b0 16:55:37 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 784.236455][ T8872] ? loop_set_fd+0x1470/0x1470 [ 784.236466][ T8872] kthread_create_on_node+0x72/0xa0 [ 784.236476][ T8872] ? lockdep_init_map+0x2a/0x680 [ 784.236489][ T8872] ? __kthread_init_worker+0x5a/0xe0 [ 784.236499][ T8872] loop_set_fd+0x6a8/0x1470 [ 784.236510][ T8872] ? check_preemption_disabled+0xb7/0x2a0 [ 784.236524][ T8872] ? tomoyo_path_number_perm+0x4e1/0x640 [ 784.270197][ T8878] 9pnet: Could not find request transport: fl [ 784.273845][ T8872] lo_ioctl+0xd5/0x2200 [ 784.273859][ T8872] ? __kasan_slab_free+0x12a/0x1e0 [ 784.273867][ T8872] ? kasan_slab_free+0xe/0x10 [ 784.273877][ T8872] ? kfree+0x115/0x200 [ 784.273886][ T8872] ? tomoyo_path_number_perm+0x4e1/0x640 [ 784.273900][ T8872] ? tomoyo_file_ioctl+0x23/0x30 [ 784.312218][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 784.312227][ T26] audit: type=1804 audit(1574009737.333:205): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1216/file0" dev="sda1" ino=18065 res=1 [ 784.314794][ T8872] ? security_file_ioctl+0x6d/0xd0 [ 784.314808][ T8872] ? __x64_sys_ioctl+0xa3/0x120 [ 784.314819][ T8872] ? do_syscall_64+0xf7/0x1c0 [ 784.314830][ T8872] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.314846][ T8872] ? debug_check_no_obj_freed+0x505/0x5b0 [ 784.411878][ T8872] ? rcu_lock_release+0x9/0x30 [ 784.416637][ T8872] ? rcu_lock_release+0x9/0x30 [ 784.421665][ T8872] ? lo_release+0x1f0/0x1f0 [ 784.426173][ T8872] blkdev_ioctl+0x807/0x2980 [ 784.430980][ T8872] ? tomoyo_path_number_perm+0x53e/0x640 [ 784.436608][ T8872] block_ioctl+0xbd/0x100 [ 784.440935][ T8872] ? blkdev_iopoll+0x100/0x100 [ 784.445696][ T8872] do_vfs_ioctl+0x744/0x1730 [ 784.450270][ T8872] ? __fget+0x3f1/0x510 [ 784.454673][ T8872] ? tomoyo_file_ioctl+0x23/0x30 [ 784.460059][ T8872] ? security_file_ioctl+0xa1/0xd0 [ 784.465170][ T8872] __x64_sys_ioctl+0xe3/0x120 [ 784.469833][ T8872] do_syscall_64+0xf7/0x1c0 [ 784.474343][ T8872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.480225][ T8872] RIP: 0033:0x45a4a7 [ 784.484123][ T8872] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.503816][ T8872] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 784.512231][ T8872] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 784.520225][ T8872] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 784.528197][ T8872] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:55:37 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x1200000000000000, 0x0) [ 784.536158][ T8872] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 784.544156][ T8872] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:37 executing program 1 (fault-call:3 fault-nth:23): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 784.605818][ T8869] EXT4-fs (loop0): unsupported inode size: 0 16:55:37 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60034006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 784.651159][ T8887] 9pnet: Could not find request transport: fl [ 784.663120][ T26] audit: type=1804 audit(1574009737.683:206): pid=8886 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1217/file0" dev="sda1" ino=18225 res=1 16:55:37 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2000000000000000, 0x0) [ 784.699398][ T8890] validate_nla: 8 callbacks suppressed [ 784.699407][ T8890] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 784.720685][ T8890] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 784.730111][ T8890] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 784.780973][ T8890] device gre1 entered promiscuous mode [ 784.814829][ T8888] BTRFS error (device loop3): superblock checksum mismatch [ 784.849417][ T8901] FAULT_INJECTION: forcing a failure. [ 784.849417][ T8901] name failslab, interval 1, probability 0, space 0, times 0 [ 784.867430][ T8901] CPU: 0 PID: 8901 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 784.875274][ T8901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.875280][ T8901] Call Trace: [ 784.875298][ T8901] dump_stack+0x1fb/0x318 [ 784.875315][ T8901] should_fail+0x555/0x770 [ 784.875338][ T8901] __should_failslab+0x11a/0x160 [ 784.902683][ T8901] ? __kernfs_new_node+0x97/0x6b0 [ 784.902696][ T8901] should_failslab+0x9/0x20 [ 784.902706][ T8901] kmem_cache_alloc+0x56/0x2e0 [ 784.902720][ T8901] __kernfs_new_node+0x97/0x6b0 [ 784.902736][ T8901] ? mutex_unlock+0xd/0x10 [ 784.902746][ T8901] ? kernfs_activate+0x4c7/0x4e0 [ 784.902763][ T8901] kernfs_new_node+0x97/0x170 [ 784.912529][ T8901] __kernfs_create_file+0x4a/0x2f0 [ 784.912540][ T8901] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 784.912556][ T8901] internal_create_group+0x4be/0xd80 [ 784.912578][ T8901] sysfs_create_group+0x1f/0x30 [ 784.912590][ T8901] loop_set_fd+0xf54/0x1470 [ 784.912614][ T8901] lo_ioctl+0xd5/0x2200 [ 784.912624][ T8901] ? __kasan_slab_free+0x12a/0x1e0 [ 784.912632][ T8901] ? kasan_slab_free+0xe/0x10 [ 784.912641][ T8901] ? kfree+0x115/0x200 [ 784.912650][ T8901] ? tomoyo_path_number_perm+0x4e1/0x640 [ 784.912659][ T8901] ? tomoyo_file_ioctl+0x23/0x30 [ 784.912667][ T8901] ? security_file_ioctl+0x6d/0xd0 [ 784.912681][ T8901] ? __x64_sys_ioctl+0xa3/0x120 [ 784.922271][ T8901] ? do_syscall_64+0xf7/0x1c0 [ 784.931597][ T8901] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.931614][ T8901] ? debug_check_no_obj_freed+0x505/0x5b0 [ 784.931642][ T8901] ? rcu_lock_release+0x9/0x30 [ 784.931660][ T8901] ? rcu_lock_release+0x9/0x30 [ 784.931671][ T8901] ? lo_release+0x1f0/0x1f0 [ 784.931679][ T8901] blkdev_ioctl+0x807/0x2980 [ 784.931691][ T8901] ? tomoyo_path_number_perm+0x53e/0x640 [ 784.931719][ T8901] block_ioctl+0xbd/0x100 [ 784.931728][ T8901] ? blkdev_iopoll+0x100/0x100 [ 784.931739][ T8901] do_vfs_ioctl+0x744/0x1730 [ 784.931748][ T8901] ? __fget+0x3f1/0x510 [ 784.931762][ T8901] ? tomoyo_file_ioctl+0x23/0x30 [ 784.931773][ T8901] ? security_file_ioctl+0xa1/0xd0 [ 784.931784][ T8901] __x64_sys_ioctl+0xe3/0x120 [ 784.931797][ T8901] do_syscall_64+0xf7/0x1c0 [ 784.944808][ T26] audit: type=1804 audit(1574009737.963:207): pid=8904 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1218/file0" dev="sda1" ino=18113 res=1 [ 784.948666][ T8901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.948677][ T8901] RIP: 0033:0x45a4a7 [ 784.948688][ T8901] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.948694][ T8901] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 784.948704][ T8901] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 784.948710][ T8901] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 784.948716][ T8901] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 784.948722][ T8901] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 784.948727][ T8901] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 785.215315][ T8898] EXT4-fs (loop0): unsupported inode size: 0 [ 785.242469][ T8888] BTRFS error (device loop3): open_ctree failed 16:55:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d0b000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:38 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fq,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:38 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x2500000000000000, 0x0) 16:55:38 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60093006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 785.404656][ T8888] BTRFS error (device loop3): superblock checksum mismatch [ 785.421796][ T8918] 9pnet: Could not find request transport: fq 16:55:38 executing program 1 (fault-call:3 fault-nth:24): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 785.463246][ T8923] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 785.475106][ T26] audit: type=1804 audit(1574009738.493:208): pid=8925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1219/file0" dev="sda1" ino=18353 res=1 [ 785.486134][ T8923] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 16:55:38 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3700000000000000, 0x0) [ 785.509570][ T8923] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 785.523328][ T8923] device gre1 entered promiscuous mode [ 785.547344][ T8919] EXT4-fs (loop0): unsupported inode size: 0 [ 785.569386][ T8888] BTRFS error (device loop3): open_ctree failed [ 785.582735][ T8932] 9pnet: Could not find request transport: fq 16:55:38 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x3f00000000000000, 0x0) 16:55:38 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 785.605118][ T26] audit: type=1804 audit(1574009738.623:209): pid=8931 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1220/file0" dev="sda1" ino=18353 res=1 [ 785.665164][ T8934] FAULT_INJECTION: forcing a failure. [ 785.665164][ T8934] name failslab, interval 1, probability 0, space 0, times 0 [ 785.679292][ T8934] CPU: 1 PID: 8934 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 785.687370][ T8934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.697524][ T8934] Call Trace: [ 785.700931][ T8934] dump_stack+0x1fb/0x318 [ 785.705474][ T8934] should_fail+0x555/0x770 [ 785.709891][ T8934] __should_failslab+0x11a/0x160 [ 785.714916][ T8934] ? __kernfs_new_node+0x97/0x6b0 [ 785.720497][ T8934] should_failslab+0x9/0x20 [ 785.725013][ T8934] kmem_cache_alloc+0x56/0x2e0 [ 785.730176][ T8934] __kernfs_new_node+0x97/0x6b0 [ 785.735560][ T8934] ? mutex_unlock+0xd/0x10 [ 785.740752][ T8934] ? kernfs_activate+0x4c7/0x4e0 [ 785.745690][ T8934] kernfs_new_node+0x97/0x170 [ 785.750365][ T8934] __kernfs_create_file+0x4a/0x2f0 [ 785.755459][ T8934] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 785.760836][ T8934] internal_create_group+0x4be/0xd80 [ 785.766123][ T8934] sysfs_create_group+0x1f/0x30 [ 785.771041][ T8934] loop_set_fd+0xf54/0x1470 [ 785.775561][ T8934] lo_ioctl+0xd5/0x2200 [ 785.779698][ T8934] ? __kasan_slab_free+0x12a/0x1e0 [ 785.784786][ T8934] ? kasan_slab_free+0xe/0x10 [ 785.789460][ T8934] ? kfree+0x115/0x200 [ 785.793558][ T8934] ? tomoyo_path_number_perm+0x4e1/0x640 [ 785.799363][ T8934] ? tomoyo_file_ioctl+0x23/0x30 [ 785.804301][ T8934] ? security_file_ioctl+0x6d/0xd0 [ 785.809582][ T8934] ? __x64_sys_ioctl+0xa3/0x120 [ 785.814675][ T8934] ? do_syscall_64+0xf7/0x1c0 [ 785.819349][ T8934] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.825584][ T8934] ? debug_check_no_obj_freed+0x505/0x5b0 [ 785.831924][ T8934] ? rcu_lock_release+0x9/0x30 [ 785.836698][ T8934] ? rcu_lock_release+0x9/0x30 [ 785.841542][ T8934] ? lo_release+0x1f0/0x1f0 [ 785.846135][ T8934] blkdev_ioctl+0x807/0x2980 [ 785.850713][ T8934] ? tomoyo_path_number_perm+0x53e/0x640 [ 785.856491][ T8934] block_ioctl+0xbd/0x100 [ 785.860844][ T8934] ? blkdev_iopoll+0x100/0x100 [ 785.865695][ T8934] do_vfs_ioctl+0x744/0x1730 [ 785.870283][ T8934] ? __fget+0x3f1/0x510 [ 785.874532][ T8934] ? tomoyo_file_ioctl+0x23/0x30 [ 785.879482][ T8934] ? security_file_ioctl+0xa1/0xd0 [ 785.884746][ T8934] __x64_sys_ioctl+0xe3/0x120 [ 785.889590][ T8934] do_syscall_64+0xf7/0x1c0 [ 785.894244][ T8934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.900374][ T8934] RIP: 0033:0x45a4a7 [ 785.904285][ T8934] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 785.924031][ T8934] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 785.932760][ T8934] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 785.942082][ T8934] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 785.950339][ T8934] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 785.958670][ T8934] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 16:55:39 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e600cb006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 785.966630][ T8934] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:39 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fs,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 786.038443][ T26] audit: type=1804 audit(1574009739.053:210): pid=8941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1221/file0" dev="sda1" ino=18028 res=1 16:55:39 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4000000000000000, 0x0) [ 786.112627][ T8947] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 786.137589][ T8947] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 786.161495][ T8950] 9pnet: Could not find request transport: fs [ 786.165598][ T8947] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:39 executing program 1 (fault-call:3 fault-nth:25): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 786.204074][ T8947] device gre1 entered promiscuous mode [ 786.264325][ T8952] BTRFS error (device loop3): superblock checksum mismatch [ 786.281644][ T8959] 9pnet: Could not find request transport: fs [ 786.312776][ T26] audit: type=1804 audit(1574009739.333:211): pid=8958 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1222/file0" dev="sda1" ino=18450 res=1 [ 786.349551][ T8951] EXT4-fs (loop0): unsupported inode size: 0 [ 786.364434][ T8966] FAULT_INJECTION: forcing a failure. [ 786.364434][ T8966] name failslab, interval 1, probability 0, space 0, times 0 [ 786.377653][ T8966] CPU: 1 PID: 8966 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 786.385654][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.396100][ T8966] Call Trace: [ 786.399848][ T8966] dump_stack+0x1fb/0x318 [ 786.404359][ T8966] should_fail+0x555/0x770 [ 786.408769][ T8966] __should_failslab+0x11a/0x160 [ 786.413764][ T8966] should_failslab+0x9/0x20 [ 786.418277][ T8966] kmem_cache_alloc_trace+0x5d/0x2f0 [ 786.423554][ T8966] ? kobject_uevent_env+0x2cd/0x1260 [ 786.428853][ T8966] ? dev_uevent_filter+0xb0/0xb0 [ 786.433797][ T8966] kobject_uevent_env+0x2cd/0x1260 [ 786.438977][ T8966] kobject_uevent+0x1f/0x30 [ 786.443495][ T8966] loop_set_fd+0xfc3/0x1470 [ 786.447992][ T8966] lo_ioctl+0xd5/0x2200 [ 786.452162][ T8966] ? __kasan_slab_free+0x12a/0x1e0 [ 786.457351][ T8966] ? kasan_slab_free+0xe/0x10 [ 786.462076][ T8966] ? kfree+0x115/0x200 [ 786.466133][ T8966] ? tomoyo_path_number_perm+0x4e1/0x640 [ 786.471751][ T8966] ? tomoyo_file_ioctl+0x23/0x30 [ 786.476824][ T8966] ? security_file_ioctl+0x6d/0xd0 [ 786.482036][ T8966] ? __x64_sys_ioctl+0xa3/0x120 [ 786.486972][ T8966] ? do_syscall_64+0xf7/0x1c0 [ 786.491655][ T8966] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.497709][ T8966] ? debug_check_no_obj_freed+0x505/0x5b0 [ 786.503439][ T8966] ? rcu_lock_release+0x9/0x30 [ 786.508202][ T8966] ? rcu_lock_release+0x9/0x30 [ 786.513039][ T8966] ? lo_release+0x1f0/0x1f0 [ 786.517537][ T8966] blkdev_ioctl+0x807/0x2980 [ 786.522111][ T8966] ? tomoyo_path_number_perm+0x53e/0x640 [ 786.527735][ T8966] block_ioctl+0xbd/0x100 [ 786.532210][ T8966] ? blkdev_iopoll+0x100/0x100 [ 786.537063][ T8966] do_vfs_ioctl+0x744/0x1730 [ 786.541694][ T8966] ? __fget+0x3f1/0x510 [ 786.545853][ T8966] ? tomoyo_file_ioctl+0x23/0x30 [ 786.550794][ T8966] ? security_file_ioctl+0xa1/0xd0 [ 786.556067][ T8966] __x64_sys_ioctl+0xe3/0x120 [ 786.561196][ T8966] do_syscall_64+0xf7/0x1c0 [ 786.566598][ T8966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.572617][ T8966] RIP: 0033:0x45a4a7 [ 786.576644][ T8966] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 786.597560][ T8966] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 786.605970][ T8966] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 786.614095][ T8966] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 786.622152][ T8966] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 786.630122][ T8966] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 786.638097][ T8966] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 786.659803][ T8952] BTRFS error (device loop3): open_ctree failed 16:55:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d0c000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:39 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4800000000000000, 0x0) 16:55:39 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fu,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 786.860265][ T8952] BTRFS error (device loop3): superblock checksum mismatch [ 786.872092][ T26] audit: type=1804 audit(1574009739.893:212): pid=8977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1223/file0" dev="sda1" ino=16641 res=1 16:55:39 executing program 1 (fault-call:3 fault-nth:26): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:39 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e600cc006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:40 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x4c00000000000000, 0x0) [ 786.913009][ T8975] 9pnet: Could not find request transport: fu [ 786.941115][ T8983] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 786.952713][ T8983] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 16:55:40 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 786.979228][ T8983] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 786.997446][ T8983] device gre1 entered promiscuous mode [ 786.999538][ T8952] BTRFS error (device loop3): open_ctree failed [ 787.072429][ T8990] 9pnet: Could not find request transport: fu [ 787.089774][ T8985] FAULT_INJECTION: forcing a failure. [ 787.089774][ T8985] name failslab, interval 1, probability 0, space 0, times 0 [ 787.107621][ T8985] CPU: 1 PID: 8985 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 787.116576][ T8985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.126855][ T8985] Call Trace: [ 787.130159][ T8985] dump_stack+0x1fb/0x318 [ 787.134597][ T8985] should_fail+0x555/0x770 [ 787.139094][ T26] audit: type=1804 audit(1574009740.133:213): pid=8994 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1224/file0" dev="sda1" ino=16802 res=1 [ 787.139287][ T8985] __should_failslab+0x11a/0x160 [ 787.168964][ T8985] should_failslab+0x9/0x20 [ 787.173479][ T8985] kmem_cache_alloc_trace+0x5d/0x2f0 [ 787.178766][ T8985] ? kobject_uevent_env+0x2cd/0x1260 [ 787.184087][ T8985] ? dev_uevent_filter+0xb0/0xb0 [ 787.189020][ T8985] kobject_uevent_env+0x2cd/0x1260 [ 787.194139][ T8985] kobject_uevent+0x1f/0x30 [ 787.199145][ T8985] loop_set_fd+0xfc3/0x1470 [ 787.203827][ T8985] lo_ioctl+0xd5/0x2200 [ 787.207995][ T8985] ? __kasan_slab_free+0x12a/0x1e0 [ 787.213823][ T8985] ? kasan_slab_free+0xe/0x10 [ 787.218508][ T8985] ? kfree+0x115/0x200 [ 787.222568][ T8985] ? tomoyo_path_number_perm+0x4e1/0x640 [ 787.228269][ T8985] ? tomoyo_file_ioctl+0x23/0x30 [ 787.233197][ T8985] ? security_file_ioctl+0x6d/0xd0 [ 787.238310][ T8985] ? __x64_sys_ioctl+0xa3/0x120 [ 787.243158][ T8985] ? do_syscall_64+0xf7/0x1c0 [ 787.247844][ T8985] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.254800][ T8985] ? debug_check_no_obj_freed+0x505/0x5b0 [ 787.260517][ T8985] ? rcu_lock_release+0x9/0x30 [ 787.265308][ T8985] ? rcu_lock_release+0x9/0x30 [ 787.270072][ T8985] ? lo_release+0x1f0/0x1f0 [ 787.275355][ T8985] blkdev_ioctl+0x807/0x2980 [ 787.280001][ T8985] ? tomoyo_path_number_perm+0x53e/0x640 [ 787.285772][ T8985] block_ioctl+0xbd/0x100 [ 787.290085][ T8985] ? blkdev_iopoll+0x100/0x100 [ 787.295680][ T8985] do_vfs_ioctl+0x744/0x1730 [ 787.300372][ T8985] ? __fget+0x3f1/0x510 [ 787.304785][ T8985] ? tomoyo_file_ioctl+0x23/0x30 [ 787.310706][ T8985] ? security_file_ioctl+0xa1/0xd0 [ 787.315816][ T8985] __x64_sys_ioctl+0xe3/0x120 [ 787.320487][ T8985] do_syscall_64+0xf7/0x1c0 [ 787.324981][ T8985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.330867][ T8985] RIP: 0033:0x45a4a7 [ 787.334851][ T8985] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 787.354454][ T8985] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 787.362871][ T8985] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 16:55:40 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x5c00000000000000, 0x0) [ 787.370850][ T8985] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 787.378898][ T8985] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 787.387121][ T8985] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 787.395084][ T8985] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:40 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fw,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 787.436303][ T8988] EXT4-fs (loop0): unsupported inode size: 0 16:55:40 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6800000000000000, 0x0) [ 787.469141][ T26] audit: type=1804 audit(1574009740.483:214): pid=8998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1225/file0" dev="sda1" ino=16833 res=1 [ 787.528769][ T9006] 9pnet: Could not find request transport: fw [ 787.552275][ T8983] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 787.561054][ T8983] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 787.569570][ T8983] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:40 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60102006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 787.653092][ T9018] 9pnet: Could not find request transport: fw 16:55:40 executing program 1 (fault-call:3 fault-nth:27): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 787.716093][ T8983] device gre1 entered promiscuous mode [ 787.789898][ T9022] EXT4-fs (loop0): unsupported inode size: 0 [ 787.893472][ T9029] FAULT_INJECTION: forcing a failure. [ 787.893472][ T9029] name failslab, interval 1, probability 0, space 0, times 0 [ 787.908667][ T9029] CPU: 0 PID: 9029 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 787.916519][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.926585][ T9029] Call Trace: [ 787.929886][ T9029] dump_stack+0x1fb/0x318 [ 787.934458][ T9029] should_fail+0x555/0x770 [ 787.938868][ T9029] __should_failslab+0x11a/0x160 [ 787.943798][ T9029] ? __kernfs_new_node+0x97/0x6b0 [ 787.948811][ T9029] should_failslab+0x9/0x20 [ 787.953310][ T9029] kmem_cache_alloc+0x56/0x2e0 [ 787.958070][ T9029] __kernfs_new_node+0x97/0x6b0 [ 787.963015][ T9029] ? mutex_unlock+0xd/0x10 [ 787.967506][ T9029] ? kernfs_activate+0x4c7/0x4e0 [ 787.972450][ T9029] kernfs_new_node+0x97/0x170 [ 787.977171][ T9029] __kernfs_create_file+0x4a/0x2f0 [ 787.982358][ T9029] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 787.987896][ T9029] internal_create_group+0x4be/0xd80 [ 787.993262][ T9029] sysfs_create_group+0x1f/0x30 [ 787.998276][ T9029] loop_set_fd+0xf54/0x1470 [ 788.002889][ T9029] lo_ioctl+0xd5/0x2200 [ 788.007048][ T9029] ? __kasan_slab_free+0x12a/0x1e0 [ 788.012141][ T9029] ? kasan_slab_free+0xe/0x10 [ 788.016810][ T9029] ? kfree+0x115/0x200 [ 788.020873][ T9029] ? tomoyo_path_number_perm+0x4e1/0x640 [ 788.026508][ T9029] ? tomoyo_file_ioctl+0x23/0x30 [ 788.031615][ T9029] ? security_file_ioctl+0x6d/0xd0 [ 788.036929][ T9029] ? __x64_sys_ioctl+0xa3/0x120 [ 788.041790][ T9029] ? do_syscall_64+0xf7/0x1c0 [ 788.046492][ T9029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.052558][ T9029] ? debug_check_no_obj_freed+0x505/0x5b0 [ 788.058543][ T9029] ? rcu_lock_release+0x9/0x30 [ 788.063306][ T9029] ? rcu_lock_release+0x9/0x30 [ 788.068230][ T9029] ? lo_release+0x1f0/0x1f0 [ 788.072891][ T9029] blkdev_ioctl+0x807/0x2980 [ 788.077640][ T9029] ? tomoyo_path_number_perm+0x53e/0x640 [ 788.083291][ T9029] block_ioctl+0xbd/0x100 [ 788.087640][ T9029] ? blkdev_iopoll+0x100/0x100 [ 788.092410][ T9029] do_vfs_ioctl+0x744/0x1730 [ 788.097015][ T9029] ? __fget+0x3f1/0x510 [ 788.101189][ T9029] ? tomoyo_file_ioctl+0x23/0x30 [ 788.106388][ T9029] ? security_file_ioctl+0xa1/0xd0 [ 788.111492][ T9029] __x64_sys_ioctl+0xe3/0x120 [ 788.116159][ T9029] do_syscall_64+0xf7/0x1c0 [ 788.122218][ T9029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.128441][ T9029] RIP: 0033:0x45a4a7 [ 788.133035][ T9029] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 788.152734][ T9029] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 788.161147][ T9029] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 788.169338][ T9029] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 788.177318][ T9029] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 788.185281][ T9029] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 788.193263][ T9029] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d0d000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:41 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x6c00000000000000, 0x0) 16:55:41 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:41 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'\\fdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:41 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60103006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 788.301667][ T9041] 9pnet: Insufficient options for proto=fd 16:55:41 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7400000000000000, 0x0) 16:55:41 executing program 1 (fault-call:3 fault-nth:28): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 788.365197][ T9044] BTRFS error (device loop3): superblock checksum mismatch [ 788.411286][ T9053] 9pnet: Insufficient options for proto=fd [ 788.418332][ T9051] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 788.431479][ T9044] BTRFS error (device loop3): open_ctree failed [ 788.454488][ T9043] EXT4-fs (loop0): unsupported inode size: 0 16:55:41 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x7a00000000000000, 0x0) 16:55:41 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'r%dno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 788.472063][ T9051] device gre1 entered promiscuous mode [ 788.542547][ T9058] FAULT_INJECTION: forcing a failure. [ 788.542547][ T9058] name failslab, interval 1, probability 0, space 0, times 0 [ 788.555708][ T9058] CPU: 1 PID: 9058 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 788.563639][ T9058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.573719][ T9058] Call Trace: [ 788.577155][ T9058] dump_stack+0x1fb/0x318 [ 788.581541][ T9058] should_fail+0x555/0x770 [ 788.585992][ T9058] __should_failslab+0x11a/0x160 [ 788.591153][ T9058] ? __kernfs_new_node+0x97/0x6b0 [ 788.596177][ T9058] should_failslab+0x9/0x20 [ 788.600688][ T9058] kmem_cache_alloc+0x56/0x2e0 [ 788.605616][ T9058] __kernfs_new_node+0x97/0x6b0 [ 788.610600][ T9058] ? mutex_unlock+0xd/0x10 [ 788.615021][ T9058] ? kernfs_activate+0x4c7/0x4e0 [ 788.620302][ T9058] kernfs_new_node+0x97/0x170 [ 788.624983][ T9058] __kernfs_create_file+0x4a/0x2f0 [ 788.630084][ T9058] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 788.635643][ T9058] internal_create_group+0x4be/0xd80 [ 788.640939][ T9058] sysfs_create_group+0x1f/0x30 [ 788.645782][ T9058] loop_set_fd+0xf54/0x1470 [ 788.650273][ T9058] lo_ioctl+0xd5/0x2200 [ 788.654423][ T9058] ? __kasan_slab_free+0x12a/0x1e0 [ 788.660397][ T9058] ? kasan_slab_free+0xe/0x10 [ 788.665082][ T9058] ? kfree+0x115/0x200 [ 788.669167][ T9058] ? tomoyo_path_number_perm+0x4e1/0x640 [ 788.674802][ T9058] ? tomoyo_file_ioctl+0x23/0x30 [ 788.679741][ T9058] ? security_file_ioctl+0x6d/0xd0 [ 788.685023][ T9058] ? __x64_sys_ioctl+0xa3/0x120 [ 788.689875][ T9058] ? do_syscall_64+0xf7/0x1c0 [ 788.694554][ T9058] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.700627][ T9058] ? debug_check_no_obj_freed+0x505/0x5b0 [ 788.706357][ T9058] ? rcu_lock_release+0x9/0x30 [ 788.711143][ T9058] ? rcu_lock_release+0x9/0x30 [ 788.716214][ T9058] ? lo_release+0x1f0/0x1f0 [ 788.720720][ T9058] blkdev_ioctl+0x807/0x2980 [ 788.725331][ T9058] ? tomoyo_path_number_perm+0x53e/0x640 [ 788.731030][ T9058] block_ioctl+0xbd/0x100 [ 788.735388][ T9058] ? blkdev_iopoll+0x100/0x100 [ 788.740160][ T9058] do_vfs_ioctl+0x744/0x1730 [ 788.744751][ T9058] ? __fget+0x3f1/0x510 [ 788.748926][ T9058] ? tomoyo_file_ioctl+0x23/0x30 [ 788.753926][ T9058] ? security_file_ioctl+0xa1/0xd0 [ 788.759030][ T9058] __x64_sys_ioctl+0xe3/0x120 [ 788.763703][ T9058] do_syscall_64+0xf7/0x1c0 [ 788.768195][ T9058] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.774092][ T9058] RIP: 0033:0x45a4a7 [ 788.777979][ T9058] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 788.797676][ T9058] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 788.806132][ T9058] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 788.814112][ T9058] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 788.822078][ T9058] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 788.830055][ T9058] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 788.838033][ T9058] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 788.872215][ T9065] 9pnet: Insufficient options for proto=fd 16:55:41 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60104006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:41 executing program 1 (fault-call:3 fault-nth:29): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:42 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xeaffffff00000000, 0x0) [ 789.002748][ T9075] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 789.010792][ T9074] 9pnet: Insufficient options for proto=fd [ 789.018123][ T9044] BTRFS error (device loop3): superblock checksum mismatch [ 789.046211][ T9075] device gre1 entered promiscuous mode [ 789.082115][ T9084] FAULT_INJECTION: forcing a failure. [ 789.082115][ T9084] name failslab, interval 1, probability 0, space 0, times 0 [ 789.103268][ T9084] CPU: 0 PID: 9084 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 789.111128][ T9084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.121206][ T9084] Call Trace: [ 789.124517][ T9084] dump_stack+0x1fb/0x318 [ 789.128854][ T9084] should_fail+0x555/0x770 [ 789.133277][ T9084] __should_failslab+0x11a/0x160 [ 789.138329][ T9084] ? __kernfs_new_node+0x97/0x6b0 [ 789.143339][ T9084] should_failslab+0x9/0x20 [ 789.147821][ T9084] kmem_cache_alloc+0x56/0x2e0 [ 789.152651][ T9084] __kernfs_new_node+0x97/0x6b0 [ 789.157488][ T9084] ? mutex_unlock+0xd/0x10 [ 789.161883][ T9084] ? kernfs_activate+0x4c7/0x4e0 [ 789.167045][ T9084] kernfs_new_node+0x97/0x170 [ 789.172436][ T9084] __kernfs_create_file+0x4a/0x2f0 [ 789.177551][ T9084] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 789.183053][ T9084] internal_create_group+0x4be/0xd80 [ 789.188328][ T9084] sysfs_create_group+0x1f/0x30 [ 789.193248][ T9084] loop_set_fd+0xf54/0x1470 [ 789.197743][ T9084] lo_ioctl+0xd5/0x2200 [ 789.201878][ T9084] ? __kasan_slab_free+0x12a/0x1e0 [ 789.206964][ T9084] ? kasan_slab_free+0xe/0x10 [ 789.211775][ T9084] ? kfree+0x115/0x200 [ 789.215978][ T9084] ? tomoyo_path_number_perm+0x4e1/0x640 [ 789.221595][ T9084] ? tomoyo_file_ioctl+0x23/0x30 [ 789.226517][ T9084] ? security_file_ioctl+0x6d/0xd0 [ 789.231630][ T9084] ? __x64_sys_ioctl+0xa3/0x120 [ 789.236610][ T9084] ? do_syscall_64+0xf7/0x1c0 [ 789.241286][ T9084] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.247476][ T9084] ? debug_check_no_obj_freed+0x505/0x5b0 [ 789.253272][ T9084] ? rcu_lock_release+0x9/0x30 [ 789.258026][ T9084] ? rcu_lock_release+0x9/0x30 [ 789.262792][ T9084] ? lo_release+0x1f0/0x1f0 [ 789.267420][ T9084] blkdev_ioctl+0x807/0x2980 [ 789.272405][ T9084] ? tomoyo_path_number_perm+0x53e/0x640 [ 789.278043][ T9084] block_ioctl+0xbd/0x100 [ 789.282448][ T9084] ? blkdev_iopoll+0x100/0x100 [ 789.287192][ T9084] do_vfs_ioctl+0x744/0x1730 [ 789.291774][ T9084] ? __fget+0x3f1/0x510 [ 789.295940][ T9084] ? tomoyo_file_ioctl+0x23/0x30 [ 789.300869][ T9084] ? security_file_ioctl+0xa1/0xd0 [ 789.306403][ T9084] __x64_sys_ioctl+0xe3/0x120 [ 789.311109][ T9084] do_syscall_64+0xf7/0x1c0 [ 789.315705][ T9084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.321608][ T9084] RIP: 0033:0x45a4a7 [ 789.325496][ T9084] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 789.345190][ T9084] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 789.353592][ T9084] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 789.361571][ T9084] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 789.369543][ T9084] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 789.377530][ T9084] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 789.385508][ T9084] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 789.435297][ T9079] EXT4-fs (loop0): unsupported inode size: 0 [ 789.469226][ T9044] BTRFS error (device loop3): open_ctree failed 16:55:42 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'r.dno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:42 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xefffffff00000000, 0x0) 16:55:42 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d0e000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:42 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60105006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:42 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xf7ffffff00000000, 0x0) [ 789.614685][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 789.614694][ T26] audit: type=1804 audit(1574009742.633:220): pid=9096 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1231/file0" dev="sda1" ino=16555 res=1 [ 789.618798][ T9097] 9pnet: Insufficient options for proto=fd 16:55:42 executing program 1 (fault-call:3 fault-nth:30): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 789.707717][ T9102] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 789.786129][ T26] audit: type=1804 audit(1574009742.803:221): pid=9112 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1232/file0" dev="sda1" ino=16532 res=1 [ 789.811796][ T9115] 9pnet: Insufficient options for proto=fd 16:55:42 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xfeffffff00000000, 0x0) [ 789.834841][ T9102] device gre1 entered promiscuous mode [ 789.841158][ T9101] BTRFS error (device loop3): superblock checksum mismatch [ 789.868239][ T9107] EXT4-fs (loop0): unsupported inode size: 0 16:55:42 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'r/dno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 789.889475][ T9119] FAULT_INJECTION: forcing a failure. [ 789.889475][ T9119] name failslab, interval 1, probability 0, space 0, times 0 [ 789.910372][ T9119] CPU: 0 PID: 9119 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 789.918353][ T9119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.928414][ T9119] Call Trace: [ 789.931705][ T9119] dump_stack+0x1fb/0x318 [ 789.936047][ T9119] should_fail+0x555/0x770 [ 789.940476][ T9119] __should_failslab+0x11a/0x160 [ 789.945429][ T9119] should_failslab+0x9/0x20 [ 789.949948][ T9119] kmem_cache_alloc_trace+0x5d/0x2f0 [ 789.955246][ T9119] ? kobject_uevent_env+0x2cd/0x1260 [ 789.960542][ T9119] ? dev_uevent_filter+0xb0/0xb0 [ 789.966534][ T9119] kobject_uevent_env+0x2cd/0x1260 [ 789.971851][ T9119] kobject_uevent+0x1f/0x30 [ 789.977390][ T9119] loop_set_fd+0xfc3/0x1470 [ 789.981891][ T9119] lo_ioctl+0xd5/0x2200 [ 789.986037][ T9119] ? __kasan_slab_free+0x12a/0x1e0 [ 789.991143][ T9119] ? kasan_slab_free+0xe/0x10 [ 789.995814][ T9119] ? kfree+0x115/0x200 [ 789.999871][ T9119] ? tomoyo_path_number_perm+0x4e1/0x640 [ 790.005522][ T9119] ? tomoyo_file_ioctl+0x23/0x30 [ 790.010448][ T9119] ? security_file_ioctl+0x6d/0xd0 [ 790.015551][ T9119] ? __x64_sys_ioctl+0xa3/0x120 [ 790.020405][ T9119] ? do_syscall_64+0xf7/0x1c0 [ 790.025068][ T9119] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.031130][ T9119] ? debug_check_no_obj_freed+0x505/0x5b0 [ 790.036860][ T9119] ? rcu_lock_release+0x9/0x30 [ 790.042053][ T9119] ? rcu_lock_release+0x9/0x30 [ 790.046807][ T9119] ? lo_release+0x1f0/0x1f0 [ 790.051732][ T9119] blkdev_ioctl+0x807/0x2980 [ 790.056321][ T9119] ? tomoyo_path_number_perm+0x53e/0x640 [ 790.062189][ T9119] block_ioctl+0xbd/0x100 [ 790.066575][ T9119] ? blkdev_iopoll+0x100/0x100 [ 790.071348][ T9119] do_vfs_ioctl+0x744/0x1730 [ 790.075954][ T9119] ? __fget+0x3f1/0x510 [ 790.080123][ T9119] ? tomoyo_file_ioctl+0x23/0x30 [ 790.085078][ T9119] ? security_file_ioctl+0xa1/0xd0 [ 790.090179][ T9119] __x64_sys_ioctl+0xe3/0x120 [ 790.095022][ T9119] do_syscall_64+0xf7/0x1c0 [ 790.099518][ T9119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.105393][ T9119] RIP: 0033:0x45a4a7 [ 790.109386][ T9119] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 790.130116][ T9119] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 790.138712][ T9119] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 790.146678][ T9119] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 790.155230][ T9119] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 790.163187][ T9119] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 790.171164][ T9119] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:43 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xff0c000000000000, 0x0) [ 790.253560][ T26] audit: type=1804 audit(1574009743.273:222): pid=9123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1233/file0" dev="sda1" ino=17153 res=1 [ 790.289401][ T9101] BTRFS error (device loop3): open_ctree failed 16:55:43 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60106006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 790.308873][ T9126] 9pnet: Insufficient options for proto=fd 16:55:43 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xffffffff00000000, 0x0) [ 790.338821][ T26] audit: type=1804 audit(1574009743.353:223): pid=9131 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1234/file0" dev="sda1" ino=16540 res=1 [ 790.404198][ T9136] validate_nla: 6 callbacks suppressed [ 790.404205][ T9136] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 790.418874][ T9136] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 790.428237][ T9136] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:43 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, 0x0) 16:55:43 executing program 1 (fault-call:3 fault-nth:31): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 790.466292][ T26] audit: type=1804 audit(1574009743.483:224): pid=9140 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1235/file0" dev="sda1" ino=17153 res=1 [ 790.494990][ T9136] device gre1 entered promiscuous mode [ 790.503325][ T9144] 9pnet: Insufficient options for proto=fd 16:55:43 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 790.549146][ T9135] EXT4-fs (loop0): unsupported inode size: 0 [ 790.653736][ T9152] FAULT_INJECTION: forcing a failure. [ 790.653736][ T9152] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 790.667185][ T9152] CPU: 1 PID: 9152 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 790.674999][ T9152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.685161][ T9152] Call Trace: [ 790.688552][ T9152] dump_stack+0x1fb/0x318 [ 790.692885][ T9152] should_fail+0x555/0x770 [ 790.697394][ T9152] should_fail_alloc_page+0x55/0x60 [ 790.702771][ T9152] prepare_alloc_pages+0x283/0x460 [ 790.708188][ T9152] __alloc_pages_nodemask+0xb2/0x5d0 [ 790.713751][ T9152] kmem_getpages+0x4d/0xa00 [ 790.718343][ T9152] cache_grow_begin+0x7e/0x2c0 [ 790.723577][ T9152] cache_alloc_refill+0x311/0x3f0 [ 790.728692][ T9152] ? check_preemption_disabled+0xb7/0x2a0 [ 790.734511][ T9152] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 790.739966][ T9152] ? kobject_uevent_env+0x2cd/0x1260 [ 790.745375][ T9152] ? dev_uevent_filter+0xb0/0xb0 [ 790.750314][ T9152] kobject_uevent_env+0x2cd/0x1260 [ 790.755599][ T9152] kobject_uevent+0x1f/0x30 [ 790.760281][ T9152] loop_set_fd+0xfc3/0x1470 [ 790.765263][ T9152] lo_ioctl+0xd5/0x2200 [ 790.769560][ T9152] ? __kasan_slab_free+0x12a/0x1e0 [ 790.774894][ T9152] ? kasan_slab_free+0xe/0x10 [ 790.779850][ T9152] ? kfree+0x115/0x200 [ 790.784076][ T9152] ? tomoyo_path_number_perm+0x4e1/0x640 [ 790.789996][ T9152] ? tomoyo_file_ioctl+0x23/0x30 [ 790.795666][ T9152] ? security_file_ioctl+0x6d/0xd0 [ 790.801251][ T9152] ? __x64_sys_ioctl+0xa3/0x120 [ 790.806104][ T9152] ? do_syscall_64+0xf7/0x1c0 [ 790.812566][ T9152] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.819301][ T9152] ? debug_check_no_obj_freed+0x505/0x5b0 [ 790.826037][ T9152] ? rcu_lock_release+0x9/0x30 [ 790.831763][ T9152] ? rcu_lock_release+0x9/0x30 [ 790.836692][ T9152] ? lo_release+0x1f0/0x1f0 [ 790.841403][ T9152] blkdev_ioctl+0x807/0x2980 [ 790.846032][ T9152] ? tomoyo_path_number_perm+0x53e/0x640 [ 790.851927][ T9152] block_ioctl+0xbd/0x100 [ 790.856448][ T9152] ? blkdev_iopoll+0x100/0x100 [ 790.861388][ T9152] do_vfs_ioctl+0x744/0x1730 [ 790.866270][ T9152] ? __fget+0x3f1/0x510 [ 790.870917][ T9152] ? tomoyo_file_ioctl+0x23/0x30 [ 790.876379][ T9152] ? security_file_ioctl+0xa1/0xd0 [ 790.882883][ T9152] __x64_sys_ioctl+0xe3/0x120 [ 790.888116][ T9152] do_syscall_64+0xf7/0x1c0 [ 790.892996][ T9152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.899939][ T9152] RIP: 0033:0x45a4a7 [ 790.903933][ T9152] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 790.926408][ T9152] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 790.935868][ T9152] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 790.944277][ T9152] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 790.952831][ T9152] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 790.961549][ T9152] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 790.969767][ T9152] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 791.008032][ T9155] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop1 new:/dev/loop3 16:55:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d10000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:44 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2) 16:55:44 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'r\\dno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:44 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60107006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:44 executing program 1 (fault-call:3 fault-nth:32): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:44 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 791.160697][ T26] audit: type=1804 audit(1574009744.183:225): pid=9170 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1237/file0" dev="sda1" ino=16567 res=1 [ 791.194513][ T9167] 9pnet: Insufficient options for proto=fd [ 791.207426][ T9175] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 791.236429][ T9175] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 791.249745][ T9175] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:44 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3) [ 791.280309][ T9186] FAULT_INJECTION: forcing a failure. [ 791.280309][ T9186] name failslab, interval 1, probability 0, space 0, times 0 [ 791.300988][ T9186] CPU: 1 PID: 9186 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 791.311386][ T9186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.323418][ T9186] Call Trace: [ 791.327166][ T9186] dump_stack+0x1fb/0x318 [ 791.331896][ T9186] should_fail+0x555/0x770 [ 791.336803][ T9186] __should_failslab+0x11a/0x160 [ 791.341873][ T9186] should_failslab+0x9/0x20 [ 791.346462][ T9186] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 791.352532][ T9186] ? __kmalloc_node_track_caller+0x3c/0x60 [ 791.358617][ T9186] __kmalloc_node_track_caller+0x3c/0x60 [ 791.364427][ T9186] ? alloc_uevent_skb+0x7f/0x230 [ 791.369617][ T9186] __alloc_skb+0xe8/0x500 [ 791.374526][ T9186] alloc_uevent_skb+0x7f/0x230 [ 791.379594][ T9186] kobject_uevent_env+0xcbc/0x1260 [ 791.384994][ T9186] kobject_uevent+0x1f/0x30 [ 791.389935][ T9186] loop_set_fd+0xfc3/0x1470 [ 791.394659][ T9186] lo_ioctl+0xd5/0x2200 [ 791.399042][ T9186] ? __kasan_slab_free+0x12a/0x1e0 [ 791.404470][ T9186] ? kasan_slab_free+0xe/0x10 [ 791.409831][ T9186] ? kfree+0x115/0x200 [ 791.413918][ T9186] ? tomoyo_path_number_perm+0x4e1/0x640 [ 791.420166][ T9186] ? tomoyo_file_ioctl+0x23/0x30 [ 791.425331][ T9186] ? security_file_ioctl+0x6d/0xd0 [ 791.430695][ T9186] ? __x64_sys_ioctl+0xa3/0x120 [ 791.436206][ T9186] ? do_syscall_64+0xf7/0x1c0 [ 791.441218][ T9186] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.447831][ T9186] ? debug_check_no_obj_freed+0x505/0x5b0 [ 791.453565][ T9186] ? rcu_lock_release+0x9/0x30 [ 791.458344][ T9186] ? rcu_lock_release+0x9/0x30 [ 791.463490][ T9186] ? lo_release+0x1f0/0x1f0 [ 791.468199][ T9186] blkdev_ioctl+0x807/0x2980 [ 791.473255][ T9186] ? tomoyo_path_number_perm+0x53e/0x640 [ 791.479127][ T9186] block_ioctl+0xbd/0x100 [ 791.483785][ T9186] ? blkdev_iopoll+0x100/0x100 [ 791.488798][ T9186] do_vfs_ioctl+0x744/0x1730 [ 791.493434][ T9186] ? __fget+0x3f1/0x510 [ 791.498150][ T9186] ? tomoyo_file_ioctl+0x23/0x30 [ 791.503847][ T9186] ? security_file_ioctl+0xa1/0xd0 [ 791.509273][ T9186] __x64_sys_ioctl+0xe3/0x120 [ 791.514138][ T9186] do_syscall_64+0xf7/0x1c0 [ 791.518736][ T9186] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.525203][ T9186] RIP: 0033:0x45a4a7 [ 791.529254][ T9186] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 791.550007][ T9186] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 791.558659][ T9186] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 791.567091][ T9186] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 791.576176][ T9186] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 791.584393][ T9186] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 791.592362][ T9186] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 791.603659][ T9175] device gre1 entered promiscuous mode [ 791.616628][ T9171] EXT4-fs (loop0): unsupported inode size: 0 [ 791.634303][ T9189] 9pnet: Insufficient options for proto=fd 16:55:44 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60108006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 791.677115][ T26] audit: type=1804 audit(1574009744.693:226): pid=9193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1238/file0" dev="sda1" ino=17201 res=1 16:55:44 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4) 16:55:44 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfIno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:44 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:44 executing program 1 (fault-call:3 fault-nth:33): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 791.871688][ T26] audit: type=1804 audit(1574009744.893:227): pid=9202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1239/file0" dev="sda1" ino=16534 res=1 [ 791.877638][ T9207] 9pnet: Insufficient options for proto=fd [ 791.907502][ T9177] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 792.005525][ T9211] BTRFS error (device loop3): superblock checksum mismatch [ 792.013732][ T9209] EXT4-fs (loop0): unsupported inode size: 0 [ 792.015522][ T9177] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 792.039305][ T9218] FAULT_INJECTION: forcing a failure. [ 792.039305][ T9218] name failslab, interval 1, probability 0, space 0, times 0 [ 792.054723][ T9218] CPU: 1 PID: 9218 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 792.063101][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.064928][ T9177] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 792.073512][ T9218] Call Trace: [ 792.073540][ T9218] dump_stack+0x1fb/0x318 [ 792.073556][ T9218] should_fail+0x555/0x770 [ 792.073572][ T9218] __should_failslab+0x11a/0x160 [ 792.073584][ T9218] ? tomoyo_encode2+0x273/0x5a0 [ 792.073592][ T9218] should_failslab+0x9/0x20 [ 792.073599][ T9218] __kmalloc+0x7a/0x340 [ 792.073613][ T9218] tomoyo_encode2+0x273/0x5a0 [ 792.120224][ T9218] tomoyo_realpath_from_path+0x769/0x7c0 [ 792.126032][ T9218] tomoyo_path_number_perm+0x166/0x640 [ 792.131791][ T9218] ? rcu_read_lock_sched_held+0x10b/0x170 [ 792.137587][ T9218] ? trace_kmem_cache_free+0xb2/0x110 [ 792.142952][ T9218] tomoyo_path_mkdir+0x9c/0xc0 [ 792.147709][ T9218] security_path_mkdir+0xed/0x170 [ 792.152868][ T9218] do_mkdirat+0x15c/0x320 [ 792.157366][ T9218] __x64_sys_mkdir+0x60/0x70 [ 792.161949][ T9218] do_syscall_64+0xf7/0x1c0 [ 792.166452][ T9218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.172707][ T9218] RIP: 0033:0x459a57 [ 792.176593][ T9218] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.196989][ T9218] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 792.205745][ T9218] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 792.213844][ T9218] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 792.222337][ T9218] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 792.230637][ T9218] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 792.238809][ T9218] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 792.258279][ T9218] ERROR: Out of memory at tomoyo_realpath_from_path. [ 792.267843][ T9177] device gre1 entered promiscuous mode [ 792.333664][ T9211] BTRFS error (device loop3): open_ctree failed [ 792.371402][ T9226] 9pnet: Insufficient options for proto=fd 16:55:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d11000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:45 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5) 16:55:45 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60109006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:45 executing program 1 (fault-call:3 fault-nth:34): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:45 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfQno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 792.539351][ T9211] BTRFS error (device loop3): superblock checksum mismatch 16:55:45 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6) [ 792.584560][ T26] audit: type=1804 audit(1574009745.603:228): pid=9240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1240/file0" dev="sda1" ino=16565 res=1 [ 792.616478][ T9239] 9pnet: Insufficient options for proto=fd [ 792.660802][ T9235] FAULT_INJECTION: forcing a failure. [ 792.660802][ T9235] name failslab, interval 1, probability 0, space 0, times 0 [ 792.686175][ T9247] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 792.704990][ T26] audit: type=1804 audit(1574009745.723:229): pid=9251 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1241/file0" dev="sda1" ino=16977 res=1 [ 792.705024][ T9238] EXT4-fs (loop0): unsupported inode size: 0 [ 792.737304][ T9211] BTRFS error (device loop3): open_ctree failed [ 792.743321][ T9235] CPU: 1 PID: 9235 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 792.746397][ T9247] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 792.752666][ T9235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.752673][ T9235] Call Trace: [ 792.752693][ T9235] dump_stack+0x1fb/0x318 [ 792.752710][ T9235] should_fail+0x555/0x770 [ 792.752727][ T9235] __should_failslab+0x11a/0x160 [ 792.752740][ T9235] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 792.752750][ T9235] should_failslab+0x9/0x20 [ 792.752758][ T9235] __kmalloc+0x7a/0x340 [ 792.752767][ T9235] ? tomoyo_realpath_from_path+0xca/0x7c0 16:55:45 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7) [ 792.752779][ T9235] tomoyo_realpath_from_path+0xdc/0x7c0 [ 792.752802][ T9235] tomoyo_path_number_perm+0x166/0x640 [ 792.761828][ T9247] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 792.771172][ T9235] ? rcu_read_lock_sched_held+0x10b/0x170 [ 792.771185][ T9235] ? trace_kmem_cache_free+0xb2/0x110 [ 792.771201][ T9235] tomoyo_path_mkdir+0x9c/0xc0 [ 792.771214][ T9235] security_path_mkdir+0xed/0x170 [ 792.771228][ T9235] do_mkdirat+0x15c/0x320 [ 792.771241][ T9235] __x64_sys_mkdir+0x60/0x70 [ 792.771254][ T9235] do_syscall_64+0xf7/0x1c0 [ 792.771267][ T9235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.771280][ T9235] RIP: 0033:0x459a57 [ 792.778879][ T9235] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.778885][ T9235] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 792.778894][ T9235] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 792.778900][ T9235] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 792.778905][ T9235] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 792.778911][ T9235] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 792.778916][ T9235] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 792.786048][ T9235] ERROR: Out of memory at tomoyo_realpath_from_path. [ 792.954424][ T9255] 9pnet: Insufficient options for proto=fd 16:55:46 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:46 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x8) 16:55:46 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010a006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:46 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfRno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 793.005209][ T9247] device gre1 entered promiscuous mode 16:55:46 executing program 1 (fault-call:3 fault-nth:35): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 793.145125][ T9262] BTRFS error (device loop3): superblock checksum mismatch [ 793.179667][ T9271] 9pnet: Insufficient options for proto=fd [ 793.214681][ T9262] BTRFS error (device loop3): open_ctree failed [ 793.246685][ T9266] EXT4-fs (loop0): unsupported inode size: 0 [ 793.263035][ T9280] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 793.272576][ T9280] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 793.283410][ T9280] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 793.296253][ T9280] device gre1 entered promiscuous mode [ 793.304274][ T9282] 9pnet: Insufficient options for proto=fd [ 793.311037][ T9277] FAULT_INJECTION: forcing a failure. [ 793.311037][ T9277] name failslab, interval 1, probability 0, space 0, times 0 [ 793.342308][ T9277] CPU: 0 PID: 9277 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 793.351370][ T9277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.363159][ T9277] Call Trace: [ 793.367280][ T9277] dump_stack+0x1fb/0x318 [ 793.371918][ T9277] should_fail+0x555/0x770 [ 793.378262][ T9277] __should_failslab+0x11a/0x160 [ 793.383707][ T9277] ? tomoyo_encode2+0x273/0x5a0 [ 793.388594][ T9277] should_failslab+0x9/0x20 [ 793.393551][ T9277] __kmalloc+0x7a/0x340 [ 793.397886][ T9277] tomoyo_encode2+0x273/0x5a0 [ 793.403175][ T9277] tomoyo_realpath_from_path+0x769/0x7c0 [ 793.408835][ T9277] tomoyo_path_number_perm+0x166/0x640 [ 793.414429][ T9277] ? rcu_read_lock_sched_held+0x10b/0x170 [ 793.420945][ T9277] ? trace_kmem_cache_free+0xb2/0x110 [ 793.426987][ T9277] tomoyo_path_mkdir+0x9c/0xc0 [ 793.431875][ T9277] security_path_mkdir+0xed/0x170 [ 793.437477][ T9277] do_mkdirat+0x15c/0x320 [ 793.441813][ T9277] __x64_sys_mkdir+0x60/0x70 [ 793.447409][ T9277] do_syscall_64+0xf7/0x1c0 [ 793.451938][ T9277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.458027][ T9277] RIP: 0033:0x459a57 [ 793.462124][ T9277] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 793.483226][ T9277] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 793.492074][ T9277] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 793.500466][ T9277] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 793.509851][ T9277] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 793.518320][ T9277] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 793.526606][ T9277] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 793.537143][ T9277] ERROR: Out of memory at tomoyo_realpath_from_path. [ 793.580459][ T9277] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop3 new:/dev/loop1 [ 793.626338][ T9262] BTRFS error (device loop3): superblock checksum mismatch [ 793.686576][ T9262] BTRFS error (device loop3): open_ctree failed 16:55:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d12000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:46 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x9) 16:55:46 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010b006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:46 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfSno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:46 executing program 1 (fault-call:3 fault-nth:36): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:46 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 793.784205][ T9299] 9pnet: Insufficient options for proto=fd [ 793.795525][ T9298] FAULT_INJECTION: forcing a failure. [ 793.795525][ T9298] name failslab, interval 1, probability 0, space 0, times 0 [ 793.815271][ T9298] CPU: 0 PID: 9298 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 793.823561][ T9298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.834151][ T9298] Call Trace: [ 793.837747][ T9298] dump_stack+0x1fb/0x318 [ 793.842318][ T9298] should_fail+0x555/0x770 [ 793.846943][ T9298] __should_failslab+0x11a/0x160 [ 793.852908][ T9298] ? getname_flags+0xba/0x640 [ 793.857634][ T9298] should_failslab+0x9/0x20 [ 793.862316][ T9298] kmem_cache_alloc+0x56/0x2e0 [ 793.867323][ T9298] ? __kasan_check_write+0x14/0x20 [ 793.873590][ T9298] getname_flags+0xba/0x640 [ 793.878369][ T9298] do_mkdirat+0x3c/0x320 16:55:46 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xa) [ 793.882897][ T9298] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 793.882911][ T9298] ? do_syscall_64+0x1d/0x1c0 [ 793.882924][ T9298] __x64_sys_mkdir+0x60/0x70 [ 793.882936][ T9298] do_syscall_64+0xf7/0x1c0 [ 793.882950][ T9298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.882960][ T9298] RIP: 0033:0x459a57 [ 793.882969][ T9298] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 793.882974][ T9298] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 793.882983][ T9298] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 793.882988][ T9298] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 793.882993][ T9298] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 793.882998][ T9298] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 793.883003][ T9298] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 794.022488][ T9312] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 794.040482][ T9312] device gre1 entered promiscuous mode [ 794.048132][ T9315] 9pnet: Insufficient options for proto=fd [ 794.073952][ T9300] EXT4-fs (loop0): unsupported inode size: 0 16:55:47 executing program 1 (fault-call:3 fault-nth:37): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:47 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xb) 16:55:47 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 794.090631][ T9303] BTRFS error (device loop3): superblock checksum mismatch 16:55:47 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfTno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 794.199767][ T9303] BTRFS error (device loop3): open_ctree failed [ 794.237289][ T9326] FAULT_INJECTION: forcing a failure. [ 794.237289][ T9326] name failslab, interval 1, probability 0, space 0, times 0 [ 794.282607][ T9326] CPU: 0 PID: 9326 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 794.290740][ T9326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.302917][ T9326] Call Trace: [ 794.307450][ T9326] dump_stack+0x1fb/0x318 [ 794.311972][ T9326] should_fail+0x555/0x770 [ 794.317135][ T9326] __should_failslab+0x11a/0x160 [ 794.322447][ T9326] ? security_inode_alloc+0x36/0x1e0 [ 794.328019][ T9326] should_failslab+0x9/0x20 [ 794.333224][ T9326] kmem_cache_alloc+0x56/0x2e0 [ 794.338271][ T9326] security_inode_alloc+0x36/0x1e0 [ 794.344008][ T9326] inode_init_always+0x3b5/0x920 [ 794.349063][ T9326] ? set_qf_name+0x3c0/0x3c0 [ 794.354003][ T9326] new_inode_pseudo+0x7f/0x240 [ 794.359278][ T9326] new_inode+0x28/0x1c0 [ 794.363894][ T9326] ? trace_ext4_request_inode+0x28b/0x2d0 [ 794.370049][ T9326] __ext4_new_inode+0x43d/0x5650 [ 794.377564][ T9326] ? memset+0x31/0x40 [ 794.381695][ T9326] ? smk_curacc+0xa3/0xe0 [ 794.387104][ T9326] ext4_mkdir+0x3f5/0x1450 [ 794.391638][ T9326] ? security_inode_permission+0xdd/0x120 [ 794.397510][ T9326] vfs_mkdir+0x43f/0x610 [ 794.401775][ T9326] do_mkdirat+0x1d7/0x320 [ 794.406121][ T9326] __x64_sys_mkdir+0x60/0x70 [ 794.410721][ T9326] do_syscall_64+0xf7/0x1c0 [ 794.415736][ T9326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.422111][ T9326] RIP: 0033:0x459a57 [ 794.426092][ T9326] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 794.446906][ T9326] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 794.455496][ T9326] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 794.463896][ T9326] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 794.473719][ T9326] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:55:47 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xc) [ 794.482297][ T9326] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 794.490791][ T9326] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 794.518793][ T9334] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 794.528566][ T9336] 9pnet: Insufficient options for proto=fd [ 794.546862][ T9334] device gre1 entered promiscuous mode [ 794.612047][ T9328] EXT4-fs (loop0): unsupported inode size: 0 [ 794.641754][ T9348] 9pnet: Insufficient options for proto=fd [ 794.687745][ T9340] BTRFS error (device loop3): superblock checksum mismatch 16:55:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d13000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:47 executing program 1 (fault-call:3 fault-nth:38): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:47 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xd) 16:55:47 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfVno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:47 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010d006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 794.809189][ T9340] BTRFS error (device loop3): open_ctree failed [ 794.829791][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 794.829800][ T26] audit: type=1804 audit(1574009747.853:236): pid=9359 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1248/file0" dev="sda1" ino=16582 res=1 [ 794.835250][ T9358] 9pnet: Insufficient options for proto=fd [ 794.896916][ T9357] EXT4-fs (loop0): unsupported inode size: 0 16:55:47 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:47 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xe) [ 794.924034][ T9354] FAULT_INJECTION: forcing a failure. [ 794.924034][ T9354] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 794.937627][ T9354] CPU: 1 PID: 9354 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 794.945969][ T9354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.956441][ T9354] Call Trace: [ 794.959763][ T9354] dump_stack+0x1fb/0x318 [ 794.964216][ T9354] should_fail+0x555/0x770 [ 794.968825][ T9354] should_fail_alloc_page+0x55/0x60 [ 794.973667][ T9365] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 794.974240][ T9354] prepare_alloc_pages+0x283/0x460 [ 794.974256][ T9354] __alloc_pages_nodemask+0xb2/0x5d0 [ 794.974278][ T9354] kmem_getpages+0x4d/0xa00 [ 794.974292][ T9354] cache_grow_begin+0x7e/0x2c0 [ 794.974309][ T9354] cache_alloc_refill+0x311/0x3f0 [ 794.990153][ T9354] ? check_preemption_disabled+0xb7/0x2a0 [ 794.990169][ T9354] __kmalloc+0x318/0x340 16:55:48 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x10) [ 794.990179][ T9354] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 794.990189][ T9354] tomoyo_realpath_from_path+0xdc/0x7c0 [ 794.990205][ T9354] tomoyo_path_number_perm+0x166/0x640 [ 794.990235][ T9354] ? rcu_read_lock_sched_held+0x10b/0x170 [ 794.990245][ T9354] ? trace_kmem_cache_free+0xb2/0x110 [ 794.990259][ T9354] tomoyo_path_mkdir+0x9c/0xc0 [ 794.990280][ T9354] security_path_mkdir+0xed/0x170 [ 794.990293][ T9354] do_mkdirat+0x15c/0x320 [ 794.990307][ T9354] __x64_sys_mkdir+0x60/0x70 [ 794.990320][ T9354] do_syscall_64+0xf7/0x1c0 [ 794.990335][ T9354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.990351][ T9354] RIP: 0033:0x459a57 [ 795.000917][ T9354] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 795.000923][ T9354] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 795.000932][ T9354] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 795.000937][ T9354] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 795.000943][ T9354] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 795.000948][ T9354] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 795.000954][ T9354] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 795.027746][ T26] audit: type=1804 audit(1574009748.043:237): pid=9370 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1249/file0" dev="sda1" ino=16588 res=1 [ 795.197148][ T9365] device gre1 entered promiscuous mode 16:55:48 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x11) 16:55:48 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010e006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 795.281045][ T9375] 9pnet: Insufficient options for proto=fd [ 795.291877][ T26] audit: type=1804 audit(1574009748.313:238): pid=9374 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1250/file0" dev="sda1" ino=16588 res=1 16:55:48 executing program 1 (fault-call:3 fault-nth:39): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 795.369120][ T26] audit: type=1804 audit(1574009748.383:239): pid=9382 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1251/file0" dev="sda1" ino=16586 res=1 16:55:48 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x12) [ 795.424896][ T9383] BTRFS error (device loop3): superblock checksum mismatch [ 795.483964][ T9393] validate_nla: 6 callbacks suppressed [ 795.483973][ T9393] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 795.501471][ T9383] BTRFS error (device loop3): open_ctree failed [ 795.524958][ T26] audit: type=1804 audit(1574009748.543:240): pid=9391 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1252/file0" dev="sda1" ino=16595 res=1 [ 795.547798][ T9393] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 795.559261][ T9396] FAULT_INJECTION: forcing a failure. [ 795.559261][ T9396] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 795.572804][ T9396] CPU: 0 PID: 9396 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 795.572812][ T9396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.572816][ T9396] Call Trace: [ 795.572835][ T9396] dump_stack+0x1fb/0x318 [ 795.572853][ T9396] should_fail+0x555/0x770 [ 795.572871][ T9396] should_fail_alloc_page+0x55/0x60 [ 795.572881][ T9396] prepare_alloc_pages+0x283/0x460 [ 795.572894][ T9396] __alloc_pages_nodemask+0xb2/0x5d0 [ 795.572913][ T9396] kmem_getpages+0x4d/0xa00 [ 795.572923][ T9396] cache_grow_begin+0x7e/0x2c0 [ 795.572935][ T9396] cache_alloc_refill+0x311/0x3f0 [ 795.572943][ T9396] ? check_preemption_disabled+0xb7/0x2a0 [ 795.572955][ T9396] __kmalloc+0x318/0x340 [ 795.572963][ T9396] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 795.572975][ T9396] tomoyo_realpath_from_path+0xdc/0x7c0 [ 795.572991][ T9396] tomoyo_path_number_perm+0x166/0x640 [ 795.573021][ T9396] ? rcu_read_lock_sched_held+0x10b/0x170 [ 795.573033][ T9396] ? trace_kmem_cache_free+0xb2/0x110 [ 795.592063][ T9396] tomoyo_path_mkdir+0x9c/0xc0 [ 795.592080][ T9396] security_path_mkdir+0xed/0x170 [ 795.592095][ T9396] do_mkdirat+0x15c/0x320 [ 795.592111][ T9396] __x64_sys_mkdir+0x60/0x70 [ 795.592125][ T9396] do_syscall_64+0xf7/0x1c0 [ 795.592138][ T9396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.592152][ T9396] RIP: 0033:0x459a57 [ 795.592161][ T9396] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 795.592166][ T9396] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 795.592174][ T9396] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 795.592179][ T9396] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 795.592184][ T9396] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 795.592189][ T9396] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 795.592194][ T9396] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 795.610495][ T9393] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 795.799300][ T9393] device gre1 entered promiscuous mode [ 795.826388][ T9394] EXT4-fs (loop0): unsupported inode size: 0 16:55:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d14000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:49 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rf\\no', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:49 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x25) 16:55:49 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60110006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:49 executing program 1 (fault-call:3 fault-nth:40): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 795.996115][ T9383] BTRFS error (device loop3): superblock checksum mismatch [ 796.061086][ T9413] FAULT_INJECTION: forcing a failure. [ 796.061086][ T9413] name failslab, interval 1, probability 0, space 0, times 0 [ 796.076608][ T9416] 9pnet: Insufficient options for proto=fd [ 796.086398][ T26] audit: type=1804 audit(1574009749.113:241): pid=9415 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1253/file0" dev="sda1" ino=16616 res=1 [ 796.112160][ T9413] CPU: 0 PID: 9413 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 796.119277][ T9383] BTRFS error (device loop3): open_ctree failed [ 796.120523][ T9413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.120529][ T9413] Call Trace: [ 796.120549][ T9413] dump_stack+0x1fb/0x318 [ 796.120565][ T9413] should_fail+0x555/0x770 [ 796.120583][ T9413] __should_failslab+0x11a/0x160 [ 796.139138][ T9413] ? tomoyo_encode2+0x273/0x5a0 [ 796.139149][ T9413] should_failslab+0x9/0x20 [ 796.139158][ T9413] __kmalloc+0x7a/0x340 [ 796.139172][ T9413] tomoyo_encode2+0x273/0x5a0 [ 796.139188][ T9413] tomoyo_realpath_from_path+0x769/0x7c0 [ 796.139203][ T9413] tomoyo_path_number_perm+0x166/0x640 [ 796.139236][ T9413] ? rcu_read_lock_sched_held+0x10b/0x170 [ 796.139246][ T9413] ? trace_kmem_cache_free+0xb2/0x110 [ 796.139258][ T9413] tomoyo_path_mkdir+0x9c/0xc0 [ 796.139273][ T9413] security_path_mkdir+0xed/0x170 [ 796.147627][ T9413] do_mkdirat+0x15c/0x320 [ 796.147645][ T9413] __x64_sys_mkdir+0x60/0x70 [ 796.147660][ T9413] do_syscall_64+0xf7/0x1c0 [ 796.147674][ T9413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.147683][ T9413] RIP: 0033:0x459a57 [ 796.147695][ T9413] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 796.255637][ T9413] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 796.264295][ T9413] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 796.272352][ T9413] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 796.280567][ T9413] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 796.289670][ T9413] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 796.297774][ T9413] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:49 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:49 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x37) [ 796.355438][ T9423] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 796.387730][ T9423] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 796.387998][ T9413] ERROR: Out of memory at tomoyo_realpath_from_path. [ 796.402233][ T9423] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 796.409238][ T26] audit: type=1804 audit(1574009749.423:242): pid=9427 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1254/file0" dev="sda1" ino=16534 res=1 [ 796.442753][ T9414] EXT4-fs (loop0): unsupported inode size: 0 [ 796.447135][ T9429] 9pnet: Insufficient options for proto=fd 16:55:49 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x48) 16:55:49 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60111006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 796.472238][ T9423] device gre1 entered promiscuous mode [ 796.557711][ T9432] BTRFS error (device loop3): superblock checksum mismatch 16:55:49 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfbno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 796.585797][ T26] audit: type=1804 audit(1574009749.603:243): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1255/file0" dev="sda1" ino=16584 res=1 16:55:49 executing program 1 (fault-call:3 fault-nth:41): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 796.659645][ T9432] BTRFS error (device loop3): open_ctree failed 16:55:49 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4c) [ 796.705086][ T9445] 9pnet: Insufficient options for proto=fd [ 796.723840][ T9448] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 796.736117][ T9448] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 796.749506][ T9448] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 796.793279][ T9443] EXT4-fs (loop0): unsupported inode size: 0 [ 796.799727][ T9448] device gre1 entered promiscuous mode [ 796.821702][ T26] audit: type=1804 audit(1574009749.843:244): pid=9454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1256/file0" dev="sda1" ino=16534 res=1 [ 796.862302][ T9458] 9pnet: Insufficient options for proto=fd [ 796.870145][ T9455] FAULT_INJECTION: forcing a failure. [ 796.870145][ T9455] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 796.883447][ T9455] CPU: 0 PID: 9455 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 796.891278][ T9455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.901341][ T9455] Call Trace: [ 796.904732][ T9455] dump_stack+0x1fb/0x318 [ 796.909076][ T9455] should_fail+0x555/0x770 [ 796.913951][ T9455] should_fail_alloc_page+0x55/0x60 [ 796.920906][ T9455] prepare_alloc_pages+0x283/0x460 [ 796.926050][ T9455] __alloc_pages_nodemask+0xb2/0x5d0 [ 796.926069][ T9455] kmem_getpages+0x4d/0xa00 [ 796.926088][ T9455] cache_grow_begin+0x7e/0x2c0 [ 796.940618][ T9455] cache_alloc_refill+0x311/0x3f0 [ 796.945664][ T9455] ? check_preemption_disabled+0xb7/0x2a0 [ 796.951411][ T9455] __kmalloc+0x318/0x340 [ 796.955642][ T9455] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 796.961812][ T9455] tomoyo_realpath_from_path+0xdc/0x7c0 [ 796.967359][ T9455] tomoyo_path_number_perm+0x166/0x640 [ 796.967391][ T9455] ? rcu_read_lock_sched_held+0x10b/0x170 [ 796.979057][ T9455] ? trace_kmem_cache_free+0xb2/0x110 [ 796.985397][ T9455] tomoyo_path_mkdir+0x9c/0xc0 [ 796.990184][ T9455] security_path_mkdir+0xed/0x170 [ 796.995231][ T9455] do_mkdirat+0x15c/0x320 [ 796.999605][ T9455] __x64_sys_mkdir+0x60/0x70 [ 797.004206][ T9455] do_syscall_64+0xf7/0x1c0 [ 797.008879][ T9455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.014777][ T9455] RIP: 0033:0x459a57 [ 797.018653][ T9455] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 797.038330][ T9455] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 797.046738][ T9455] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 797.055474][ T9455] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 797.063461][ T9455] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 797.071529][ T9455] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 797.079501][ T9455] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d28000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:50 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5c) 16:55:50 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60112006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:50 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfgno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:50 executing program 1 (fault-call:3 fault-nth:42): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 797.300297][ T26] audit: type=1804 audit(1574009750.323:245): pid=9473 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1257/file0" dev="sda1" ino=16618 res=1 [ 797.332114][ T9480] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 797.335364][ T9472] 9pnet: Insufficient options for proto=fd 16:55:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x68) [ 797.345774][ T9480] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 797.367719][ T9475] EXT4-fs (loop0): unsupported inode size: 0 [ 797.371122][ T9480] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 797.389855][ T9474] FAULT_INJECTION: forcing a failure. [ 797.389855][ T9474] name failslab, interval 1, probability 0, space 0, times 0 16:55:50 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60125006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 797.424555][ T9470] BTRFS error (device loop3): superblock checksum mismatch [ 797.451156][ T9480] device gre1 entered promiscuous mode [ 797.464241][ T9474] CPU: 1 PID: 9474 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 16:55:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6c) [ 797.472102][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.482177][ T9474] Call Trace: [ 797.485493][ T9474] dump_stack+0x1fb/0x318 [ 797.489849][ T9474] should_fail+0x555/0x770 [ 797.494874][ T9474] __should_failslab+0x11a/0x160 [ 797.499830][ T9474] ? smack_inode_init_security+0x3cf/0x490 [ 797.505740][ T9474] should_failslab+0x9/0x20 [ 797.510255][ T9474] __kmalloc_track_caller+0x79/0x340 [ 797.515561][ T9474] kstrdup+0x34/0x70 [ 797.519475][ T9474] smack_inode_init_security+0x3cf/0x490 16:55:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x74) [ 797.525136][ T9474] security_inode_init_security+0xfe/0x310 [ 797.531056][ T9474] ? ext4_init_security+0x40/0x40 [ 797.536211][ T9474] ext4_init_security+0x34/0x40 [ 797.541077][ T9474] __ext4_new_inode+0x446c/0x5650 [ 797.546135][ T9474] ? smk_curacc+0xa3/0xe0 [ 797.550487][ T9474] ext4_mkdir+0x3f5/0x1450 [ 797.554933][ T9474] ? security_inode_permission+0xdd/0x120 [ 797.560673][ T9474] vfs_mkdir+0x43f/0x610 [ 797.564927][ T9474] do_mkdirat+0x1d7/0x320 [ 797.569270][ T9474] __x64_sys_mkdir+0x60/0x70 [ 797.573898][ T9474] do_syscall_64+0xf7/0x1c0 [ 797.578456][ T9474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.584371][ T9474] RIP: 0033:0x459a57 [ 797.588272][ T9474] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 797.607964][ T9474] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 797.607975][ T9474] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 797.607980][ T9474] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 797.607985][ T9474] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 797.607991][ T9474] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 797.607996][ T9474] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 797.624383][ T9498] 9pnet: Insufficient options for proto=fd [ 797.664165][ T9470] BTRFS error (device loop3): open_ctree failed 16:55:50 executing program 1 (fault-call:3 fault-nth:43): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 797.675814][ T9493] EXT4-fs (loop0): unsupported inode size: 0 16:55:50 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7a) [ 797.805280][ T9506] FAULT_INJECTION: forcing a failure. [ 797.805280][ T9506] name failslab, interval 1, probability 0, space 0, times 0 [ 797.825735][ T9506] CPU: 1 PID: 9506 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 797.833580][ T9506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.843669][ T9506] Call Trace: [ 797.843690][ T9506] dump_stack+0x1fb/0x318 [ 797.843707][ T9506] should_fail+0x555/0x770 [ 797.843724][ T9506] __should_failslab+0x11a/0x160 [ 797.843735][ T9506] ? kcalloc+0x2f/0x50 [ 797.843745][ T9506] should_failslab+0x9/0x20 [ 797.843753][ T9506] __kmalloc+0x7a/0x340 [ 797.843765][ T9506] kcalloc+0x2f/0x50 [ 797.843774][ T9506] ext4_find_extent+0x216/0xaa0 [ 797.843786][ T9506] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 797.843802][ T9506] ext4_ext_map_blocks+0x170/0x7170 [ 797.893752][ T9506] ? __kasan_check_write+0x14/0x20 [ 797.899095][ T9506] ? __down_read+0x14b/0x360 [ 797.903863][ T9506] ext4_map_blocks+0x424/0x1e30 [ 797.908717][ T9506] ? __kasan_check_write+0x14/0x20 [ 797.913812][ T9506] ext4_getblk+0xae/0x460 [ 797.918129][ T9506] ext4_bread+0x4a/0x340 [ 797.922375][ T9506] ext4_append+0x175/0x310 [ 797.926787][ T9506] ext4_mkdir+0x7ad/0x1450 [ 797.931209][ T9506] vfs_mkdir+0x43f/0x610 [ 797.935436][ T9506] do_mkdirat+0x1d7/0x320 [ 797.939748][ T9506] __x64_sys_mkdir+0x60/0x70 [ 797.944320][ T9506] do_syscall_64+0xf7/0x1c0 [ 797.948807][ T9506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.954678][ T9506] RIP: 0033:0x459a57 [ 797.958645][ T9506] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 797.978333][ T9506] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 797.986811][ T9506] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 797.994763][ T9506] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 798.002729][ T9506] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 798.010718][ T9506] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 798.018760][ T9506] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 798.088801][ T9519] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 798.099496][ T9519] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 798.108414][ T9519] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 798.132541][ T9519] device gre1 entered promiscuous mode 16:55:51 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:51 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rflno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:51 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6012d006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:51 executing program 1 (fault-call:3 fault-nth:44): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d29000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x300) [ 798.433195][ T9531] 9pnet: Insufficient options for proto=fd 16:55:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x500) [ 798.480098][ T9530] FAULT_INJECTION: forcing a failure. [ 798.480098][ T9530] name failslab, interval 1, probability 0, space 0, times 0 [ 798.499179][ T9533] BTRFS error (device loop3): superblock checksum mismatch [ 798.557145][ T9542] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 798.558238][ T9530] CPU: 0 PID: 9530 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 798.574378][ T9530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.584443][ T9530] Call Trace: [ 798.587733][ T9530] dump_stack+0x1fb/0x318 [ 798.587752][ T9530] should_fail+0x555/0x770 [ 798.587771][ T9530] __should_failslab+0x11a/0x160 [ 798.587782][ T9530] ? kcalloc+0x2f/0x50 16:55:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x600) [ 798.587791][ T9530] should_failslab+0x9/0x20 [ 798.587798][ T9530] __kmalloc+0x7a/0x340 [ 798.587811][ T9530] kcalloc+0x2f/0x50 [ 798.605524][ T9530] ext4_find_extent+0x216/0xaa0 [ 798.605538][ T9530] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 798.605551][ T9530] ext4_ext_map_blocks+0x170/0x7170 [ 798.605588][ T9530] ? __kasan_check_write+0x14/0x20 [ 798.618132][ T9530] ? __down_read+0x14b/0x360 [ 798.618154][ T9530] ext4_map_blocks+0x424/0x1e30 [ 798.618177][ T9530] ? __kasan_check_write+0x14/0x20 [ 798.618192][ T9530] ext4_getblk+0xae/0x460 [ 798.618209][ T9530] ext4_bread+0x4a/0x340 [ 798.618226][ T9530] ext4_append+0x175/0x310 [ 798.629386][ T9530] ext4_mkdir+0x7ad/0x1450 [ 798.629416][ T9530] vfs_mkdir+0x43f/0x610 [ 798.629433][ T9530] do_mkdirat+0x1d7/0x320 [ 798.629449][ T9530] __x64_sys_mkdir+0x60/0x70 [ 798.629462][ T9530] do_syscall_64+0xf7/0x1c0 [ 798.629477][ T9530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 798.629486][ T9530] RIP: 0033:0x459a57 [ 798.629496][ T9530] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 798.629501][ T9530] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 798.629509][ T9530] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 798.629519][ T9530] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 798.639836][ T9530] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 16:55:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x700) [ 798.639842][ T9530] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 798.639848][ T9530] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 798.673373][ T9533] BTRFS error (device loop3): open_ctree failed [ 798.691951][ T9535] EXT4-fs (loop0): unsupported inode size: 0 [ 798.787295][ T9542] device gre1 entered promiscuous mode [ 798.803927][ T9553] 9pnet: Insufficient options for proto=fd 16:55:51 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x900) 16:55:51 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60148006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:51 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfqno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 798.917911][ T9533] BTRFS error (device loop3): superblock checksum mismatch [ 799.018361][ T9570] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 799.042503][ T9572] 9pnet: Insufficient options for proto=fd [ 799.049170][ T9533] BTRFS error (device loop3): open_ctree failed 16:55:52 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:52 executing program 1 (fault-call:3 fault-nth:45): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 799.072720][ T9570] device gre1 entered promiscuous mode [ 799.153480][ T9576] FAULT_INJECTION: forcing a failure. [ 799.153480][ T9576] name failslab, interval 1, probability 0, space 0, times 0 [ 799.166401][ T9576] CPU: 1 PID: 9576 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 799.174329][ T9576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.184417][ T9576] Call Trace: [ 799.187717][ T9576] dump_stack+0x1fb/0x318 [ 799.192061][ T9576] should_fail+0x555/0x770 [ 799.196493][ T9576] __should_failslab+0x11a/0x160 [ 799.201440][ T9576] ? __es_insert_extent+0x7ba/0x17c0 [ 799.206726][ T9576] should_failslab+0x9/0x20 [ 799.211221][ T9576] kmem_cache_alloc+0x56/0x2e0 [ 799.216078][ T9576] __es_insert_extent+0x7ba/0x17c0 [ 799.221216][ T9576] ext4_es_insert_extent+0x250/0x2ea0 [ 799.226868][ T9576] ext4_map_blocks+0xe1c/0x1e30 [ 799.231742][ T9576] ? __kasan_check_write+0x14/0x20 [ 799.237020][ T9576] ext4_getblk+0xae/0x460 [ 799.241563][ T9576] ext4_bread+0x4a/0x340 [ 799.245820][ T9576] ext4_append+0x175/0x310 [ 799.250262][ T9576] ext4_mkdir+0x7ad/0x1450 [ 799.254707][ T9576] vfs_mkdir+0x43f/0x610 [ 799.258958][ T9576] do_mkdirat+0x1d7/0x320 [ 799.263309][ T9576] __x64_sys_mkdir+0x60/0x70 [ 799.268086][ T9576] do_syscall_64+0xf7/0x1c0 [ 799.272584][ T9576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.278463][ T9576] RIP: 0033:0x459a57 [ 799.282340][ T9576] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 799.302114][ T9576] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 799.311902][ T9576] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 799.320000][ T9576] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 799.328411][ T9576] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 799.336388][ T9576] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 799.344348][ T9576] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 799.358583][ T9565] EXT4-fs (loop0): unsupported inode size: 0 [ 799.373823][ T9587] 9pnet: Insufficient options for proto=fd 16:55:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d30000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xa00) 16:55:52 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6014c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:52 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfsno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:52 executing program 1 (fault-call:3 fault-nth:46): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 799.515155][ T9585] BTRFS error (device loop3): superblock checksum mismatch [ 799.582723][ T9585] BTRFS error (device loop3): open_ctree failed [ 799.606974][ T9593] 9pnet: Insufficient options for proto=fd [ 799.626659][ T9599] FAULT_INJECTION: forcing a failure. [ 799.626659][ T9599] name failslab, interval 1, probability 0, space 0, times 0 [ 799.644074][ T9604] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 799.654571][ T9599] CPU: 0 PID: 9599 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 799.662494][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.672551][ T9599] Call Trace: [ 799.672569][ T9599] dump_stack+0x1fb/0x318 16:55:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xb00) [ 799.672587][ T9599] should_fail+0x555/0x770 [ 799.672607][ T9599] __should_failslab+0x11a/0x160 [ 799.672622][ T9599] ? kcalloc+0x2f/0x50 [ 799.680222][ T9599] should_failslab+0x9/0x20 [ 799.680233][ T9599] __kmalloc+0x7a/0x340 [ 799.680248][ T9599] kcalloc+0x2f/0x50 [ 799.680258][ T9599] ext4_find_extent+0x216/0xaa0 [ 799.680269][ T9599] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 799.680280][ T9599] ext4_ext_map_blocks+0x170/0x7170 [ 799.680309][ T9599] ? trace_lock_acquire+0x159/0x1d0 [ 799.680332][ T9599] ? __kasan_check_write+0x14/0x20 [ 799.689654][ T9599] ext4_map_blocks+0x8f4/0x1e30 [ 799.689677][ T9599] ? __kasan_check_write+0x14/0x20 [ 799.689692][ T9599] ext4_getblk+0xae/0x460 [ 799.689707][ T9599] ext4_bread+0x4a/0x340 [ 799.689721][ T9599] ext4_append+0x175/0x310 [ 799.689736][ T9599] ext4_mkdir+0x7ad/0x1450 [ 799.689760][ T9599] vfs_mkdir+0x43f/0x610 [ 799.698314][ T9599] do_mkdirat+0x1d7/0x320 [ 799.698332][ T9599] __x64_sys_mkdir+0x60/0x70 [ 799.698346][ T9599] do_syscall_64+0xf7/0x1c0 [ 799.698360][ T9599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.698372][ T9599] RIP: 0033:0x459a57 [ 799.706377][ T9599] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 799.706383][ T9599] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 799.706393][ T9599] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 799.706399][ T9599] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 799.706405][ T9599] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 799.706411][ T9599] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 799.706416][ T9599] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 799.859668][ T9604] device gre1 entered promiscuous mode [ 799.871897][ T9608] 9pnet: Insufficient options for proto=fd 16:55:52 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xc00) 16:55:53 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\xc0', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 799.898229][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 799.898237][ T26] audit: type=1804 audit(1574009752.913:256): pid=9611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1268/file0" dev="sda1" ino=16635 res=1 [ 799.938211][ T9601] EXT4-fs (loop0): unsupported inode size: 0 16:55:53 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfuno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xcff) 16:55:53 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6015c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:53 executing program 1 (fault-call:3 fault-nth:47): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 800.044383][ T26] audit: type=1804 audit(1574009753.063:257): pid=9619 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1269/file0" dev="sda1" ino=16639 res=1 [ 800.153120][ T9631] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 800.163729][ T9627] 9pnet: Insufficient options for proto=fd [ 800.197062][ T26] audit: type=1804 audit(1574009753.163:258): pid=9623 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1270/file0" dev="sda1" ino=16585 res=1 [ 800.235773][ T9631] device gre1 entered promiscuous mode [ 800.244341][ T9639] FAULT_INJECTION: forcing a failure. [ 800.244341][ T9639] name failslab, interval 1, probability 0, space 0, times 0 [ 800.257708][ T9639] CPU: 0 PID: 9639 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 800.265703][ T9639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.275758][ T9639] Call Trace: [ 800.279065][ T9639] dump_stack+0x1fb/0x318 [ 800.283391][ T9639] should_fail+0x555/0x770 [ 800.287803][ T9639] __should_failslab+0x11a/0x160 [ 800.292725][ T9639] ? ext4_mb_new_blocks+0x2ac/0x2cc0 [ 800.297989][ T9639] should_failslab+0x9/0x20 [ 800.302469][ T9639] kmem_cache_alloc+0x56/0x2e0 [ 800.307215][ T9639] ext4_mb_new_blocks+0x2ac/0x2cc0 [ 800.312309][ T9639] ? trace_kmalloc+0xcd/0x130 [ 800.316978][ T9639] ? kcalloc+0x2f/0x50 [ 800.321025][ T9639] ? __kmalloc+0x26c/0x340 [ 800.325429][ T9639] ? kcalloc+0x2f/0x50 [ 800.329490][ T9639] ? ext4_ext_search_right+0x4cb/0x940 [ 800.334928][ T9639] ? ext4_find_extent+0x8e0/0xaa0 [ 800.339934][ T9639] ? ext4_inode_to_goal_block+0x27b/0x3b0 [ 800.345638][ T9639] ext4_ext_map_blocks+0x4b8c/0x7170 [ 800.351279][ T9639] ext4_map_blocks+0x8f4/0x1e30 [ 800.356126][ T9639] ? __kasan_check_write+0x14/0x20 [ 800.361221][ T9639] ext4_getblk+0xae/0x460 [ 800.365541][ T9639] ext4_bread+0x4a/0x340 [ 800.369774][ T9639] ext4_append+0x175/0x310 [ 800.374171][ T9639] ext4_mkdir+0x7ad/0x1450 [ 800.378676][ T9639] vfs_mkdir+0x43f/0x610 [ 800.383004][ T9639] do_mkdirat+0x1d7/0x320 [ 800.387470][ T9639] __x64_sys_mkdir+0x60/0x70 [ 800.392080][ T9639] do_syscall_64+0xf7/0x1c0 [ 800.396598][ T9639] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.402606][ T9639] RIP: 0033:0x459a57 [ 800.406489][ T9639] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.426077][ T9639] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 800.434484][ T9639] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 800.442436][ T9639] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 800.451000][ T9639] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 800.459143][ T9639] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 800.467104][ T9639] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 800.552535][ T9638] EXT4-fs (loop0): unsupported inode size: 0 [ 800.581175][ T9647] 9pnet: Insufficient options for proto=fd 16:55:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d38000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xd00) 16:55:53 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:53 executing program 1 (fault-call:3 fault-nth:48): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:53 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60160006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:53 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfwno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 800.744575][ T9655] 9pnet: Insufficient options for proto=fd [ 800.756013][ T9665] validate_nla: 8 callbacks suppressed [ 800.756020][ T9665] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 800.770197][ T26] audit: type=1804 audit(1574009753.783:259): pid=9667 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1271/file0" dev="sda1" ino=16644 res=1 16:55:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xe00) [ 800.811276][ T9665] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 800.820851][ T9669] FAULT_INJECTION: forcing a failure. [ 800.820851][ T9669] name failslab, interval 1, probability 0, space 0, times 0 [ 800.857597][ T9659] EXT4-fs (loop0): unsupported inode size: 0 [ 800.876536][ T26] audit: type=1804 audit(1574009753.893:260): pid=9676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1272/file0" dev="sda1" ino=16646 res=1 [ 800.883347][ T9678] 9pnet: Insufficient options for proto=fd [ 800.904300][ T9665] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 800.919111][ T9669] CPU: 1 PID: 9669 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 800.926949][ T9669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.937072][ T9669] Call Trace: [ 800.940379][ T9669] dump_stack+0x1fb/0x318 [ 800.944715][ T9669] should_fail+0x555/0x770 [ 800.949143][ T9669] __should_failslab+0x11a/0x160 16:55:53 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1100) [ 800.954094][ T9669] should_failslab+0x9/0x20 [ 800.958600][ T9669] kmem_cache_alloc_trace+0x5d/0x2f0 [ 800.963890][ T9669] ? smack_d_instantiate+0xabf/0xd70 [ 800.969361][ T9669] smack_d_instantiate+0xabf/0xd70 [ 800.969380][ T9669] ? lockdep_init_map+0x2a/0x680 [ 800.969394][ T9669] security_d_instantiate+0xa5/0x100 [ 800.969407][ T9669] d_instantiate_new+0x65/0x120 [ 800.969419][ T9669] ext4_mkdir+0xfa9/0x1450 [ 800.969444][ T9669] vfs_mkdir+0x43f/0x610 [ 800.969460][ T9669] do_mkdirat+0x1d7/0x320 [ 800.969475][ T9669] __x64_sys_mkdir+0x60/0x70 16:55:54 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 800.969487][ T9669] do_syscall_64+0xf7/0x1c0 [ 800.969504][ T9669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.979530][ T9669] RIP: 0033:0x459a57 [ 800.979542][ T9669] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.979548][ T9669] RSP: 002b:00007fd465df3a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 800.979558][ T9669] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 800.979564][ T9669] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 800.979569][ T9669] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 800.979575][ T9669] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 800.979579][ T9669] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 801.095596][ T9665] device gre1 entered promiscuous mode 16:55:54 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfd%o', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 801.168897][ T26] audit: type=1804 audit(1574009754.183:261): pid=9683 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1273/file0" dev="sda1" ino=16649 res=1 16:55:54 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60168006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:54 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1200) [ 801.289196][ T9682] BTRFS error (device loop3): superblock checksum mismatch [ 801.309605][ T9691] 9pnet: Insufficient options for proto=fd [ 801.344170][ T26] audit: type=1804 audit(1574009754.363:262): pid=9696 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1274/file0" dev="sda1" ino=16636 res=1 [ 801.369969][ T9682] BTRFS error (device loop3): open_ctree failed [ 801.384073][ T9703] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 801.403446][ T9698] EXT4-fs (loop0): unsupported inode size: 0 [ 801.414735][ T9703] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 801.424316][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 801.455750][ T9705] 9pnet: Insufficient options for proto=fd [ 801.461383][ T9703] device gre1 entered promiscuous mode [ 801.510020][ T9682] BTRFS error (device loop3): superblock checksum mismatch [ 801.589461][ T9682] BTRFS error (device loop3): open_ctree failed 16:55:54 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d48000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:54 executing program 1 (fault-call:3 fault-nth:49): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:54 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2000) 16:55:54 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6016c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:54 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdn%', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:55:54 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 801.788597][ T9721] 9pnet: Insufficient options for proto=fd [ 801.796195][ T26] audit: type=1804 audit(1574009754.813:263): pid=9719 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1275/file0" dev="sda1" ino=16637 res=1 [ 801.828074][ T9723] FAULT_INJECTION: forcing a failure. [ 801.828074][ T9723] name failslab, interval 1, probability 0, space 0, times 0 [ 801.851144][ T9718] BTRFS error (device loop3): superblock checksum mismatch [ 801.870510][ T9723] CPU: 1 PID: 9723 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 801.872667][ T9729] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 801.878446][ T9723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.878452][ T9723] Call Trace: [ 801.878470][ T9723] dump_stack+0x1fb/0x318 [ 801.878486][ T9723] should_fail+0x555/0x770 [ 801.878507][ T9723] __should_failslab+0x11a/0x160 [ 801.913866][ T9723] ? kzalloc+0x1f/0x40 [ 801.917939][ T9723] should_failslab+0x9/0x20 [ 801.922453][ T9723] __kmalloc+0x7a/0x340 [ 801.922469][ T9723] kzalloc+0x1f/0x40 [ 801.922479][ T9723] smk_parse_smack+0x197/0x230 [ 801.922491][ T9723] smk_import_entry+0x27/0x590 [ 801.922511][ T9723] smack_d_instantiate+0x78f/0xd70 [ 801.930555][ T9723] ? lockdep_init_map+0x2a/0x680 [ 801.930568][ T9723] security_d_instantiate+0xa5/0x100 [ 801.930580][ T9723] d_instantiate_new+0x65/0x120 [ 801.930593][ T9723] ext4_mkdir+0xfa9/0x1450 [ 801.930618][ T9723] vfs_mkdir+0x43f/0x610 [ 801.930639][ T9723] do_mkdirat+0x1d7/0x320 16:55:54 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2500) 16:55:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3700) [ 801.955253][ T26] audit: type=1804 audit(1574009754.973:264): pid=9731 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1276/file0" dev="sda1" ino=16637 res=1 [ 801.956316][ T9723] __x64_sys_mkdir+0x60/0x70 [ 801.956331][ T9723] do_syscall_64+0xf7/0x1c0 [ 801.956346][ T9723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.956359][ T9723] RIP: 0033:0x459a57 [ 801.987523][ T9729] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 801.997945][ T9723] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 801.997951][ T9723] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 801.997960][ T9723] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 801.997966][ T9723] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 801.997972][ T9723] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 801.997977][ T9723] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 801.997982][ T9723] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 802.049142][ T9729] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 802.062467][ T9718] BTRFS error (device loop3): open_ctree failed [ 802.121613][ T9729] device gre1 entered promiscuous mode [ 802.135461][ T26] audit: type=1804 audit(1574009755.153:265): pid=9738 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1277/file0" dev="sda1" ino=16651 res=1 [ 802.172771][ T9740] 9pnet: Insufficient options for proto=fd 16:55:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3f00) [ 802.193226][ T9722] EXT4-fs (loop0): unsupported inode size: 0 16:55:55 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60174006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:55 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:55 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdn\\', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 802.354121][ T9749] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 802.408056][ T9752] BTRFS error (device loop3): superblock checksum mismatch [ 802.429563][ T9749] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 802.459250][ T9749] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 802.468346][ T9758] 9pnet: Insufficient options for proto=fd [ 802.480823][ T9752] BTRFS error (device loop3): open_ctree failed [ 802.507875][ T9749] device gre1 entered promiscuous mode [ 802.520140][ T9753] EXT4-fs (loop0): unsupported inode size: 0 [ 802.591589][ T9765] 9pnet: Insufficient options for proto=fd [ 802.618510][ T9752] BTRFS error (device loop3): superblock checksum mismatch [ 802.659887][ T9752] BTRFS error (device loop3): open_ctree failed 16:55:55 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d50000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:55 executing program 1 (fault-call:3 fault-nth:50): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4000) 16:55:55 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6017a006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:55 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:55 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Ifdno', 0x3d, r1}}) [ 802.812811][ T9776] 9pnet: Insufficient options for proto=fd [ 802.834725][ T9786] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:55:55 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4800) [ 802.866965][ T9780] FAULT_INJECTION: forcing a failure. [ 802.866965][ T9780] name failslab, interval 1, probability 0, space 0, times 0 [ 802.879845][ T9786] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 802.889306][ T9781] BTRFS error (device loop3): superblock checksum mismatch [ 802.900572][ T9786] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 802.916549][ T9780] CPU: 0 PID: 9780 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 802.924392][ T9780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.934444][ T9780] Call Trace: [ 802.937731][ T9780] dump_stack+0x1fb/0x318 [ 802.942043][ T9780] should_fail+0x555/0x770 [ 802.946451][ T9780] __should_failslab+0x11a/0x160 [ 802.951385][ T9780] ? kzalloc+0x1f/0x40 [ 802.955432][ T9780] should_failslab+0x9/0x20 [ 802.959914][ T9780] __kmalloc+0x7a/0x340 [ 802.964052][ T9780] kzalloc+0x1f/0x40 [ 802.967924][ T9780] smk_parse_smack+0x197/0x230 [ 802.972668][ T9780] smk_import_entry+0x27/0x590 [ 802.977413][ T9780] smack_d_instantiate+0x78f/0xd70 [ 802.982513][ T9780] ? lockdep_init_map+0x2a/0x680 [ 802.987432][ T9780] security_d_instantiate+0xa5/0x100 [ 802.992698][ T9780] d_instantiate_new+0x65/0x120 [ 802.997565][ T9780] ext4_mkdir+0xfa9/0x1450 [ 803.001972][ T9780] vfs_mkdir+0x43f/0x610 [ 803.006204][ T9780] do_mkdirat+0x1d7/0x320 [ 803.010526][ T9780] __x64_sys_mkdir+0x60/0x70 [ 803.015243][ T9780] do_syscall_64+0xf7/0x1c0 [ 803.019727][ T9780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.025614][ T9780] RIP: 0033:0x459a57 [ 803.029762][ T9780] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.049446][ T9780] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 803.057874][ T9780] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 803.065837][ T9780] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 803.073879][ T9780] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 803.081842][ T9780] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 803.089807][ T9780] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 803.106931][ T9786] device gre1 entered promiscuous mode 16:55:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4c00) [ 803.130466][ T9777] EXT4-fs (loop0): unsupported inode size: 0 [ 803.159348][ T9781] BTRFS error (device loop3): open_ctree failed [ 803.163002][ T9797] 9pnet: Insufficient options for proto=fd 16:55:56 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6017d006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:56 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:56 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Qfdno', 0x3d, r1}}) 16:55:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5c00) [ 803.352520][ T9812] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 803.383681][ T9810] BTRFS error (device loop3): superblock checksum mismatch [ 803.405338][ T9814] 9pnet: Insufficient options for proto=fd [ 803.413024][ T9812] device gre1 entered promiscuous mode [ 803.448774][ T9805] EXT4-fs (loop0): unsupported inode size: 0 [ 803.459550][ T9810] BTRFS error (device loop3): open_ctree failed [ 803.502764][ T9822] 9pnet: Insufficient options for proto=fd [ 803.559211][ T9810] BTRFS error (device loop3): superblock checksum mismatch 16:55:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d58000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:56 executing program 1 (fault-call:3 fault-nth:51): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6800) 16:55:56 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6014e016c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:56 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Rfdno', 0x3d, r1}}) [ 803.609314][ T9810] BTRFS error (device loop3): open_ctree failed 16:55:56 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 803.723521][ T9841] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 803.724085][ T9833] 9pnet: Insufficient options for proto=fd [ 803.754732][ T9834] FAULT_INJECTION: forcing a failure. [ 803.754732][ T9834] name failslab, interval 1, probability 0, space 0, times 0 16:55:56 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6c00) [ 803.785992][ T9841] device gre1 entered promiscuous mode [ 803.790952][ T9834] CPU: 0 PID: 9834 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 803.799287][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.799294][ T9834] Call Trace: [ 803.799311][ T9834] dump_stack+0x1fb/0x318 [ 803.799326][ T9834] should_fail+0x555/0x770 [ 803.799343][ T9834] __should_failslab+0x11a/0x160 [ 803.799356][ T9834] should_failslab+0x9/0x20 [ 803.818064][ T9834] kmem_cache_alloc_trace+0x5d/0x2f0 [ 803.837245][ T9834] ? copy_mount_options+0x5f/0x3c0 [ 803.842392][ T9834] copy_mount_options+0x5f/0x3c0 [ 803.847337][ T9834] ksys_mount+0xa0/0x100 [ 803.847352][ T9834] __x64_sys_mount+0xbf/0xd0 [ 803.847368][ T9834] do_syscall_64+0xf7/0x1c0 [ 803.847384][ T9834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.847393][ T9834] RIP: 0033:0x45d08a [ 803.847406][ T9834] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 803.856201][ T9834] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 803.856212][ T9834] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 803.856218][ T9834] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 803.856224][ T9834] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 803.856230][ T9834] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 803.856236][ T9834] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:57 executing program 1 (fault-call:3 fault-nth:52): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7400) [ 803.967669][ T9845] BTRFS error (device loop3): superblock checksum mismatch [ 803.980873][ T9838] EXT4-fs (loop0): unsupported inode size: 0 [ 804.041142][ T9855] 9pnet: Insufficient options for proto=fd 16:55:57 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60184016c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 804.125113][ T9845] BTRFS error (device loop3): open_ctree failed 16:55:57 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Sfdno', 0x3d, r1}}) [ 804.178175][ T9864] FAULT_INJECTION: forcing a failure. [ 804.178175][ T9864] name failslab, interval 1, probability 0, space 0, times 0 [ 804.199965][ T9864] CPU: 1 PID: 9864 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 804.207842][ T9864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16:55:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7a00) [ 804.215104][ T9867] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 804.219375][ T9864] Call Trace: [ 804.219401][ T9864] dump_stack+0x1fb/0x318 [ 804.219415][ T9864] should_fail+0x555/0x770 [ 804.219433][ T9864] __should_failslab+0x11a/0x160 [ 804.219443][ T9864] ? ksys_mount+0x38/0x100 [ 804.219452][ T9864] should_failslab+0x9/0x20 [ 804.219462][ T9864] __kmalloc_track_caller+0x79/0x340 [ 804.219474][ T9864] strndup_user+0x76/0x130 [ 804.219484][ T9864] ksys_mount+0x38/0x100 [ 804.219495][ T9864] __x64_sys_mount+0xbf/0xd0 [ 804.219511][ T9864] do_syscall_64+0xf7/0x1c0 [ 804.237621][ T9864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.237633][ T9864] RIP: 0033:0x45d08a [ 804.237642][ T9864] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 804.237652][ T9864] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 804.247234][ T9864] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 804.247240][ T9864] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 804.247245][ T9864] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 804.247250][ T9864] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 804.247254][ T9864] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 804.361383][ T9867] device gre1 entered promiscuous mode [ 804.425742][ T9868] EXT4-fs (loop0): unsupported inode size: 0 [ 804.443893][ T9874] 9pnet: Insufficient options for proto=fd [ 804.468569][ T9845] BTRFS error (device loop3): superblock checksum mismatch 16:55:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d64000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:57 executing program 1 (fault-call:3 fault-nth:53): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xff0c) 16:55:57 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60104026c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:55:57 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 804.592765][ T9885] 9pnet: Insufficient options for proto=fd [ 804.609893][ T9845] BTRFS error (device loop3): open_ctree failed [ 804.688122][ T9887] FAULT_INJECTION: forcing a failure. [ 804.688122][ T9887] name failslab, interval 1, probability 0, space 0, times 0 [ 804.701595][ T9887] CPU: 0 PID: 9887 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 804.709434][ T9887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.719534][ T9887] Call Trace: [ 804.722834][ T9887] dump_stack+0x1fb/0x318 [ 804.727262][ T9887] should_fail+0x555/0x770 [ 804.731691][ T9887] __should_failslab+0x11a/0x160 16:55:57 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Tfdno', 0x3d, r1}}) [ 804.736647][ T9887] should_failslab+0x9/0x20 [ 804.741163][ T9887] kmem_cache_alloc_trace+0x5d/0x2f0 [ 804.746455][ T9887] ? smack_d_instantiate+0xabf/0xd70 [ 804.746470][ T9887] smack_d_instantiate+0xabf/0xd70 [ 804.746488][ T9887] ? lockdep_init_map+0x2a/0x680 [ 804.746503][ T9887] security_d_instantiate+0xa5/0x100 [ 804.756879][ T9887] d_instantiate_new+0x65/0x120 [ 804.756894][ T9887] ext4_mkdir+0xfa9/0x1450 [ 804.756921][ T9887] vfs_mkdir+0x43f/0x610 [ 804.756937][ T9887] do_mkdirat+0x1d7/0x320 [ 804.776376][ T9887] __x64_sys_mkdir+0x60/0x70 [ 804.776392][ T9887] do_syscall_64+0xf7/0x1c0 [ 804.776408][ T9887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.776417][ T9887] RIP: 0033:0x459a57 [ 804.776432][ T9887] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 804.789580][ T9887] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 16:55:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1000000) 16:55:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d70000000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) [ 804.789591][ T9887] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 804.789597][ T9887] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 804.789603][ T9887] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 804.789609][ T9887] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 804.789615][ T9887] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 804.883254][ T9890] EXT4-fs (loop0): unsupported inode size: 0 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2000000) [ 804.915063][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 804.915071][ T26] audit: type=1804 audit(1574009757.933:276): pid=9908 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1288/file0" dev="sda1" ino=16652 res=1 [ 804.920407][ T9909] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:58 executing program 1 (fault-call:3 fault-nth:54): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 804.978698][ T9913] 9pnet: Insufficient options for proto=fd [ 804.995522][ T9896] BTRFS error (device loop3): superblock checksum mismatch [ 805.005808][ T9909] device gre1 entered promiscuous mode 16:55:58 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6017b026c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 805.063317][ T9896] BTRFS error (device loop3): open_ctree failed [ 805.081744][ T26] audit: type=1804 audit(1574009758.103:277): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1289/file0" dev="sda1" ino=16575 res=1 [ 805.107527][ T9920] 9pnet: Insufficient options for proto=fd 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3000000) [ 805.144862][ T9924] FAULT_INJECTION: forcing a failure. [ 805.144862][ T9924] name failslab, interval 1, probability 0, space 0, times 0 [ 805.157679][ T9924] CPU: 1 PID: 9924 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 805.166035][ T9924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.176430][ T9924] Call Trace: [ 805.179741][ T9924] dump_stack+0x1fb/0x318 [ 805.184078][ T9924] should_fail+0x555/0x770 [ 805.188696][ T9924] __should_failslab+0x11a/0x160 [ 805.193636][ T9924] ? __sigqueue_alloc+0x2ce/0x440 [ 805.198652][ T9924] should_failslab+0x9/0x20 [ 805.203172][ T9924] kmem_cache_alloc+0x56/0x2e0 [ 805.207950][ T9924] __sigqueue_alloc+0x2ce/0x440 [ 805.212833][ T9924] __send_signal+0x508/0xcd0 [ 805.217426][ T9924] send_signal+0x6e0/0x830 [ 805.221862][ T9924] force_sig_info_to_task+0x247/0x2e0 [ 805.227249][ T9924] force_sig_fault+0xbf/0x130 [ 805.231913][ T9924] __bad_area_nosemaphore+0x307/0x470 [ 805.237268][ T9924] bad_area+0x6b/0x80 [ 805.241249][ T9924] do_user_addr_fault+0xacc/0xaf0 [ 805.246269][ T9924] __do_page_fault+0xd3/0x1f0 [ 805.250948][ T9924] do_page_fault+0x99/0xb0 [ 805.255369][ T9924] page_fault+0x39/0x40 [ 805.259520][ T9924] RIP: 0033:0x45423f [ 805.263422][ T9924] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 805.283268][ T9924] RSP: 002b:00007fd465e14a88 EFLAGS: 00010283 [ 805.289496][ T9924] RAX: 00007fd465e14b40 RBX: 0000000020000068 RCX: 0000000000000000 [ 805.297491][ T9924] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007fd465e14b40 [ 805.305468][ T9924] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 805.313454][ T9924] R10: 0000000000000075 R11: 00000000004e76c0 R12: 0000000000000007 [ 805.321428][ T9924] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:55:58 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'Vfdno', 0x3d, r1}}) [ 805.384246][ T9933] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 805.409248][ T26] audit: type=1804 audit(1574009758.423:278): pid=9930 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1290/file0" dev="sda1" ino=16663 res=1 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4000000) [ 805.456108][ T9933] device gre1 entered promiscuous mode [ 805.493674][ T9938] 9pnet: Insufficient options for proto=fd 16:55:58 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 805.536139][ T9934] EXT4-fs (loop0): unsupported inode size: 0 [ 805.552688][ T26] audit: type=1804 audit(1574009758.573:279): pid=9943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1291/file0" dev="sda1" ino=16664 res=1 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5000000) 16:55:58 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601b1026c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 805.608371][ T9946] 9pnet: Insufficient options for proto=fd 16:55:58 executing program 1 (fault-call:3 fault-nth:55): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:58 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'bfdno', 0x3d, r1}}) 16:55:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d00070000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6000000) [ 805.718265][ T26] audit: type=1804 audit(1574009758.733:280): pid=9953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1292/file0" dev="sda1" ino=16653 res=1 [ 805.783048][ T9961] validate_nla: 10 callbacks suppressed [ 805.783055][ T9961] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 805.805298][ T9952] BTRFS error (device loop3): superblock checksum mismatch [ 805.827375][ T9966] 9pnet: Insufficient options for proto=fd [ 805.849427][ T9961] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 805.875435][ T26] audit: type=1804 audit(1574009758.863:281): pid=9968 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1293/file0" dev="sda1" ino=16648 res=1 16:55:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7000000) [ 805.903226][ T9961] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 805.924552][ T9952] BTRFS error (device loop3): open_ctree failed [ 805.941251][ T9961] device gre1 entered promiscuous mode [ 805.947763][ T9973] FAULT_INJECTION: forcing a failure. [ 805.947763][ T9973] name failslab, interval 1, probability 0, space 0, times 0 [ 805.964052][ T9956] EXT4-fs (loop0): unsupported inode size: 0 [ 805.968328][ T9973] CPU: 1 PID: 9973 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 805.977893][ T9973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.987961][ T9973] Call Trace: [ 805.991275][ T9973] dump_stack+0x1fb/0x318 [ 805.995643][ T9973] should_fail+0x555/0x770 [ 806.000090][ T9973] __should_failslab+0x11a/0x160 [ 806.005046][ T9973] ? ksys_mount+0x6a/0x100 [ 806.009478][ T9973] should_failslab+0x9/0x20 [ 806.013646][ T26] audit: type=1804 audit(1574009759.033:282): pid=9977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1294/file0" dev="sda1" ino=16665 res=1 [ 806.013985][ T9973] __kmalloc_track_caller+0x79/0x340 [ 806.014004][ T9973] strndup_user+0x76/0x130 [ 806.047493][ T9973] ksys_mount+0x6a/0x100 16:55:59 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x8000000) [ 806.051746][ T9973] __x64_sys_mount+0xbf/0xd0 [ 806.056347][ T9973] do_syscall_64+0xf7/0x1c0 [ 806.060862][ T9973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.066911][ T9973] RIP: 0033:0x45d08a [ 806.070803][ T9973] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 806.090718][ T9973] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 806.099282][ T9973] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 806.107532][ T9973] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 806.115603][ T9973] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 806.123665][ T9973] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 806.131639][ T9973] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 806.182125][ T9981] 9pnet: Insufficient options for proto=fd 16:55:59 executing program 1 (fault-call:3 fault-nth:56): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 806.212350][ T26] audit: type=1804 audit(1574009759.233:283): pid=9983 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1295/file0" dev="sda1" ino=16665 res=1 16:55:59 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'dfdno', 0x3d, r1}}) 16:55:59 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x9000000) [ 806.352777][ T9996] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 806.372148][ T26] audit: type=1804 audit(1574009759.393:284): pid=9993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1296/file0" dev="sda1" ino=16653 res=1 16:55:59 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:55:59 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100036c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 806.373269][ T9995] 9pnet: Insufficient options for proto=fd [ 806.409139][ T9996] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 806.441332][ T9998] FAULT_INJECTION: forcing a failure. [ 806.441332][ T9998] name failslab, interval 1, probability 0, space 0, times 0 [ 806.492806][T10002] EXT4-fs (loop0): unsupported inode size: 0 [ 806.500203][T10005] BTRFS error (device loop3): superblock checksum mismatch [ 806.519889][ T9996] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:59 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xa000000) [ 806.547380][ T9998] CPU: 1 PID: 9998 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 806.555236][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.565291][ T9998] Call Trace: [ 806.568670][ T9998] dump_stack+0x1fb/0x318 [ 806.573011][ T9998] should_fail+0x555/0x770 [ 806.573031][ T9998] __should_failslab+0x11a/0x160 [ 806.573048][ T9998] ? tomoyo_encode2+0x273/0x5a0 [ 806.582407][ T9998] should_failslab+0x9/0x20 [ 806.582418][ T9998] __kmalloc+0x7a/0x340 [ 806.582433][ T9998] tomoyo_encode2+0x273/0x5a0 [ 806.582447][ T9998] tomoyo_encode+0x29/0x40 [ 806.582457][ T9998] tomoyo_mount_permission+0x216/0xa30 [ 806.582472][ T9998] ? filename_lookup+0x4b0/0x690 [ 806.582488][ T9998] ? kmem_cache_free+0xd8/0xf0 [ 806.582514][ T9998] tomoyo_sb_mount+0x35/0x40 [ 806.582524][ T9998] security_sb_mount+0x84/0xe0 [ 806.582538][ T9998] do_mount+0x10a/0x2510 [ 806.582547][ T9998] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 806.582554][ T9998] ? copy_mount_options+0x5f/0x3c0 [ 806.582564][ T9998] ? copy_mount_options+0x308/0x3c0 [ 806.582575][ T9998] ksys_mount+0xcc/0x100 [ 806.582586][ T9998] __x64_sys_mount+0xbf/0xd0 [ 806.582602][ T9998] do_syscall_64+0xf7/0x1c0 [ 806.582615][ T9998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.582624][ T9998] RIP: 0033:0x45d08a [ 806.582635][ T9998] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 806.582640][ T9998] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 806.582651][ T9998] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 806.582656][ T9998] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 806.582666][ T9998] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 806.592069][ T9998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 806.592075][ T9998] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 806.745062][ T9996] device gre1 entered promiscuous mode [ 806.753423][T10011] 9pnet: Insufficient options for proto=fd [ 806.782874][ T26] audit: type=1804 audit(1574009759.803:285): pid=10014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1297/file0" dev="sda1" ino=16653 res=1 [ 806.815280][T10005] BTRFS error (device loop3): open_ctree failed 16:55:59 executing program 1 (fault-call:3 fault-nth:57): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:55:59 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60102046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 806.989938][T10005] BTRFS error (device loop3): superblock checksum mismatch [ 807.016369][T10026] FAULT_INJECTION: forcing a failure. [ 807.016369][T10026] name failslab, interval 1, probability 0, space 0, times 0 [ 807.029598][T10026] CPU: 1 PID: 10026 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 807.037512][T10026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.047694][T10026] Call Trace: [ 807.051013][T10026] dump_stack+0x1fb/0x318 [ 807.055356][T10026] should_fail+0x555/0x770 [ 807.060002][T10026] __should_failslab+0x11a/0x160 [ 807.065759][T10026] should_failslab+0x9/0x20 [ 807.070533][T10026] kmem_cache_alloc_trace+0x5d/0x2f0 [ 807.075920][T10026] ? alloc_fs_context+0x65/0x640 [ 807.080854][T10026] alloc_fs_context+0x65/0x640 [ 807.085606][T10026] ? _raw_read_unlock+0x2c/0x50 [ 807.090455][T10026] ? get_fs_type+0x47f/0x500 [ 807.095204][T10026] fs_context_for_mount+0x24/0x30 [ 807.100206][T10026] do_mount+0x10a7/0x2510 [ 807.104523][T10026] ? copy_mount_options+0x308/0x3c0 [ 807.109709][T10026] ksys_mount+0xcc/0x100 [ 807.114058][T10026] __x64_sys_mount+0xbf/0xd0 [ 807.118629][T10026] do_syscall_64+0xf7/0x1c0 [ 807.123120][T10026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.129354][T10026] RIP: 0033:0x45d08a [ 807.133230][T10026] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 807.153172][T10026] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 807.161739][T10026] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 807.169803][T10026] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 807.178916][T10026] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 16:56:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56db6070000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:00 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'gfdno', 0x3d, r1}}) 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xb000000) [ 807.186876][T10026] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 807.194850][T10026] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 807.233211][T10032] 9pnet: Insufficient options for proto=fd [ 807.262190][T10036] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xc000000) [ 807.295381][T10028] EXT4-fs (loop0): unsupported inode size: 0 [ 807.299484][T10036] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 807.311957][T10036] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 807.326991][T10036] device gre1 entered promiscuous mode [ 807.389150][T10005] BTRFS error (device loop3): open_ctree failed 16:56:00 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xd000000) [ 807.431366][T10046] 9pnet: Insufficient options for proto=fd 16:56:00 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60106046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:00 executing program 1 (fault-call:3 fault-nth:58): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:00 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'qfdno', 0x3d, r1}}) [ 807.554447][T10049] BTRFS error (device loop3): superblock checksum mismatch [ 807.563156][T10053] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xe000000) [ 807.609813][T10053] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 807.629375][T10049] BTRFS error (device loop3): open_ctree failed [ 807.636996][T10053] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 807.648759][T10064] FAULT_INJECTION: forcing a failure. [ 807.648759][T10064] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 807.659461][T10066] 9pnet: Insufficient options for proto=fd [ 807.662072][T10064] CPU: 1 PID: 10064 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 807.662080][T10064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.662085][T10064] Call Trace: [ 807.662102][T10064] dump_stack+0x1fb/0x318 [ 807.662121][T10064] should_fail+0x555/0x770 [ 807.675823][T10064] should_fail_alloc_page+0x55/0x60 [ 807.675834][T10064] prepare_alloc_pages+0x283/0x460 [ 807.675849][T10064] __alloc_pages_nodemask+0xb2/0x5d0 [ 807.675869][T10064] kmem_getpages+0x4d/0xa00 [ 807.675892][T10064] cache_grow_begin+0x7e/0x2c0 [ 807.689357][T10064] cache_alloc_refill+0x311/0x3f0 [ 807.689369][T10064] ? check_preemption_disabled+0xb7/0x2a0 [ 807.689384][T10064] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 807.689393][T10064] ? copy_mount_options+0x5f/0x3c0 [ 807.689405][T10064] copy_mount_options+0x5f/0x3c0 [ 807.689416][T10064] ksys_mount+0xa0/0x100 [ 807.689427][T10064] __x64_sys_mount+0xbf/0xd0 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x10000000) [ 807.689440][T10064] do_syscall_64+0xf7/0x1c0 [ 807.689453][T10064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.689462][T10064] RIP: 0033:0x45d08a [ 807.689473][T10064] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 807.689478][T10064] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 807.689488][T10064] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a 16:56:00 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x11000000) [ 807.689494][T10064] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 807.689499][T10064] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 807.689505][T10064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 807.689510][T10064] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 807.851622][T10053] device gre1 entered promiscuous mode [ 807.887601][T10063] EXT4-fs (loop0): unsupported inode size: 0 [ 807.926792][T10079] 9pnet: Insufficient options for proto=fd 16:56:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56df5070000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:01 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x12000000) 16:56:01 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'sfdno', 0x3d, r1}}) 16:56:01 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60110046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:01 executing program 1 (fault-call:3 fault-nth:59): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 808.136322][T10093] 9pnet: Insufficient options for proto=fd [ 808.158629][T10094] BTRFS error (device loop3): superblock checksum mismatch 16:56:01 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x20000000) [ 808.216206][T10105] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 808.229280][T10094] BTRFS error (device loop3): open_ctree failed [ 808.245392][T10105] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 808.273558][T10105] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 808.284331][T10103] FAULT_INJECTION: forcing a failure. [ 808.284331][T10103] name failslab, interval 1, probability 0, space 0, times 0 [ 808.304331][T10100] EXT4-fs (loop0): unsupported inode size: 0 [ 808.311488][T10112] 9pnet: Insufficient options for proto=fd [ 808.339425][T10103] CPU: 0 PID: 10103 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 808.341983][T10105] device gre1 entered promiscuous mode [ 808.347378][T10103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.347384][T10103] Call Trace: [ 808.347404][T10103] dump_stack+0x1fb/0x318 [ 808.347421][T10103] should_fail+0x555/0x770 [ 808.347440][T10103] __should_failslab+0x11a/0x160 [ 808.347453][T10103] ? tomoyo_encode2+0x273/0x5a0 [ 808.347461][T10103] should_failslab+0x9/0x20 [ 808.347475][T10103] __kmalloc+0x7a/0x340 [ 808.393682][T10103] tomoyo_encode2+0x273/0x5a0 [ 808.398473][T10103] tomoyo_realpath_from_path+0x769/0x7c0 [ 808.404103][T10103] tomoyo_mount_permission+0x294/0xa30 [ 808.409733][T10103] ? filename_lookup+0x4b0/0x690 [ 808.414673][T10103] ? kmem_cache_free+0xd8/0xf0 [ 808.419593][T10103] tomoyo_sb_mount+0x35/0x40 [ 808.424180][T10103] security_sb_mount+0x84/0xe0 [ 808.428933][T10103] do_mount+0x10a/0x2510 [ 808.433179][T10103] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 808.438761][T10103] ? copy_mount_options+0x5f/0x3c0 [ 808.443870][T10103] ? copy_mount_options+0x308/0x3c0 [ 808.449053][T10103] ksys_mount+0xcc/0x100 [ 808.453642][T10103] __x64_sys_mount+0xbf/0xd0 [ 808.458230][T10103] do_syscall_64+0xf7/0x1c0 [ 808.462714][T10103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.468586][T10103] RIP: 0033:0x45d08a [ 808.472469][T10103] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 808.492220][T10103] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 808.500630][T10103] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 808.508610][T10103] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 808.516663][T10103] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 808.524642][T10103] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 16:56:01 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x25000000) [ 808.532874][T10103] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 808.549452][T10103] ERROR: Out of memory at tomoyo_realpath_from_path. 16:56:01 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'ufdno', 0x3d, r1}}) 16:56:01 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100056c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:01 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x37000000) 16:56:01 executing program 1 (fault-call:3 fault-nth:60): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 808.663328][T10094] BTRFS error (device loop3): superblock checksum mismatch [ 808.751119][T10129] 9pnet: Insufficient options for proto=fd 16:56:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d000a0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) [ 808.819301][T10094] BTRFS error (device loop3): open_ctree failed [ 808.848263][T10137] FAULT_INJECTION: forcing a failure. [ 808.848263][T10137] name failslab, interval 1, probability 0, space 0, times 0 16:56:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:01 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3f000000) [ 808.891522][T10146] 9pnet: Insufficient options for proto=fd [ 808.906618][T10131] EXT4-fs (loop0): unsupported inode size: 0 [ 808.916585][T10148] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 808.950440][T10148] device gre1 entered promiscuous mode [ 808.958763][T10137] CPU: 1 PID: 10137 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 808.966767][T10137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.977104][T10137] Call Trace: [ 808.980565][T10137] dump_stack+0x1fb/0x318 [ 808.984909][T10137] should_fail+0x555/0x770 [ 808.989330][T10137] __should_failslab+0x11a/0x160 [ 808.994269][T10137] ? tomoyo_encode2+0x273/0x5a0 [ 808.999269][T10137] should_failslab+0x9/0x20 [ 809.003945][T10137] __kmalloc+0x7a/0x340 [ 809.008100][T10137] tomoyo_encode2+0x273/0x5a0 [ 809.012857][T10137] tomoyo_encode+0x29/0x40 [ 809.017267][T10137] tomoyo_mount_permission+0x216/0xa30 [ 809.022809][T10137] ? filename_lookup+0x4b0/0x690 [ 809.027792][T10137] ? kmem_cache_free+0xd8/0xf0 [ 809.032553][T10137] tomoyo_sb_mount+0x35/0x40 [ 809.037262][T10137] security_sb_mount+0x84/0xe0 [ 809.042026][T10137] do_mount+0x10a/0x2510 [ 809.046260][T10137] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 809.051785][T10137] ? copy_mount_options+0x5f/0x3c0 [ 809.056960][T10137] ? copy_mount_options+0x308/0x3c0 [ 809.062158][T10137] ksys_mount+0xcc/0x100 [ 809.066409][T10137] __x64_sys_mount+0xbf/0xd0 [ 809.072137][T10137] do_syscall_64+0xf7/0x1c0 [ 809.076630][T10137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.082510][T10137] RIP: 0033:0x45d08a [ 809.086403][T10137] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 809.105999][T10137] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 809.114394][T10137] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 809.122348][T10137] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 809.130311][T10137] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 809.138405][T10137] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 16:56:02 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x40000000) [ 809.146397][T10137] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:56:02 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'w%dno', 0x3d, r1}}) 16:56:02 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100066c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:02 executing program 1 (fault-call:3 fault-nth:61): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:02 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x48000000) [ 809.262478][T10154] BTRFS error (device loop3): superblock checksum mismatch [ 809.346197][T10168] FAULT_INJECTION: forcing a failure. [ 809.346197][T10168] name failslab, interval 1, probability 0, space 0, times 0 [ 809.357197][T10173] 9pnet: Insufficient options for proto=fd [ 809.365403][T10154] BTRFS error (device loop3): open_ctree failed 16:56:02 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4c000000) [ 809.393904][T10175] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 809.395135][T10168] CPU: 1 PID: 10168 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 809.411260][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.421315][T10168] Call Trace: [ 809.421334][T10168] dump_stack+0x1fb/0x318 [ 809.421350][T10168] should_fail+0x555/0x770 [ 809.421368][T10168] __should_failslab+0x11a/0x160 [ 809.421381][T10168] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 809.421388][T10168] should_failslab+0x9/0x20 [ 809.421395][T10168] __kmalloc+0x7a/0x340 [ 809.421403][T10168] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 809.421415][T10168] tomoyo_realpath_from_path+0xdc/0x7c0 [ 809.421432][T10168] tomoyo_mount_permission+0x294/0xa30 [ 809.421445][T10168] ? filename_lookup+0x4b0/0x690 [ 809.421459][T10168] ? kmem_cache_free+0xd8/0xf0 [ 809.421486][T10168] tomoyo_sb_mount+0x35/0x40 [ 809.421498][T10168] security_sb_mount+0x84/0xe0 [ 809.421512][T10168] do_mount+0x10a/0x2510 [ 809.421522][T10168] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 809.421528][T10168] ? copy_mount_options+0x5f/0x3c0 [ 809.421548][T10168] ? copy_mount_options+0x308/0x3c0 [ 809.438474][T10168] ksys_mount+0xcc/0x100 [ 809.438488][T10168] __x64_sys_mount+0xbf/0xd0 [ 809.438504][T10168] do_syscall_64+0xf7/0x1c0 [ 809.448707][T10168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.448721][T10168] RIP: 0033:0x45d08a [ 809.458581][T10168] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 809.458588][T10168] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 809.458598][T10168] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 809.458604][T10168] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 809.458611][T10168] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 809.458616][T10168] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 809.458622][T10168] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 809.466596][T10168] ERROR: Out of memory at tomoyo_realpath_from_path. [ 809.620794][T10175] device gre1 entered promiscuous mode 16:56:02 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5c000000) 16:56:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 809.664160][T10165] EXT4-fs (loop0): unsupported inode size: 0 [ 809.691747][T10186] 9pnet: Insufficient options for proto=fd 16:56:02 executing program 1 (fault-call:3 fault-nth:62): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08020000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:02 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60104066c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:02 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'w.dno', 0x3d, r1}}) [ 809.888659][T10194] BTRFS error (device loop3): superblock checksum mismatch [ 809.927102][T10201] FAULT_INJECTION: forcing a failure. 16:56:02 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x68000000) [ 809.927102][T10201] name failslab, interval 1, probability 0, space 0, times 0 [ 809.999538][T10194] BTRFS error (device loop3): open_ctree failed [ 810.008566][T10208] 9pnet: Insufficient options for proto=fd [ 810.033770][T10201] CPU: 1 PID: 10201 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 810.041714][T10201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.051770][T10201] Call Trace: [ 810.053292][T10215] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 810.055087][T10201] dump_stack+0x1fb/0x318 [ 810.055107][T10201] should_fail+0x555/0x770 [ 810.055126][T10201] __should_failslab+0x11a/0x160 [ 810.055142][T10201] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 810.073160][T10201] should_failslab+0x9/0x20 [ 810.073172][T10201] __kmalloc+0x7a/0x340 [ 810.073189][T10201] tomoyo_realpath_from_path+0xdc/0x7c0 [ 810.073207][T10201] tomoyo_mount_permission+0x923/0xa30 [ 810.073228][T10201] ? kmem_cache_free+0xd8/0xf0 [ 810.073252][T10201] tomoyo_sb_mount+0x35/0x40 [ 810.084664][T10201] security_sb_mount+0x84/0xe0 [ 810.093324][T10201] do_mount+0x10a/0x2510 [ 810.093337][T10201] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 810.093345][T10201] ? copy_mount_options+0x5f/0x3c0 [ 810.093360][T10201] ? copy_mount_options+0x308/0x3c0 [ 810.104374][T10201] ksys_mount+0xcc/0x100 [ 810.113735][T10201] __x64_sys_mount+0xbf/0xd0 [ 810.113753][T10201] do_syscall_64+0xf7/0x1c0 [ 810.113768][T10201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.113777][T10201] RIP: 0033:0x45d08a [ 810.113786][T10201] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 810.113795][T10201] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 810.122769][T10201] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a 16:56:03 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6c000000) [ 810.122775][T10201] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 810.122780][T10201] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 810.122784][T10201] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 810.122789][T10201] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 810.123738][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 810.123746][ T26] audit: type=1804 audit(1574009763.153:301): pid=10216 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1313/file0" dev="sda1" ino=16702 res=1 [ 810.144604][ T26] audit: type=1804 audit(1574009763.163:302): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1313/file0" dev="sda1" ino=16702 res=1 [ 810.216484][T10201] ERROR: Out of memory at tomoyo_realpath_from_path. [ 810.297262][T10215] device gre1 entered promiscuous mode [ 810.297552][T10218] 9pnet: Insufficient options for proto=fd [ 810.338760][T10206] EXT4-fs (loop0): unsupported inode size: 0 16:56:03 executing program 1 (fault-call:3 fault-nth:63): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 810.373295][T10194] BTRFS error (device loop3): superblock checksum mismatch [ 810.380856][ T26] audit: type=1804 audit(1574009763.403:303): pid=10225 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1314/file0" dev="sda1" ino=16709 res=1 16:56:03 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'w/dno', 0x3d, r1}}) 16:56:03 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x74000000) 16:56:03 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100076c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 810.469476][T10194] BTRFS error (device loop3): open_ctree failed 16:56:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 810.555773][ T26] audit: type=1804 audit(1574009763.573:304): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1315/file0" dev="sda1" ino=16675 res=1 [ 810.590480][T10230] FAULT_INJECTION: forcing a failure. [ 810.590480][T10230] name failslab, interval 1, probability 0, space 0, times 0 [ 810.612089][T10244] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 810.620740][T10239] 9pnet: Insufficient options for proto=fd [ 810.649171][T10244] device gre1 entered promiscuous mode [ 810.654855][T10230] CPU: 1 PID: 10230 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 810.662742][T10230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.662748][T10230] Call Trace: [ 810.662766][T10230] dump_stack+0x1fb/0x318 [ 810.662785][T10230] should_fail+0x555/0x770 [ 810.685312][T10230] __should_failslab+0x11a/0x160 [ 810.690289][T10230] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 810.696016][T10230] should_failslab+0x9/0x20 [ 810.700525][T10230] __kmalloc+0x7a/0x340 [ 810.704695][T10230] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 810.710429][T10230] tomoyo_realpath_from_path+0xdc/0x7c0 [ 810.715999][T10230] tomoyo_mount_permission+0x923/0xa30 [ 810.721482][T10230] ? kmem_cache_free+0xd8/0xf0 [ 810.726267][T10230] tomoyo_sb_mount+0x35/0x40 [ 810.726282][T10230] security_sb_mount+0x84/0xe0 [ 810.726298][T10230] do_mount+0x10a/0x2510 [ 810.726309][T10230] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 810.726321][T10230] ? copy_mount_options+0x5f/0x3c0 [ 810.735659][T10230] ? copy_mount_options+0x308/0x3c0 [ 810.755679][T10230] ksys_mount+0xcc/0x100 [ 810.759911][T10230] __x64_sys_mount+0xbf/0xd0 [ 810.764485][T10230] do_syscall_64+0xf7/0x1c0 [ 810.768966][T10230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.774841][T10230] RIP: 0033:0x45d08a [ 810.778716][T10230] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 810.798302][T10230] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 16:56:03 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7a000000) [ 810.806798][T10230] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 810.814750][T10230] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 810.822728][T10230] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 810.830703][T10230] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 810.839350][T10230] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 810.864853][T10241] EXT4-fs (loop0): unsupported inode size: 0 16:56:04 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100096c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 810.897130][ T26] audit: type=1804 audit(1574009763.913:305): pid=10253 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1316/file0" dev="sda1" ino=16709 res=1 [ 810.899266][T10230] ERROR: Out of memory at tomoyo_realpath_from_path. [ 810.937050][T10246] BTRFS error (device loop3): superblock checksum mismatch [ 810.996658][T10258] 9pnet: Insufficient options for proto=fd 16:56:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08030000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xeaffffff) 16:56:04 executing program 1 (fault-call:3 fault-nth:64): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 811.039576][T10246] BTRFS error (device loop3): open_ctree failed 16:56:04 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'w\\dno', 0x3d, r1}}) 16:56:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xefffffff) [ 811.101320][ T26] audit: type=1804 audit(1574009764.123:306): pid=10264 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1317/file0" dev="sda1" ino=16694 res=1 [ 811.163574][T10273] validate_nla: 8 callbacks suppressed [ 811.163580][T10273] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 811.168501][T10266] FAULT_INJECTION: forcing a failure. [ 811.168501][T10266] name failslab, interval 1, probability 0, space 0, times 0 [ 811.169493][T10273] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 811.199091][T10266] CPU: 1 PID: 10266 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 811.207036][T10266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.216645][T10262] EXT4-fs (loop0): unsupported inode size: 0 [ 811.217103][T10266] Call Trace: [ 811.217122][T10266] dump_stack+0x1fb/0x318 [ 811.217140][T10266] should_fail+0x555/0x770 [ 811.234924][T10273] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 811.235284][T10266] __should_failslab+0x11a/0x160 [ 811.249858][T10266] should_failslab+0x9/0x20 [ 811.249869][T10266] kmem_cache_alloc_trace+0x5d/0x2f0 [ 811.249880][T10266] ? alloc_fs_context+0x65/0x640 [ 811.249898][T10266] alloc_fs_context+0x65/0x640 [ 811.249913][T10266] ? _raw_read_unlock+0x2c/0x50 [ 811.249925][T10266] ? get_fs_type+0x47f/0x500 [ 811.249936][T10266] fs_context_for_mount+0x24/0x30 [ 811.249945][T10266] do_mount+0x10a7/0x2510 [ 811.249959][T10266] ? copy_mount_options+0x308/0x3c0 [ 811.249970][T10266] ksys_mount+0xcc/0x100 [ 811.249981][T10266] __x64_sys_mount+0xbf/0xd0 [ 811.249994][T10266] do_syscall_64+0xf7/0x1c0 [ 811.250008][T10266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.259802][T10266] RIP: 0033:0x45d08a [ 811.259813][T10266] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 811.259818][T10266] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 811.259840][T10266] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 811.259847][T10266] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 811.259853][T10266] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 811.259859][T10266] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 811.259865][T10266] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 811.293879][T10279] 9pnet: Insufficient options for proto=fd 16:56:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xf7ffffff) [ 811.295144][ T26] audit: type=1804 audit(1574009764.293:307): pid=10280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1318/file0" dev="sda1" ino=16708 res=1 16:56:04 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601000a6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:04 executing program 1 (fault-call:3 fault-nth:65): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 811.458494][T10273] device gre1 entered promiscuous mode 16:56:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xfeffffff) [ 811.495806][ T26] audit: type=1804 audit(1574009764.513:308): pid=10288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1319/file0" dev="sda1" ino=16708 res=1 [ 811.537083][T10246] BTRFS error (device loop3): superblock checksum mismatch [ 811.551856][T10293] 9pnet: Insufficient options for proto=fd [ 811.607604][T10294] FAULT_INJECTION: forcing a failure. [ 811.607604][T10294] name failslab, interval 1, probability 0, space 0, times 0 [ 811.621190][ T26] audit: type=1804 audit(1574009764.623:309): pid=10297 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1320/file0" dev="sda1" ino=16704 res=1 [ 811.660411][T10294] CPU: 0 PID: 10294 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 811.668358][T10294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.678499][T10294] Call Trace: [ 811.681801][T10294] dump_stack+0x1fb/0x318 [ 811.686150][T10294] should_fail+0x555/0x770 [ 811.690597][T10294] __should_failslab+0x11a/0x160 [ 811.695549][T10294] ? vfs_parse_fs_string+0xed/0x1a0 [ 811.700766][T10294] should_failslab+0x9/0x20 [ 811.705441][T10294] __kmalloc_track_caller+0x79/0x340 [ 811.710811][T10294] kmemdup_nul+0x2a/0xa0 [ 811.715040][T10294] vfs_parse_fs_string+0xed/0x1a0 [ 811.720047][T10294] do_mount+0x11b8/0x2510 [ 811.724446][T10294] ? copy_mount_options+0x308/0x3c0 [ 811.729651][T10294] ksys_mount+0xcc/0x100 [ 811.733874][T10294] __x64_sys_mount+0xbf/0xd0 [ 811.738446][T10294] do_syscall_64+0xf7/0x1c0 [ 811.743018][T10294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.748892][T10294] RIP: 0033:0x45d08a [ 811.752785][T10294] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 811.772824][T10294] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 811.781581][T10294] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 811.789541][T10294] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 811.797506][T10294] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 16:56:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:04 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xff0c0000) 16:56:04 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfIno', 0x3d, r1}}) [ 811.805897][T10294] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 811.813865][T10294] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 811.833081][T10246] BTRFS error (device loop3): open_ctree failed [ 811.846739][T10291] EXT4-fs (loop0): unsupported inode size: 0 [ 811.913978][ T26] audit: type=1804 audit(1574009764.933:310): pid=10306 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1321/file0" dev="sda1" ino=16701 res=1 [ 811.921794][T10307] 9pnet: Insufficient options for proto=fd [ 811.963166][T10312] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 812.046061][T10312] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 812.057463][T10315] BTRFS error (device loop3): superblock checksum mismatch [ 812.071928][T10312] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 812.088076][T10312] device gre1 entered promiscuous mode [ 812.139782][T10315] BTRFS error (device loop3): open_ctree failed [ 812.181747][T10321] 9pnet: Insufficient options for proto=fd [ 812.198249][T10315] BTRFS error (device loop3): superblock checksum mismatch [ 812.239214][T10315] BTRFS error (device loop3): open_ctree failed 16:56:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08040000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xffffffea) 16:56:05 executing program 1 (fault-call:3 fault-nth:66): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:05 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601000b6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:05 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfQno', 0x3d, r1}}) 16:56:05 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xffffffef) [ 812.357462][T10332] 9pnet: Insufficient options for proto=fd [ 812.372207][T10342] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 812.383102][T10342] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 812.392321][T10342] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 812.413684][T10342] device gre1 entered promiscuous mode [ 812.428802][T10330] FAULT_INJECTION: forcing a failure. [ 812.428802][T10330] name failslab, interval 1, probability 0, space 0, times 0 [ 812.444861][T10330] CPU: 0 PID: 10330 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 812.453716][T10330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.453724][T10330] Call Trace: [ 812.453744][T10330] dump_stack+0x1fb/0x318 [ 812.453762][T10330] should_fail+0x555/0x770 [ 812.453779][T10330] __should_failslab+0x11a/0x160 [ 812.453792][T10330] ? btrfs_mount+0x83/0x18e0 [ 812.453801][T10330] should_failslab+0x9/0x20 [ 812.453811][T10330] __kmalloc_track_caller+0x79/0x340 [ 812.453821][T10330] ? __fs_reclaim_release+0x4/0x20 [ 812.453839][T10330] kstrdup+0x34/0x70 [ 812.453849][T10330] btrfs_mount+0x83/0x18e0 [ 812.453865][T10330] ? check_preemption_disabled+0x47/0x2a0 [ 812.453879][T10330] ? vfs_parse_fs_string+0x13b/0x1a0 [ 812.453889][T10330] ? cap_capable+0x250/0x290 [ 812.453900][T10330] ? safesetid_security_capable+0x89/0xf0 [ 812.453915][T10330] legacy_get_tree+0xf9/0x1a0 [ 812.453924][T10330] ? btrfs_resize_thread_pool+0x290/0x290 [ 812.453936][T10330] vfs_get_tree+0x8b/0x2a0 [ 812.453946][T10330] do_mount+0x16c0/0x2510 [ 812.453960][T10330] ? copy_mount_options+0x308/0x3c0 [ 812.453969][T10330] ksys_mount+0xcc/0x100 [ 812.453980][T10330] __x64_sys_mount+0xbf/0xd0 [ 812.453992][T10330] do_syscall_64+0xf7/0x1c0 [ 812.454004][T10330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.454013][T10330] RIP: 0033:0x45d08a [ 812.454022][T10330] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 812.454034][T10330] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 812.471716][T10330] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 812.471724][T10330] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 812.471730][T10330] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 812.471735][T10330] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 812.471741][T10330] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:56:05 executing program 1 (fault-call:3 fault-nth:67): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 812.681160][T10341] BTRFS error (device loop3): superblock checksum mismatch [ 812.691404][T10331] EXT4-fs (loop0): unsupported inode size: 0 [ 812.714889][T10351] 9pnet: Insufficient options for proto=fd 16:56:05 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xfffffff7) 16:56:05 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601000c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:05 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfRno', 0x3d, r1}}) [ 812.812102][T10341] BTRFS error (device loop3): open_ctree failed [ 812.812570][T10361] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 812.867825][T10361] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 812.892122][T10364] FAULT_INJECTION: forcing a failure. [ 812.892122][T10364] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 812.905365][T10364] CPU: 1 PID: 10364 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 812.913255][T10364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.923319][T10364] Call Trace: [ 812.926619][T10364] dump_stack+0x1fb/0x318 [ 812.931014][T10364] should_fail+0x555/0x770 [ 812.935444][T10364] should_fail_alloc_page+0x55/0x60 [ 812.940652][T10364] prepare_alloc_pages+0x283/0x460 [ 812.945765][T10364] __alloc_pages_nodemask+0xb2/0x5d0 [ 812.945787][T10364] kmem_getpages+0x4d/0xa00 [ 812.945800][T10364] cache_grow_begin+0x7e/0x2c0 [ 812.960436][T10364] cache_alloc_refill+0x311/0x3f0 [ 812.965468][T10364] ? check_preemption_disabled+0xb7/0x2a0 [ 812.971187][T10364] __kmalloc+0x318/0x340 [ 812.975457][T10364] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 812.981263][T10364] tomoyo_realpath_from_path+0xdc/0x7c0 [ 812.981283][T10364] tomoyo_mount_permission+0x923/0xa30 [ 812.981303][T10364] ? kmem_cache_free+0xd8/0xf0 [ 812.981329][T10364] tomoyo_sb_mount+0x35/0x40 [ 812.981340][T10364] security_sb_mount+0x84/0xe0 [ 812.981354][T10364] do_mount+0x10a/0x2510 [ 812.981364][T10364] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 812.981371][T10364] ? copy_mount_options+0x5f/0x3c0 [ 812.981383][T10364] ? copy_mount_options+0x308/0x3c0 [ 812.981393][T10364] ksys_mount+0xcc/0x100 [ 812.981403][T10364] __x64_sys_mount+0xbf/0xd0 [ 812.981417][T10364] do_syscall_64+0xf7/0x1c0 [ 812.981430][T10364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.981439][T10364] RIP: 0033:0x45d08a 16:56:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xfffffffe) [ 812.981449][T10364] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 812.981455][T10364] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 812.981463][T10364] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 812.981471][T10364] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 812.987094][T10361] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 812.992461][T10364] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 812.992467][T10364] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 812.992472][T10364] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 813.044665][T10368] EXT4-fs (loop0): unsupported inode size: 0 [ 813.136023][T10376] 9pnet: Insufficient options for proto=fd [ 813.163476][T10361] device gre1 entered promiscuous mode [ 813.271927][T10381] 9pnet: Insufficient options for proto=fd 16:56:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08050000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1000000000000) 16:56:06 executing program 1 (fault-call:3 fault-nth:68): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:06 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601000d6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:06 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:06 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfSno', 0x3d, r1}}) [ 813.453393][T10392] BTRFS error (device loop3): superblock checksum mismatch [ 813.466855][T10388] FAULT_INJECTION: forcing a failure. [ 813.466855][T10388] name failslab, interval 1, probability 0, space 0, times 0 [ 813.485896][T10403] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 813.496014][T10391] 9pnet: Insufficient options for proto=fd [ 813.499261][T10403] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 813.507376][T10388] CPU: 0 PID: 10388 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 813.518111][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.528167][T10388] Call Trace: [ 813.531457][T10388] dump_stack+0x1fb/0x318 [ 813.535767][T10388] should_fail+0x555/0x770 [ 813.540200][T10388] __should_failslab+0x11a/0x160 [ 813.545125][T10388] ? tomoyo_encode2+0x273/0x5a0 [ 813.549955][T10388] should_failslab+0x9/0x20 [ 813.554434][T10388] __kmalloc+0x7a/0x340 [ 813.558870][T10388] tomoyo_encode2+0x273/0x5a0 [ 813.563533][T10388] tomoyo_realpath_from_path+0x769/0x7c0 [ 813.569250][T10388] tomoyo_mount_permission+0x923/0xa30 [ 813.574720][T10388] ? kmem_cache_free+0xd8/0xf0 [ 813.579484][T10388] tomoyo_sb_mount+0x35/0x40 [ 813.584073][T10388] security_sb_mount+0x84/0xe0 [ 813.589513][T10388] do_mount+0x10a/0x2510 [ 813.593824][T10388] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 813.599346][T10388] ? copy_mount_options+0x5f/0x3c0 [ 813.604978][T10388] ? copy_mount_options+0x308/0x3c0 [ 813.610182][T10388] ksys_mount+0xcc/0x100 [ 813.614408][T10388] __x64_sys_mount+0xbf/0xd0 [ 813.618995][T10388] do_syscall_64+0xf7/0x1c0 [ 813.623483][T10388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.629364][T10388] RIP: 0033:0x45d08a [ 813.633274][T10388] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 16:56:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x100000000000000) [ 813.652864][T10388] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 813.661276][T10388] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 813.669231][T10388] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 813.677192][T10388] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 813.685143][T10388] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 813.693100][T10388] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 813.710895][T10388] ERROR: Out of memory at tomoyo_realpath_from_path. [ 813.719414][T10403] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 813.739662][T10395] EXT4-fs (loop0): unsupported inode size: 0 16:56:06 executing program 1 (fault-call:3 fault-nth:69): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 813.759747][T10392] BTRFS error (device loop3): open_ctree failed 16:56:06 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x200000000000000) [ 813.803163][T10411] 9pnet: Insufficient options for proto=fd [ 813.815377][T10403] device gre1 entered promiscuous mode 16:56:06 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfTno', 0x3d, r1}}) 16:56:07 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601000e6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x300000000000000) [ 814.014600][T10425] 9pnet: Insufficient options for proto=fd [ 814.028059][T10420] FAULT_INJECTION: forcing a failure. [ 814.028059][T10420] name failslab, interval 1, probability 0, space 0, times 0 [ 814.047151][T10420] CPU: 1 PID: 10420 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 814.055083][T10420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.065147][T10420] Call Trace: [ 814.068622][T10420] dump_stack+0x1fb/0x318 [ 814.072952][T10420] should_fail+0x555/0x770 [ 814.077381][T10420] __should_failslab+0x11a/0x160 [ 814.082436][T10420] ? tomoyo_encode2+0x273/0x5a0 [ 814.087270][T10420] should_failslab+0x9/0x20 [ 814.091936][T10420] __kmalloc+0x7a/0x340 [ 814.096163][T10420] tomoyo_encode2+0x273/0x5a0 [ 814.100828][T10420] tomoyo_realpath_from_path+0x769/0x7c0 [ 814.106457][T10420] tomoyo_mount_permission+0x923/0xa30 [ 814.111927][T10420] ? kmem_cache_free+0xd8/0xf0 [ 814.116728][T10420] tomoyo_sb_mount+0x35/0x40 [ 814.121375][T10420] security_sb_mount+0x84/0xe0 [ 814.126148][T10420] do_mount+0x10a/0x2510 [ 814.130379][T10420] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 814.136626][T10420] ? copy_mount_options+0x5f/0x3c0 [ 814.141741][T10420] ? copy_mount_options+0x308/0x3c0 [ 814.146956][T10420] ksys_mount+0xcc/0x100 [ 814.151187][T10420] __x64_sys_mount+0xbf/0xd0 [ 814.155769][T10420] do_syscall_64+0xf7/0x1c0 [ 814.160260][T10420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.166306][T10420] RIP: 0033:0x45d08a [ 814.170185][T10420] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 814.190232][T10420] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 814.198640][T10420] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 814.206614][T10420] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 814.214571][T10420] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 814.222540][T10420] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 814.230597][T10420] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 814.240100][T10420] ERROR: Out of memory at tomoyo_realpath_from_path. [ 814.252116][T10429] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 814.287425][T10392] BTRFS error (device loop3): superblock checksum mismatch [ 814.318630][T10429] device gre1 entered promiscuous mode [ 814.332246][T10439] 9pnet: Insufficient options for proto=fd [ 814.401943][T10434] EXT4-fs (loop0): unsupported inode size: 0 [ 814.429298][T10392] BTRFS error (device loop3): open_ctree failed 16:56:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08060000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:07 executing program 1 (fault-call:3 fault-nth:70): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x400000000000000) 16:56:07 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfVno', 0x3d, r1}}) 16:56:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:07 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601410f6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 814.593969][T10454] 9pnet: Insufficient options for proto=fd [ 814.605346][T10449] FAULT_INJECTION: forcing a failure. [ 814.605346][T10449] name failslab, interval 1, probability 0, space 0, times 0 [ 814.625486][T10452] BTRFS error (device loop3): superblock checksum mismatch [ 814.631554][T10461] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 814.658044][T10449] CPU: 0 PID: 10449 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 814.666059][T10449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.676224][T10449] Call Trace: [ 814.676243][T10449] dump_stack+0x1fb/0x318 [ 814.676258][T10449] should_fail+0x555/0x770 [ 814.676274][T10449] __should_failslab+0x11a/0x160 [ 814.676285][T10449] should_failslab+0x9/0x20 [ 814.676293][T10449] kmem_cache_alloc_trace+0x5d/0x2f0 [ 814.676307][T10449] ? alloc_fs_context+0x65/0x640 [ 814.707930][T10449] alloc_fs_context+0x65/0x640 [ 814.712777][T10449] ? kfree+0x194/0x200 [ 814.716833][T10449] fs_context_for_mount+0x24/0x30 [ 814.721857][T10449] vfs_kern_mount+0x2c/0x160 [ 814.726474][T10449] btrfs_mount+0x34f/0x18e0 [ 814.730959][T10449] ? check_preemption_disabled+0x47/0x2a0 [ 814.736659][T10449] ? vfs_parse_fs_string+0x13b/0x1a0 [ 814.741919][T10449] ? cap_capable+0x250/0x290 [ 814.746490][T10449] ? safesetid_security_capable+0x89/0xf0 [ 814.752467][T10449] legacy_get_tree+0xf9/0x1a0 [ 814.757125][T10449] ? btrfs_resize_thread_pool+0x290/0x290 [ 814.762829][T10449] vfs_get_tree+0x8b/0x2a0 [ 814.767232][T10449] do_mount+0x16c0/0x2510 [ 814.771577][T10449] ? copy_mount_options+0x308/0x3c0 [ 814.776759][T10449] ksys_mount+0xcc/0x100 [ 814.780984][T10449] __x64_sys_mount+0xbf/0xd0 [ 814.785572][T10449] do_syscall_64+0xf7/0x1c0 [ 814.790079][T10449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.795950][T10449] RIP: 0033:0x45d08a [ 814.799828][T10449] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 814.819598][T10449] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 814.828000][T10449] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 814.835954][T10449] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 814.843908][T10449] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 16:56:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x500000000000000) [ 814.851861][T10449] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 814.859825][T10449] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 814.880361][T10461] device gre1 entered promiscuous mode 16:56:07 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x600000000000000) [ 814.915866][T10460] EXT4-fs (loop0): unsupported inode size: 0 16:56:08 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60104106c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:08 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x700000000000000) [ 815.002280][T10475] 9pnet: Insufficient options for proto=fd 16:56:08 executing program 1 (fault-call:3 fault-nth:71): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:08 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wf\\no', 0x3d, r1}}) [ 815.079706][T10452] BTRFS error (device loop3): open_ctree failed [ 815.131561][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 815.131569][ T26] audit: type=1804 audit(1574009768.153:322): pid=10483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1333/file0" dev="sda1" ino=16575 res=1 [ 815.196716][T10486] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 815.208271][T10488] 9pnet: Insufficient options for proto=fd [ 815.233507][T10486] device gre1 entered promiscuous mode [ 815.240003][T10480] EXT4-fs (loop0): unsupported inode size: 0 [ 815.249750][T10452] BTRFS error (device loop3): superblock checksum mismatch [ 815.266166][T10496] FAULT_INJECTION: forcing a failure. [ 815.266166][T10496] name failslab, interval 1, probability 0, space 0, times 0 [ 815.288445][T10496] CPU: 1 PID: 10496 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 815.296401][T10496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.310427][T10496] Call Trace: [ 815.313728][T10496] dump_stack+0x1fb/0x318 [ 815.318217][T10496] should_fail+0x555/0x770 [ 815.322623][T10496] __should_failslab+0x11a/0x160 [ 815.328086][T10496] ? btrfs_mount_root+0x2f4/0x1040 [ 815.333292][T10496] should_failslab+0x9/0x20 [ 815.337777][T10496] __kmalloc_track_caller+0x79/0x340 [ 815.343053][T10496] kstrdup+0x34/0x70 [ 815.346932][T10496] btrfs_mount_root+0x2f4/0x1040 [ 815.351866][T10496] ? vfs_parse_fs_string+0x13b/0x1a0 [ 815.357142][T10496] ? rcu_read_lock_sched_held+0x10b/0x170 [ 815.362853][T10496] ? trace_kfree+0xb2/0x110 [ 815.367364][T10496] legacy_get_tree+0xf9/0x1a0 [ 815.372043][T10496] ? btrfs_control_open+0x40/0x40 [ 815.377055][T10496] vfs_get_tree+0x8b/0x2a0 [ 815.381554][T10496] vfs_kern_mount+0xc2/0x160 [ 815.386230][T10496] btrfs_mount+0x34f/0x18e0 [ 815.390727][T10496] ? check_preemption_disabled+0x47/0x2a0 [ 815.396616][T10496] ? vfs_parse_fs_string+0x13b/0x1a0 [ 815.401888][T10496] ? cap_capable+0x250/0x290 [ 815.406474][T10496] ? safesetid_security_capable+0x89/0xf0 [ 815.412193][T10496] legacy_get_tree+0xf9/0x1a0 [ 815.416856][T10496] ? btrfs_resize_thread_pool+0x290/0x290 [ 815.422613][T10496] vfs_get_tree+0x8b/0x2a0 [ 815.427020][T10496] do_mount+0x16c0/0x2510 [ 815.431520][T10496] ? copy_mount_options+0x308/0x3c0 [ 815.436881][T10496] ksys_mount+0xcc/0x100 [ 815.441294][T10496] __x64_sys_mount+0xbf/0xd0 [ 815.446034][T10496] do_syscall_64+0xf7/0x1c0 [ 815.450561][T10496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.456448][T10496] RIP: 0033:0x45d08a [ 815.460344][T10496] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 815.480557][T10496] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 815.488954][T10496] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 815.496910][T10496] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 815.504873][T10496] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 815.512830][T10496] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 815.520781][T10496] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 815.612224][T10501] 9pnet: Insufficient options for proto=fd [ 815.660170][T10452] BTRFS error (device loop3): open_ctree failed 16:56:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08070000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:08 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x800000000000000) 16:56:08 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60120106c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:08 executing program 1 (fault-call:3 fault-nth:72): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:08 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:08 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfbno', 0x3d, r1}}) [ 815.853548][ T26] audit: type=1804 audit(1574009768.873:323): pid=10506 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1334/file0" dev="sda1" ino=16701 res=1 16:56:08 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x900000000000000) [ 815.918135][T10509] EXT4-fs (loop0): unsupported inode size: 0 [ 815.932735][T10518] 9pnet: Insufficient options for proto=fd [ 815.945889][T10510] FAULT_INJECTION: forcing a failure. [ 815.945889][T10510] name failslab, interval 1, probability 0, space 0, times 0 [ 815.965003][T10515] BTRFS error (device loop3): superblock checksum mismatch [ 815.970295][T10526] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 815.973883][T10510] CPU: 0 PID: 10510 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 815.989501][T10510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.999566][T10510] Call Trace: [ 815.999587][T10510] dump_stack+0x1fb/0x318 [ 815.999601][T10510] should_fail+0x555/0x770 [ 815.999617][T10510] __should_failslab+0x11a/0x160 [ 815.999629][T10510] ? btrfs_mount_root+0x2f4/0x1040 [ 815.999637][T10510] should_failslab+0x9/0x20 [ 815.999645][T10510] __kmalloc_track_caller+0x79/0x340 [ 815.999661][T10510] kstrdup+0x34/0x70 [ 816.007262][T10510] btrfs_mount_root+0x2f4/0x1040 [ 816.016594][T10510] ? vfs_parse_fs_string+0x13b/0x1a0 [ 816.016606][T10510] ? rcu_read_lock_sched_held+0x10b/0x170 [ 816.016615][T10510] ? trace_kfree+0xb2/0x110 [ 816.016630][T10510] legacy_get_tree+0xf9/0x1a0 [ 816.027000][T10510] ? btrfs_control_open+0x40/0x40 [ 816.027015][T10510] vfs_get_tree+0x8b/0x2a0 [ 816.027027][T10510] vfs_kern_mount+0xc2/0x160 [ 816.027041][T10510] btrfs_mount+0x34f/0x18e0 [ 816.036218][T10510] ? check_preemption_disabled+0x47/0x2a0 [ 816.036236][T10510] ? vfs_parse_fs_string+0x13b/0x1a0 [ 816.036250][T10510] ? cap_capable+0x250/0x290 [ 816.046618][T10510] ? safesetid_security_capable+0x89/0xf0 [ 816.046635][T10510] legacy_get_tree+0xf9/0x1a0 [ 816.046645][T10510] ? btrfs_resize_thread_pool+0x290/0x290 [ 816.046658][T10510] vfs_get_tree+0x8b/0x2a0 [ 816.056988][T10510] do_mount+0x16c0/0x2510 [ 816.057006][T10510] ? copy_mount_options+0x308/0x3c0 [ 816.057018][T10510] ksys_mount+0xcc/0x100 [ 816.057033][T10510] __x64_sys_mount+0xbf/0xd0 [ 816.066971][T10510] do_syscall_64+0xf7/0x1c0 [ 816.066987][T10510] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.066996][T10510] RIP: 0033:0x45d08a [ 816.067006][T10510] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 816.067011][T10510] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 816.067021][T10510] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 816.067026][T10510] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 816.067032][T10510] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 816.067042][T10510] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 816.076023][T10510] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 816.224612][T10526] device gre1 entered promiscuous mode 16:56:09 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xa00000000000000) [ 816.257430][ T26] audit: type=1804 audit(1574009769.273:324): pid=10529 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1335/file0" dev="sda1" ino=16739 res=1 [ 816.289764][T10515] BTRFS error (device loop3): open_ctree failed [ 816.302246][T10532] 9pnet: Insufficient options for proto=fd [ 816.326115][ T26] audit: type=1804 audit(1574009769.343:325): pid=10534 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1336/file0" dev="sda1" ino=16739 res=1 16:56:09 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100116c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:09 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfgno', 0x3d, r1}}) [ 816.371390][T10515] BTRFS error (device loop3): superblock checksum mismatch 16:56:09 executing program 1 (fault-call:3 fault-nth:73): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:09 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xb00000000000000) [ 816.429540][T10515] BTRFS error (device loop3): open_ctree failed [ 816.484394][T10547] validate_nla: 8 callbacks suppressed [ 816.484403][T10547] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 816.548389][T10552] 9pnet: Insufficient options for proto=fd [ 816.565863][T10547] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 816.568102][ T26] audit: type=1804 audit(1574009769.583:326): pid=10554 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1337/file0" dev="sda1" ino=16715 res=1 [ 816.576919][T10547] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 816.630367][T10544] EXT4-fs (loop0): unsupported inode size: 0 [ 816.642133][T10547] device gre1 entered promiscuous mode [ 816.650316][T10555] FAULT_INJECTION: forcing a failure. [ 816.650316][T10555] name failslab, interval 1, probability 0, space 0, times 0 [ 816.677083][T10555] CPU: 1 PID: 10555 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 816.685009][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.685016][T10555] Call Trace: [ 816.685034][T10555] dump_stack+0x1fb/0x318 [ 816.685050][T10555] should_fail+0x555/0x770 [ 816.685069][T10555] __should_failslab+0x11a/0x160 [ 816.685083][T10555] should_failslab+0x9/0x20 [ 816.685091][T10555] kmem_cache_alloc_trace+0x5d/0x2f0 [ 816.685101][T10555] ? alloc_fs_context+0x65/0x640 [ 816.685112][T10555] alloc_fs_context+0x65/0x640 [ 816.685126][T10555] ? kfree+0x194/0x200 [ 816.685138][T10555] fs_context_for_mount+0x24/0x30 [ 816.685146][T10555] vfs_kern_mount+0x2c/0x160 [ 816.685157][T10555] btrfs_mount+0x34f/0x18e0 [ 816.685173][T10555] ? check_preemption_disabled+0x47/0x2a0 [ 816.685187][T10555] ? vfs_parse_fs_string+0x13b/0x1a0 [ 816.685196][T10555] ? cap_capable+0x250/0x290 [ 816.685207][T10555] ? safesetid_security_capable+0x89/0xf0 [ 816.685221][T10555] legacy_get_tree+0xf9/0x1a0 [ 816.685231][T10555] ? btrfs_resize_thread_pool+0x290/0x290 [ 816.685242][T10555] vfs_get_tree+0x8b/0x2a0 [ 816.685253][T10555] do_mount+0x16c0/0x2510 [ 816.685268][T10555] ? copy_mount_options+0x308/0x3c0 [ 816.685279][T10555] ksys_mount+0xcc/0x100 [ 816.685290][T10555] __x64_sys_mount+0xbf/0xd0 [ 816.685302][T10555] do_syscall_64+0xf7/0x1c0 [ 816.685317][T10555] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.707409][T10555] RIP: 0033:0x45d08a [ 816.707421][T10555] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 816.707427][T10555] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 816.707437][T10555] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 816.707443][T10555] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 816.707450][T10555] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 816.707455][T10555] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 816.707461][T10555] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 816.910900][T10562] 9pnet: Insufficient options for proto=fd 16:56:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08080000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xc00000000000000) 16:56:10 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100126c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wflno', 0x3d, r1}}) 16:56:10 executing program 1 (fault-call:3 fault-nth:74): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 817.125850][T10575] 9pnet: Insufficient options for proto=fd [ 817.134358][ T26] audit: type=1804 audit(1574009770.153:327): pid=10576 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1338/file0" dev="sda1" ino=16714 res=1 [ 817.157013][T10583] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 817.172178][T10583] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 817.198087][T10579] BTRFS error (device loop3): superblock checksum mismatch [ 817.210172][T10574] FAULT_INJECTION: forcing a failure. [ 817.210172][T10574] name failslab, interval 1, probability 0, space 0, times 0 [ 817.215982][T10583] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 817.233895][T10574] CPU: 0 PID: 10574 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 16:56:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xd00000000000000) [ 817.242093][T10574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.252169][T10574] Call Trace: [ 817.252189][T10574] dump_stack+0x1fb/0x318 [ 817.252205][T10574] should_fail+0x555/0x770 [ 817.252223][T10574] __should_failslab+0x11a/0x160 [ 817.252236][T10574] ? vfs_parse_fs_string+0xed/0x1a0 [ 817.252246][T10574] should_failslab+0x9/0x20 [ 817.252254][T10574] __kmalloc_track_caller+0x79/0x340 [ 817.252268][T10574] kmemdup_nul+0x2a/0xa0 [ 817.259949][T10574] vfs_parse_fs_string+0xed/0x1a0 [ 817.259968][T10574] vfs_kern_mount+0x77/0x160 [ 817.259983][T10574] btrfs_mount+0x34f/0x18e0 [ 817.260000][T10574] ? check_preemption_disabled+0x47/0x2a0 [ 817.260014][T10574] ? vfs_parse_fs_string+0x13b/0x1a0 [ 817.260024][T10574] ? cap_capable+0x250/0x290 [ 817.260038][T10574] ? safesetid_security_capable+0x89/0xf0 [ 817.269451][T10574] legacy_get_tree+0xf9/0x1a0 [ 817.269464][T10574] ? btrfs_resize_thread_pool+0x290/0x290 [ 817.269477][T10574] vfs_get_tree+0x8b/0x2a0 [ 817.269489][T10574] do_mount+0x16c0/0x2510 [ 817.269505][T10574] ? copy_mount_options+0x308/0x3c0 [ 817.269516][T10574] ksys_mount+0xcc/0x100 [ 817.269527][T10574] __x64_sys_mount+0xbf/0xd0 [ 817.269546][T10574] do_syscall_64+0xf7/0x1c0 [ 817.279356][T10574] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.279366][T10574] RIP: 0033:0x45d08a [ 817.279376][T10574] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 817.279382][T10574] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 817.279392][T10574] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 817.279397][T10574] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 817.279402][T10574] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 817.279407][T10574] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 817.279412][T10574] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 817.336458][T10579] BTRFS error (device loop3): open_ctree failed [ 817.352097][T10589] 9pnet: Insufficient options for proto=fd [ 817.423174][ T26] audit: type=1804 audit(1574009770.443:328): pid=10592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1339/file0" dev="sda1" ino=16734 res=1 [ 817.459438][T10583] device gre1 entered promiscuous mode 16:56:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xe00000000000000) 16:56:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfqno', 0x3d, r1}}) [ 817.520332][T10578] EXT4-fs (loop0): unsupported inode size: 0 16:56:10 executing program 1 (fault-call:3 fault-nth:75): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 817.557221][ T26] audit: type=1804 audit(1574009770.573:329): pid=10596 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1340/file0" dev="sda1" ino=16598 res=1 [ 817.621821][T10602] FAULT_INJECTION: forcing a failure. [ 817.621821][T10602] name failslab, interval 1, probability 0, space 0, times 0 [ 817.635289][T10602] CPU: 0 PID: 10602 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 817.645131][T10602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.655455][T10602] Call Trace: [ 817.658760][T10602] dump_stack+0x1fb/0x318 [ 817.660021][T10600] 9pnet: Insufficient options for proto=fd 16:56:10 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601001f6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 817.663109][T10602] should_fail+0x555/0x770 [ 817.663129][T10602] __should_failslab+0x11a/0x160 [ 817.663140][T10602] ? btrfs_mount+0x83/0x18e0 [ 817.663154][T10602] should_failslab+0x9/0x20 [ 817.687494][T10602] __kmalloc_track_caller+0x79/0x340 [ 817.693055][T10602] ? __fs_reclaim_release+0x4/0x20 [ 817.698180][T10602] kstrdup+0x34/0x70 [ 817.702084][T10602] btrfs_mount+0x83/0x18e0 [ 817.706501][T10602] ? check_preemption_disabled+0x47/0x2a0 [ 817.712224][T10602] ? vfs_parse_fs_string+0x13b/0x1a0 [ 817.717494][T10602] ? cap_capable+0x250/0x290 [ 817.722077][T10602] ? safesetid_security_capable+0x89/0xf0 [ 817.727916][T10602] legacy_get_tree+0xf9/0x1a0 [ 817.732601][T10602] ? btrfs_resize_thread_pool+0x290/0x290 [ 817.738315][T10602] vfs_get_tree+0x8b/0x2a0 [ 817.742726][T10602] do_mount+0x16c0/0x2510 [ 817.747056][T10602] ? copy_mount_options+0x308/0x3c0 [ 817.752240][T10602] ksys_mount+0xcc/0x100 [ 817.756498][T10602] __x64_sys_mount+0xbf/0xd0 [ 817.761087][T10602] do_syscall_64+0xf7/0x1c0 [ 817.765577][T10602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.771479][T10602] RIP: 0033:0x45d08a [ 817.775370][T10602] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 817.794972][T10602] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 817.803392][T10602] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 817.811441][T10602] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 16:56:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1000000000000000) [ 817.819585][T10602] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 817.828152][T10602] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 817.836217][T10602] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 817.904399][ T26] audit: type=1804 audit(1574009770.923:330): pid=10611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1341/file0" dev="sda1" ino=16712 res=1 [ 817.940228][T10614] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 817.948453][T10614] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 817.975308][T10618] 9pnet: Insufficient options for proto=fd [ 818.003647][T10609] EXT4-fs (loop0): unsupported inode size: 0 [ 818.007765][T10614] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 818.062049][T10614] device gre1 entered promiscuous mode 16:56:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d08090000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1100000000000000) 16:56:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:11 executing program 1 (fault-call:3 fault-nth:76): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:11 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100206c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfsno', 0x3d, r1}}) 16:56:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x1200000000000000) [ 818.339628][ T26] audit: type=1804 audit(1574009771.363:331): pid=10637 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1342/file0" dev="sda1" ino=16720 res=1 [ 818.394557][T10638] 9pnet: Insufficient options for proto=fd [ 818.410022][T10629] FAULT_INJECTION: forcing a failure. [ 818.410022][T10629] name failslab, interval 1, probability 0, space 0, times 0 [ 818.436982][T10646] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 818.446680][T10635] EXT4-fs (loop0): unsupported inode size: 0 [ 818.457776][T10636] BTRFS error (device loop3): superblock checksum mismatch [ 818.476366][T10629] CPU: 0 PID: 10629 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 818.484306][T10629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.484554][T10646] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 818.497234][T10629] Call Trace: [ 818.497273][T10629] dump_stack+0x1fb/0x318 [ 818.497290][T10629] should_fail+0x555/0x770 [ 818.497308][T10629] __should_failslab+0x11a/0x160 [ 818.497319][T10629] ? getname_kernel+0x59/0x2f0 [ 818.497329][T10629] should_failslab+0x9/0x20 [ 818.497338][T10629] kmem_cache_alloc+0x56/0x2e0 [ 818.497349][T10629] getname_kernel+0x59/0x2f0 16:56:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2000000000000000) [ 818.497359][T10629] kern_path+0x1f/0x40 [ 818.497374][T10629] lookup_bdev+0x66/0x1c0 [ 818.506054][T10646] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 818.508726][T10629] device_list_add+0x7ce/0x18e0 [ 818.508747][T10629] btrfs_scan_one_device+0x2f7/0x450 [ 818.508764][T10629] btrfs_mount_root+0x4af/0x1040 [ 818.508781][T10629] ? trace_kfree+0xb2/0x110 [ 818.517517][T10629] legacy_get_tree+0xf9/0x1a0 [ 818.517527][T10629] ? btrfs_control_open+0x40/0x40 [ 818.517540][T10629] vfs_get_tree+0x8b/0x2a0 [ 818.517552][T10629] vfs_kern_mount+0xc2/0x160 [ 818.517566][T10629] btrfs_mount+0x34f/0x18e0 [ 818.528374][T10629] ? check_preemption_disabled+0x47/0x2a0 [ 818.528393][T10629] ? vfs_parse_fs_string+0x13b/0x1a0 [ 818.528404][T10629] ? cap_capable+0x250/0x290 [ 818.528418][T10629] ? safesetid_security_capable+0x89/0xf0 [ 818.537830][T10629] legacy_get_tree+0xf9/0x1a0 [ 818.537842][T10629] ? btrfs_resize_thread_pool+0x290/0x290 [ 818.537855][T10629] vfs_get_tree+0x8b/0x2a0 [ 818.537866][T10629] do_mount+0x16c0/0x2510 [ 818.537881][T10629] ? copy_mount_options+0x308/0x3c0 [ 818.546682][T10629] ksys_mount+0xcc/0x100 [ 818.546695][T10629] __x64_sys_mount+0xbf/0xd0 [ 818.546711][T10629] do_syscall_64+0xf7/0x1c0 [ 818.546724][T10629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.546736][T10629] RIP: 0033:0x45d08a [ 818.560408][T10629] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 818.560414][T10629] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 818.560423][T10629] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 818.560429][T10629] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 818.560435][T10629] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 818.560441][T10629] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 818.560446][T10629] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 818.746557][T10646] device gre1 entered promiscuous mode 16:56:11 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x2500000000000000) [ 818.771580][T10652] 9pnet: Insufficient options for proto=fd 16:56:11 executing program 1 (fault-call:3 fault-nth:77): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:11 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60110206c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:11 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfuno', 0x3d, r1}}) [ 818.893090][T10636] BTRFS error (device loop3): open_ctree failed [ 818.973454][T10666] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 818.982491][T10666] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 818.990927][T10666] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 819.021771][T10666] device gre1 entered promiscuous mode [ 819.067898][T10664] FAULT_INJECTION: forcing a failure. [ 819.067898][T10664] name failslab, interval 1, probability 0, space 0, times 0 [ 819.074681][T10675] 9pnet: Insufficient options for proto=fd [ 819.087580][T10636] BTRFS error (device loop3): superblock checksum mismatch [ 819.106263][T10669] EXT4-fs (loop0): unsupported inode size: 0 [ 819.123387][T10664] CPU: 0 PID: 10664 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 819.131411][T10664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.141468][T10664] Call Trace: [ 819.145069][T10664] dump_stack+0x1fb/0x318 [ 819.149393][T10664] should_fail+0x555/0x770 [ 819.153799][T10664] __should_failslab+0x11a/0x160 [ 819.158929][T10664] ? btrfs_mount_root+0x2f4/0x1040 [ 819.164087][T10664] should_failslab+0x9/0x20 [ 819.168963][T10664] __kmalloc_track_caller+0x79/0x340 [ 819.174261][T10664] kstrdup+0x34/0x70 [ 819.178157][T10664] btrfs_mount_root+0x2f4/0x1040 [ 819.183081][T10664] ? vfs_parse_fs_string+0x13b/0x1a0 [ 819.188353][T10664] ? rcu_read_lock_sched_held+0x10b/0x170 [ 819.194068][T10664] ? trace_kfree+0xb2/0x110 [ 819.198586][T10664] legacy_get_tree+0xf9/0x1a0 [ 819.203299][T10664] ? btrfs_control_open+0x40/0x40 [ 819.208326][T10664] vfs_get_tree+0x8b/0x2a0 [ 819.212729][T10664] vfs_kern_mount+0xc2/0x160 [ 819.217449][T10664] btrfs_mount+0x34f/0x18e0 [ 819.221953][T10664] ? check_preemption_disabled+0x47/0x2a0 [ 819.227669][T10664] ? vfs_parse_fs_string+0x13b/0x1a0 [ 819.233517][T10664] ? cap_capable+0x250/0x290 [ 819.238103][T10664] ? safesetid_security_capable+0x89/0xf0 [ 819.243819][T10664] legacy_get_tree+0xf9/0x1a0 [ 819.248495][T10664] ? btrfs_resize_thread_pool+0x290/0x290 [ 819.254344][T10664] vfs_get_tree+0x8b/0x2a0 [ 819.258761][T10664] do_mount+0x16c0/0x2510 [ 819.263082][T10664] ? copy_mount_options+0x308/0x3c0 [ 819.268354][T10664] ksys_mount+0xcc/0x100 [ 819.272588][T10664] __x64_sys_mount+0xbf/0xd0 [ 819.277166][T10664] do_syscall_64+0xf7/0x1c0 [ 819.281663][T10664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.287564][T10664] RIP: 0033:0x45d08a [ 819.291456][T10664] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 819.311243][T10664] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 819.320793][T10664] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 819.328883][T10664] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 819.336847][T10664] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 819.344806][T10664] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 819.352866][T10664] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 819.424001][T10636] BTRFS error (device loop3): open_ctree failed [ 819.426679][T10680] 9pnet: Insufficient options for proto=fd 16:56:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d080a0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:12 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3700000000000000) 16:56:12 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100256c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:12 executing program 1 (fault-call:3 fault-nth:78): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:12 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3f00000000000000) 16:56:12 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfwno', 0x3d, r1}}) [ 819.581239][T10694] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 819.593961][T10693] FAULT_INJECTION: forcing a failure. [ 819.593961][T10693] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 819.650800][T10694] device gre1 entered promiscuous mode [ 819.662224][T10693] CPU: 1 PID: 10693 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 819.670245][T10693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.676746][T10705] 9pnet: Insufficient options for proto=fd [ 819.680300][T10693] Call Trace: [ 819.680318][T10693] dump_stack+0x1fb/0x318 [ 819.680335][T10693] should_fail+0x555/0x770 [ 819.680351][T10693] should_fail_alloc_page+0x55/0x60 [ 819.680360][T10693] prepare_alloc_pages+0x283/0x460 [ 819.680374][T10693] __alloc_pages_nodemask+0xb2/0x5d0 [ 819.680385][T10693] ? rcu_lock_release+0x26/0x30 [ 819.680403][T10693] alloc_pages_current+0x2db/0x500 [ 819.680418][T10693] __page_cache_alloc+0x7d/0x1e0 [ 819.680434][T10693] do_read_cache_page+0x1f8/0xcb0 [ 819.733697][T10693] read_cache_page_gfp+0x29/0x30 [ 819.739949][T10693] btrfs_scan_one_device+0x16a/0x450 [ 819.745240][T10693] ? trace_hardirqs_on+0x74/0x80 16:56:12 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4000000000000000) [ 819.750192][T10693] btrfs_mount_root+0x4af/0x1040 [ 819.755159][T10693] ? trace_kfree+0xb2/0x110 [ 819.759685][T10693] legacy_get_tree+0xf9/0x1a0 [ 819.759698][T10693] ? btrfs_control_open+0x40/0x40 [ 819.759712][T10693] vfs_get_tree+0x8b/0x2a0 [ 819.759724][T10693] vfs_kern_mount+0xc2/0x160 [ 819.759735][T10693] btrfs_mount+0x34f/0x18e0 [ 819.759754][T10693] ? check_preemption_disabled+0x47/0x2a0 [ 819.759767][T10693] ? vfs_parse_fs_string+0x13b/0x1a0 [ 819.759777][T10693] ? cap_capable+0x250/0x290 [ 819.759788][T10693] ? safesetid_security_capable+0x89/0xf0 [ 819.759799][T10693] legacy_get_tree+0xf9/0x1a0 [ 819.759807][T10693] ? btrfs_resize_thread_pool+0x290/0x290 [ 819.759822][T10693] vfs_get_tree+0x8b/0x2a0 [ 819.759834][T10693] do_mount+0x16c0/0x2510 [ 819.759849][T10693] ? copy_mount_options+0x308/0x3c0 [ 819.759861][T10693] ksys_mount+0xcc/0x100 [ 819.759872][T10693] __x64_sys_mount+0xbf/0xd0 [ 819.759890][T10693] do_syscall_64+0xf7/0x1c0 [ 819.770429][T10693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.770438][T10693] RIP: 0033:0x45d08a [ 819.770448][T10693] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 819.770453][T10693] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 819.770461][T10693] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 819.770467][T10693] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 819.770473][T10693] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 819.770478][T10693] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 819.770483][T10693] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 819.933136][T10685] EXT4-fs (loop0): unsupported inode size: 0 16:56:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4800000000000000) 16:56:13 executing program 1 (fault-call:3 fault-nth:79): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:13 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601002d6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 819.990404][T10695] BTRFS error (device loop3): superblock checksum mismatch [ 820.021639][T10714] 9pnet: Insufficient options for proto=fd [ 820.069960][T10695] BTRFS error (device loop3): open_ctree failed [ 820.089781][T10717] FAULT_INJECTION: forcing a failure. [ 820.089781][T10717] name failslab, interval 1, probability 0, space 0, times 0 16:56:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x4c00000000000000) [ 820.119597][T10717] CPU: 1 PID: 10717 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 820.127526][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.137584][T10717] Call Trace: [ 820.137606][T10717] dump_stack+0x1fb/0x318 [ 820.137623][T10717] should_fail+0x555/0x770 [ 820.137640][T10717] __should_failslab+0x11a/0x160 [ 820.154584][T10717] ? getname_kernel+0x59/0x2f0 [ 820.159340][T10717] should_failslab+0x9/0x20 [ 820.159351][T10717] kmem_cache_alloc+0x56/0x2e0 [ 820.159364][T10717] getname_kernel+0x59/0x2f0 [ 820.159374][T10717] kern_path+0x1f/0x40 [ 820.159385][T10717] blkdev_get_by_path+0x71/0x270 [ 820.159406][T10717] btrfs_get_bdev_and_sb+0x48/0x280 [ 820.159418][T10717] open_fs_devices+0x14d/0xb40 [ 820.159431][T10717] ? list_sort+0x5fc/0x860 [ 820.159442][T10717] ? btrfs_open_devices+0x1b0/0x1b0 [ 820.159458][T10717] btrfs_open_devices+0x11d/0x1b0 [ 820.159473][T10717] btrfs_mount_root+0x6ef/0x1040 [ 820.159490][T10717] ? trace_kfree+0xb2/0x110 [ 820.159504][T10717] legacy_get_tree+0xf9/0x1a0 [ 820.159513][T10717] ? btrfs_control_open+0x40/0x40 [ 820.159529][T10717] vfs_get_tree+0x8b/0x2a0 [ 820.173346][T10717] vfs_kern_mount+0xc2/0x160 [ 820.173361][T10717] btrfs_mount+0x34f/0x18e0 [ 820.173380][T10717] ? check_preemption_disabled+0x47/0x2a0 [ 820.245742][T10717] ? vfs_parse_fs_string+0x13b/0x1a0 [ 820.255020][T10717] ? cap_capable+0x250/0x290 [ 820.259648][T10717] ? safesetid_security_capable+0x89/0xf0 [ 820.265379][T10717] legacy_get_tree+0xf9/0x1a0 [ 820.270044][T10717] ? btrfs_resize_thread_pool+0x290/0x290 [ 820.275770][T10717] vfs_get_tree+0x8b/0x2a0 [ 820.280183][T10717] do_mount+0x16c0/0x2510 [ 820.284520][T10717] ? copy_mount_options+0x308/0x3c0 [ 820.289700][T10717] ksys_mount+0xcc/0x100 [ 820.293945][T10717] __x64_sys_mount+0xbf/0xd0 [ 820.298531][T10717] do_syscall_64+0xf7/0x1c0 [ 820.303066][T10717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.308951][T10717] RIP: 0033:0x45d08a [ 820.312846][T10717] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 820.332524][T10717] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 820.340936][T10717] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 820.348922][T10717] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 820.356877][T10717] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 820.364836][T10717] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 820.372795][T10717] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 820.386586][T10726] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 820.413972][T10726] device gre1 entered promiscuous mode [ 820.428256][T10724] EXT4-fs (loop0): unsupported inode size: 0 [ 820.454719][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 820.454728][ T26] audit: type=1804 audit(1574009773.473:339): pid=10732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1350/file0" dev="sda1" ino=16746 res=1 16:56:13 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfd%o', 0x3d, r1}}) 16:56:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:13 executing program 1 (fault-call:3 fault-nth:80): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x5c00000000000000) 16:56:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d080b0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:13 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60130306c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 820.736496][T10744] 9pnet: Insufficient options for proto=fd [ 820.759790][ T26] audit: type=1804 audit(1574009773.783:340): pid=10750 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1351/file0" dev="sda1" ino=16747 res=1 [ 820.803170][T10746] BTRFS error (device loop3): superblock checksum mismatch [ 820.818714][T10749] FAULT_INJECTION: forcing a failure. [ 820.818714][T10749] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 820.831983][T10749] CPU: 1 PID: 10749 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 820.839979][T10749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.850153][T10749] Call Trace: 16:56:13 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6800000000000000) [ 820.850178][T10749] dump_stack+0x1fb/0x318 [ 820.850194][T10749] should_fail+0x555/0x770 [ 820.850211][T10749] should_fail_alloc_page+0x55/0x60 [ 820.850220][T10749] prepare_alloc_pages+0x283/0x460 [ 820.850233][T10749] __alloc_pages_nodemask+0xb2/0x5d0 [ 820.850252][T10749] kmem_getpages+0x4d/0xa00 [ 820.850263][T10749] cache_grow_begin+0x7e/0x2c0 [ 820.850275][T10749] cache_alloc_refill+0x311/0x3f0 [ 820.850284][T10749] ? check_preemption_disabled+0xb7/0x2a0 [ 820.850297][T10749] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 820.850308][T10749] ? btrfs_mount_root+0x1b2/0x1040 [ 820.850321][T10749] btrfs_mount_root+0x1b2/0x1040 [ 820.850335][T10749] ? vfs_parse_fs_string+0x13b/0x1a0 [ 820.850344][T10749] ? rcu_read_lock_sched_held+0x10b/0x170 [ 820.850358][T10749] ? trace_kfree+0xb2/0x110 [ 820.867665][T10749] legacy_get_tree+0xf9/0x1a0 [ 820.867679][T10749] ? btrfs_control_open+0x40/0x40 [ 820.867692][T10749] vfs_get_tree+0x8b/0x2a0 [ 820.867708][T10749] vfs_kern_mount+0xc2/0x160 [ 820.947780][T10749] btrfs_mount+0x34f/0x18e0 [ 820.952279][T10749] ? check_preemption_disabled+0x47/0x2a0 [ 820.957981][T10749] ? vfs_parse_fs_string+0x13b/0x1a0 [ 820.963422][T10749] ? cap_capable+0x250/0x290 [ 820.968017][T10749] ? safesetid_security_capable+0x89/0xf0 [ 820.973739][T10749] legacy_get_tree+0xf9/0x1a0 [ 820.978429][T10749] ? btrfs_resize_thread_pool+0x290/0x290 [ 820.984145][T10749] vfs_get_tree+0x8b/0x2a0 [ 820.988551][T10749] do_mount+0x16c0/0x2510 [ 820.992862][T10749] ? copy_mount_options+0x308/0x3c0 [ 820.998055][T10749] ksys_mount+0xcc/0x100 [ 821.002280][T10749] __x64_sys_mount+0xbf/0xd0 [ 821.006852][T10749] do_syscall_64+0xf7/0x1c0 [ 821.011598][T10749] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.017486][T10749] RIP: 0033:0x45d08a [ 821.021361][T10749] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 821.040950][T10749] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 821.049355][T10749] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 821.057313][T10749] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 821.065302][T10749] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 821.073271][T10749] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 821.081225][T10749] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:56:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x6c00000000000000) [ 821.110704][T10762] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 821.122413][ T26] audit: type=1804 audit(1574009774.143:341): pid=10761 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1352/file0" dev="sda1" ino=16760 res=1 [ 821.162570][T10765] 9pnet: Insufficient options for proto=fd [ 821.169658][T10746] BTRFS error (device loop3): open_ctree failed [ 821.178144][T10762] device gre1 entered promiscuous mode [ 821.197437][T10747] EXT4-fs (loop0): unsupported inode size: 0 16:56:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7400000000000000) [ 821.217648][ T26] audit: type=1804 audit(1574009774.233:342): pid=10768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1353/file0" dev="sda1" ino=16760 res=1 16:56:14 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdn%', 0x3d, r1}}) 16:56:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601003f6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 821.335238][ T26] audit: type=1804 audit(1574009774.353:343): pid=10775 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1354/file0" dev="sda1" ino=16742 res=1 16:56:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x7a00000000000000) 16:56:14 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 821.394234][T10779] 9pnet: Insufficient options for proto=fd [ 821.430961][T10780] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 821.460791][ T26] audit: type=1804 audit(1574009774.483:344): pid=10785 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1355/file0" dev="sda1" ino=16712 res=1 16:56:14 executing program 1 (fault-call:3 fault-nth:81): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:14 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xeaffffff00000000) [ 821.521218][T10788] BTRFS error (device loop3): superblock checksum mismatch [ 821.552278][T10782] EXT4-fs (loop0): unsupported inode size: 0 [ 821.566236][T10794] 9pnet: Insufficient options for proto=fd [ 821.578156][T10780] device gre1 entered promiscuous mode [ 821.589184][T10788] BTRFS error (device loop3): open_ctree failed 16:56:14 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100406c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 821.617738][ T26] audit: type=1804 audit(1574009774.633:345): pid=10800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1356/file0" dev="sda1" ino=16740 res=1 [ 821.726615][T10801] FAULT_INJECTION: forcing a failure. [ 821.726615][T10801] name failslab, interval 1, probability 0, space 0, times 0 [ 821.742232][T10801] CPU: 1 PID: 10801 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 821.750150][T10801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.760202][T10801] Call Trace: [ 821.763502][T10801] dump_stack+0x1fb/0x318 [ 821.767851][T10801] should_fail+0x555/0x770 [ 821.772273][T10801] __should_failslab+0x11a/0x160 [ 821.772287][T10801] ? mempool_alloc_slab+0x4d/0x70 [ 821.772300][T10801] should_failslab+0x9/0x20 [ 821.786733][T10801] kmem_cache_alloc+0x56/0x2e0 [ 821.791510][T10801] mempool_alloc_slab+0x4d/0x70 [ 821.796358][T10801] ? mempool_free+0x350/0x350 [ 821.801021][T10801] mempool_alloc+0x104/0x5e0 [ 821.801039][T10801] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 821.801049][T10801] ? __find_get_block+0xd2f/0x10b0 [ 821.801062][T10801] bio_alloc_bioset+0x1c0/0x5e0 [ 821.801079][T10801] submit_bh_wbc+0x1d5/0x700 [ 821.801095][T10801] __bread_gfp+0x1ad/0x360 [ 821.801108][T10801] btrfs_read_dev_super+0x8a/0x220 [ 821.801122][T10801] btrfs_get_bdev_and_sb+0x1ec/0x280 [ 821.801136][T10801] open_fs_devices+0x14d/0xb40 [ 821.801149][T10801] ? list_sort+0x5fc/0x860 [ 821.801161][T10801] ? btrfs_open_devices+0x1b0/0x1b0 [ 821.801175][T10801] btrfs_open_devices+0x11d/0x1b0 [ 821.801189][T10801] btrfs_mount_root+0x6ef/0x1040 [ 821.801207][T10801] ? trace_kfree+0xb2/0x110 [ 821.801221][T10801] legacy_get_tree+0xf9/0x1a0 [ 821.801229][T10801] ? btrfs_control_open+0x40/0x40 [ 821.801243][T10801] vfs_get_tree+0x8b/0x2a0 [ 821.801254][T10801] vfs_kern_mount+0xc2/0x160 [ 821.801266][T10801] btrfs_mount+0x34f/0x18e0 [ 821.801284][T10801] ? check_preemption_disabled+0x47/0x2a0 [ 821.801300][T10801] ? vfs_parse_fs_string+0x13b/0x1a0 [ 821.801313][T10801] ? cap_capable+0x250/0x290 [ 821.909955][T10801] ? safesetid_security_capable+0x89/0xf0 [ 821.915692][T10801] legacy_get_tree+0xf9/0x1a0 [ 821.920366][T10801] ? btrfs_resize_thread_pool+0x290/0x290 [ 821.926079][T10801] vfs_get_tree+0x8b/0x2a0 [ 821.930492][T10801] do_mount+0x16c0/0x2510 [ 821.934810][T10801] ? copy_mount_options+0x278/0x3c0 [ 821.940017][T10801] ? audit_tree_destroy_watch+0x20/0x20 [ 821.945555][T10801] ? copy_mount_options+0x308/0x3c0 [ 821.950738][T10801] ksys_mount+0xcc/0x100 [ 821.954959][T10801] __x64_sys_mount+0xbf/0xd0 [ 821.959552][T10801] do_syscall_64+0xf7/0x1c0 [ 821.964125][T10801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.969997][T10801] RIP: 0033:0x45d08a [ 821.973887][T10801] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 821.993469][T10801] RSP: 002b:00007fd465df3a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 822.001877][T10801] RAX: ffffffffffffffda RBX: 00007fd465df3b40 RCX: 000000000045d08a [ 822.010008][T10801] RDX: 00007fd465df3ae0 RSI: 0000000020000100 RDI: 00007fd465df3b00 [ 822.017974][T10801] RBP: 0000000000000001 R08: 00007fd465df3b40 R09: 00007fd465df3ae0 [ 822.025934][T10801] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 822.033907][T10801] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 822.061992][T10804] EXT4-fs (loop0): unsupported inode size: 0 [ 822.077421][T10788] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop1 new:/dev/loop3 16:56:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d080c0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xefffffff00000000) 16:56:15 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdn\\', 0x3d, r1}}) 16:56:15 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e6010f416c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:15 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 822.209824][ T26] audit: type=1804 audit(1574009775.233:346): pid=10817 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1357/file0" dev="sda1" ino=16625 res=1 [ 822.224505][T10818] 9pnet: Insufficient options for proto=fd 16:56:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xf7ffffff00000000) [ 822.273208][T10821] validate_nla: 8 callbacks suppressed [ 822.273216][T10821] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 822.294787][T10821] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 822.304003][T10821] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 822.316199][T10821] device gre1 entered promiscuous mode [ 822.391344][T10833] 9pnet: Insufficient options for proto=fd [ 822.404839][T10831] BTRFS error (device loop3): superblock checksum mismatch 16:56:15 executing program 1 (fault-call:3 fault-nth:82): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 822.421713][ T26] audit: type=1804 audit(1574009775.443:347): pid=10835 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1358/file0" dev="sda1" ino=16767 res=1 16:56:15 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 16:56:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xfeffffff00000000) [ 822.492211][T10826] EXT4-fs (loop0): unsupported inode size: 0 [ 822.499234][T10831] BTRFS error (device loop3): open_ctree failed [ 822.570992][T10841] FAULT_INJECTION: forcing a failure. [ 822.570992][T10841] name failslab, interval 1, probability 0, space 0, times 0 [ 822.594263][T10841] CPU: 1 PID: 10841 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 822.602239][T10841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 822.612584][T10841] Call Trace: [ 822.612603][T10841] dump_stack+0x1fb/0x318 [ 822.612619][T10841] should_fail+0x555/0x770 [ 822.612635][T10841] __should_failslab+0x11a/0x160 [ 822.612648][T10841] ? mempool_alloc_slab+0x4d/0x70 [ 822.612660][T10841] should_failslab+0x9/0x20 [ 822.620342][T10841] kmem_cache_alloc+0x56/0x2e0 [ 822.620356][T10841] mempool_alloc_slab+0x4d/0x70 [ 822.620369][T10841] ? mempool_free+0x350/0x350 [ 822.629727][T10841] mempool_alloc+0x104/0x5e0 [ 822.629743][T10841] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 822.629752][T10841] ? __find_get_block+0xd2f/0x10b0 [ 822.629765][T10841] bio_alloc_bioset+0x1c0/0x5e0 [ 822.629782][T10841] submit_bh_wbc+0x1d5/0x700 [ 822.629797][T10841] __bread_gfp+0x1ad/0x360 [ 822.629811][T10841] btrfs_read_dev_super+0x8a/0x220 [ 822.658398][T10841] btrfs_get_bdev_and_sb+0x1ec/0x280 [ 822.658412][T10841] open_fs_devices+0x14d/0xb40 [ 822.658428][T10841] ? list_sort+0x5fc/0x860 [ 822.679939][T10841] ? btrfs_open_devices+0x1b0/0x1b0 [ 822.679953][T10841] btrfs_open_devices+0x11d/0x1b0 [ 822.679967][T10841] btrfs_mount_root+0x6ef/0x1040 [ 822.679985][T10841] ? trace_kfree+0xb2/0x110 [ 822.680004][T10841] legacy_get_tree+0xf9/0x1a0 [ 822.696054][T10841] ? btrfs_control_open+0x40/0x40 [ 822.725068][ T26] audit: type=1804 audit(1574009775.693:348): pid=10845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1359/file0" dev="sda1" ino=16759 res=1 [ 822.726447][T10841] vfs_get_tree+0x8b/0x2a0 [ 822.726464][T10841] vfs_kern_mount+0xc2/0x160 [ 822.769472][T10841] btrfs_mount+0x34f/0x18e0 [ 822.773966][T10841] ? check_preemption_disabled+0x47/0x2a0 [ 822.779685][T10841] ? vfs_parse_fs_string+0x13b/0x1a0 [ 822.784957][T10841] ? cap_capable+0x250/0x290 [ 822.789525][T10841] ? safesetid_security_capable+0x89/0xf0 [ 822.795234][T10841] legacy_get_tree+0xf9/0x1a0 [ 822.799897][T10841] ? btrfs_resize_thread_pool+0x290/0x290 [ 822.805613][T10841] vfs_get_tree+0x8b/0x2a0 [ 822.810119][T10841] do_mount+0x16c0/0x2510 [ 822.814450][T10841] ? copy_mount_options+0x308/0x3c0 [ 822.819644][T10841] ksys_mount+0xcc/0x100 [ 822.823898][T10841] __x64_sys_mount+0xbf/0xd0 [ 822.828487][T10841] do_syscall_64+0xf7/0x1c0 [ 822.832983][T10841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.838856][T10841] RIP: 0033:0x45d08a [ 822.842730][T10841] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 822.862670][T10841] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 16:56:15 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100486c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:56:15 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xff0c000000000000) [ 822.871093][T10841] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 822.879054][T10841] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 822.887035][T10841] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 822.895195][T10841] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 822.903175][T10841] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 822.943685][T10853] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 822.975596][T10853] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 16:56:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xffffffff00000000) [ 823.007461][T10853] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 823.025994][T10853] device gre1 entered promiscuous mode [ 823.096162][T10860] EXT4-fs (loop0): unsupported inode size: 0 16:56:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d080d0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:16 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 16:56:16 executing program 1 (fault-call:3 fault-nth:83): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x2}}) 16:56:16 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0xffffffffffffffff) 16:56:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601004c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 823.345746][T10882] BTRFS error (device loop3): superblock checksum mismatch [ 823.372481][T10890] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 16:56:16 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/31, 0x1f}, {&(0x7f00000000c0)=""/220, 0xdc}, {&(0x7f00000002c0)=""/209, 0xd1}], 0x3) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)) [ 823.386689][T10881] BTRFS warning (device ): duplicate device fsid:devid for fff6f2a2-2997-48ae-b81e-1b00b10efd9a:0 old:/dev/loop3 new:/dev/loop1 [ 823.409503][T10890] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 823.419823][T10890] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 823.432507][T10890] device gre1 entered promiscuous mode [ 823.439343][T10881] FAULT_INJECTION: forcing a failure. [ 823.439343][T10881] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 823.453420][T10881] CPU: 1 PID: 10881 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 823.461387][T10881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.471533][T10881] Call Trace: [ 823.474826][T10881] dump_stack+0x1fb/0x318 [ 823.479267][T10881] should_fail+0x555/0x770 [ 823.483681][T10881] should_fail_alloc_page+0x55/0x60 [ 823.489069][T10881] prepare_alloc_pages+0x283/0x460 [ 823.494357][T10881] __alloc_pages_nodemask+0xb2/0x5d0 [ 823.499787][T10881] kmem_getpages+0x4d/0xa00 [ 823.504446][T10881] cache_grow_begin+0x7e/0x2c0 [ 823.509221][T10881] cache_alloc_refill+0x311/0x3f0 [ 823.514243][T10881] ? check_preemption_disabled+0xb7/0x2a0 [ 823.519964][T10881] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 823.525460][T10881] ? kobject_uevent_env+0x2cd/0x1260 [ 823.530744][T10881] ? dev_uevent_filter+0xb0/0xb0 [ 823.535774][T10881] kobject_uevent_env+0x2cd/0x1260 [ 823.540911][T10881] ? __kasan_check_write+0x14/0x20 [ 823.546121][T10881] ? up_write+0xf3/0x450 [ 823.550390][T10881] kobject_uevent+0x1f/0x30 [ 823.554968][T10881] __loop_clr_fd+0x544/0x8e0 [ 823.559584][T10881] lo_ioctl+0x100e/0x2200 [ 823.563922][T10881] ? __kasan_slab_free+0x12a/0x1e0 [ 823.569068][T10881] ? kasan_slab_free+0xe/0x10 [ 823.573744][T10881] ? kfree+0x115/0x200 [ 823.577801][T10881] ? tomoyo_path_number_perm+0x4e1/0x640 [ 823.583417][T10881] ? tomoyo_file_ioctl+0x23/0x30 [ 823.588352][T10881] ? security_file_ioctl+0x6d/0xd0 [ 823.593636][T10881] ? __x64_sys_ioctl+0xa3/0x120 [ 823.598502][T10881] ? do_syscall_64+0xf7/0x1c0 [ 823.603188][T10881] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.609915][T10881] ? debug_check_no_obj_freed+0x505/0x5b0 [ 823.615708][T10881] ? rcu_lock_release+0x9/0x30 [ 823.620483][T10881] ? rcu_lock_release+0x9/0x30 [ 823.625262][T10881] ? lo_release+0x1f0/0x1f0 [ 823.629764][T10881] blkdev_ioctl+0x807/0x2980 [ 823.634357][T10881] ? tomoyo_path_number_perm+0x53e/0x640 [ 823.640013][T10881] block_ioctl+0xbd/0x100 [ 823.644430][T10881] ? blkdev_iopoll+0x100/0x100 [ 823.650032][T10881] do_vfs_ioctl+0x744/0x1730 [ 823.654615][T10881] ? __fget+0x3f1/0x510 [ 823.658936][T10881] ? tomoyo_file_ioctl+0x23/0x30 [ 823.663879][T10881] ? security_file_ioctl+0xa1/0xd0 [ 823.668999][T10881] __x64_sys_ioctl+0xe3/0x120 [ 823.673708][T10881] do_syscall_64+0xf7/0x1c0 [ 823.678205][T10881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.684101][T10881] RIP: 0033:0x45a4a7 [ 823.687978][T10881] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 823.707573][T10881] RSP: 002b:00007fd465e14a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 823.716006][T10881] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045a4a7 [ 823.725194][T10881] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000008 [ 823.733265][T10881] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 823.741413][T10881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 823.749520][T10881] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 16:56:16 executing program 1 (fault-call:3 fault-nth:84): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:16 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601014e6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 823.794885][T10887] EXT4-fs (loop0): unsupported inode size: 0 [ 823.829530][T10882] BTRFS error (device loop3): open_ctree failed 16:56:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x3}}) [ 823.963817][T10904] FAULT_INJECTION: forcing a failure. [ 823.963817][T10904] name failslab, interval 1, probability 0, space 0, times 0 [ 824.003418][T10916] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 824.019177][T10916] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 824.027511][T10904] CPU: 1 PID: 10904 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 824.035420][T10904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.041788][T10916] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 824.045481][T10904] Call Trace: [ 824.045503][T10904] dump_stack+0x1fb/0x318 [ 824.045522][T10904] should_fail+0x555/0x770 [ 824.045543][T10904] __should_failslab+0x11a/0x160 [ 824.062425][T10904] should_failslab+0x9/0x20 [ 824.062435][T10904] kmem_cache_alloc_node+0x65/0x280 [ 824.062444][T10904] ? create_task_io_context+0x32/0x3e0 [ 824.062458][T10904] create_task_io_context+0x32/0x3e0 [ 824.062466][T10904] ? generic_make_request_checks+0x14f1/0x1a60 [ 824.062477][T10904] generic_make_request_checks+0x1501/0x1a60 [ 824.062497][T10904] ? rcu_lock_release+0xd/0x30 [ 824.062509][T10904] generic_make_request+0x33/0x980 [ 824.062521][T10904] ? rcu_lock_release+0xd/0x30 [ 824.062534][T10904] submit_bio+0x26b/0x540 [ 824.062544][T10904] ? guard_bio_eod+0x2a0/0x640 [ 824.062559][T10904] submit_bh_wbc+0x619/0x700 [ 824.062577][T10904] block_read_full_page+0x9de/0xbd0 [ 824.076483][T10904] ? blkdev_direct_IO+0xd0/0xd0 [ 824.076492][T10904] ? lru_cache_add+0x2db/0x3b0 [ 824.076507][T10904] ? add_to_page_cache_lru+0x2d4/0x4a0 [ 824.076521][T10904] blkdev_readpage+0x1c/0x20 [ 824.076530][T10904] do_read_cache_page+0x798/0xcb0 [ 824.076544][T10904] read_cache_page_gfp+0x29/0x30 [ 824.087220][T10904] btrfs_scan_one_device+0x16a/0x450 [ 824.087231][T10904] ? trace_hardirqs_on+0x74/0x80 [ 824.087253][T10904] btrfs_mount_root+0x4af/0x1040 [ 824.087271][T10904] ? trace_kfree+0xb2/0x110 [ 824.098834][T10904] legacy_get_tree+0xf9/0x1a0 [ 824.098845][T10904] ? btrfs_control_open+0x40/0x40 [ 824.098860][T10904] vfs_get_tree+0x8b/0x2a0 [ 824.098872][T10904] vfs_kern_mount+0xc2/0x160 [ 824.098884][T10904] btrfs_mount+0x34f/0x18e0 [ 824.109665][T10904] ? check_preemption_disabled+0x47/0x2a0 [ 824.109687][T10904] ? vfs_parse_fs_string+0x13b/0x1a0 [ 824.109701][T10904] ? cap_capable+0x250/0x290 [ 824.109712][T10904] ? safesetid_security_capable+0x89/0xf0 [ 824.109724][T10904] legacy_get_tree+0xf9/0x1a0 [ 824.109734][T10904] ? btrfs_resize_thread_pool+0x290/0x290 [ 824.109746][T10904] vfs_get_tree+0x8b/0x2a0 [ 824.109757][T10904] do_mount+0x16c0/0x2510 [ 824.109771][T10904] ? copy_mount_options+0x308/0x3c0 [ 824.109783][T10904] ksys_mount+0xcc/0x100 [ 824.109795][T10904] __x64_sys_mount+0xbf/0xd0 [ 824.109810][T10904] do_syscall_64+0xf7/0x1c0 [ 824.109823][T10904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.109837][T10904] RIP: 0033:0x45d08a [ 824.119759][T10904] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 824.119765][T10904] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 824.119773][T10904] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 824.119778][T10904] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 824.119783][T10904] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 824.119788][T10904] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 824.119793][T10904] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 824.354452][T10916] device gre1 entered promiscuous mode 16:56:17 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 824.378008][T10912] EXT4-fs (loop0): unsupported inode size: 0 16:56:17 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e601005c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 824.616675][T10925] BTRFS error (device loop3): superblock checksum mismatch 16:56:17 executing program 1 (fault-call:3 fault-nth:85): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 16:56:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x580a, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000010003b2400e625010b00fffff0bd1f02", @ANYRES32=0x0, @ANYBLOB="b56d080e0000000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000600ac1414bb08000600ac1414aa080006000a1415bb08000700ac1414aa080007000000000008000700ac1e010108000a0001000000080003001800020003000000080011004e24000008000600ac1e000100e4ca15e4c1b4defe4ee63386ba6dbe7d8c06a0c141d534889ac012510fcc533a68ee57c9c647f77b7e99575c91dc242e682bca183ea3b5d016a763a73348817e8d67663dc92e4362cd6f59ec0f3d9d636d7d7df789dfb541bda4ddd0837b4146bdadeb1a2d8bf689053ec0ee1950619d55502562c920fb20a2b81aaa485616f19f6782f358d205913cf3ed9afda01943841d6fda2cd320595b781c672062e2047158d54ed00c030acc9e27f0bc9e142800cd91ba7fdad3994b8ce213355fa195fd005deb1fb04e3d2f09375b2ba23ae1750df5622b0900000000"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 16:56:17 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x4}}) 16:56:17 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0xa1) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000040)) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x15, 0x81, 0x0, 0x3, 0x0, 0x70bd2d, 0x25dfdbfd, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e23}]}, 0x18}}, 0xc480) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 824.679589][T10925] BTRFS error (device loop3): open_ctree failed [ 824.817762][T10936] FAULT_INJECTION: forcing a failure. [ 824.817762][T10936] name failslab, interval 1, probability 0, space 0, times 0 [ 824.828039][T10948] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 824.847401][T10937] EXT4-fs (loop0): unsupported inode size: 0 [ 824.857813][T10948] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 824.877046][T10936] CPU: 0 PID: 10936 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 824.884984][T10936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.892556][T10948] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 824.895036][T10936] Call Trace: [ 824.895056][T10936] dump_stack+0x1fb/0x318 [ 824.895074][T10936] should_fail+0x555/0x770 [ 824.895093][T10936] __should_failslab+0x11a/0x160 [ 824.895112][T10936] ? kzalloc+0x26/0x40 16:56:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) lookup_dcookie(0xff, &(0x7f0000000040)=""/59, 0x3b) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 824.907688][T10936] should_failslab+0x9/0x20 [ 824.907699][T10936] __kmalloc+0x7a/0x340 [ 824.907714][T10936] kzalloc+0x26/0x40 [ 824.907729][T10936] close_fs_devices+0x504/0x8d0 [ 824.907750][T10936] btrfs_close_devices+0x33/0x130 [ 824.907768][T10936] btrfs_mount_root+0xa9d/0x1040 [ 824.916494][T10936] ? trace_kfree+0xb2/0x110 [ 824.916512][T10936] legacy_get_tree+0xf9/0x1a0 [ 824.916523][T10936] ? btrfs_control_open+0x40/0x40 [ 824.916535][T10936] vfs_get_tree+0x8b/0x2a0 [ 824.916547][T10936] vfs_kern_mount+0xc2/0x160 [ 824.921978][T10948] kobject: 'gre1' (0000000016410826): fill_kobj_path: path = '/devices/virtual/net/gre1' [ 824.925523][T10936] btrfs_mount+0x34f/0x18e0 [ 824.925544][T10936] ? check_preemption_disabled+0x47/0x2a0 [ 824.925562][T10936] ? vfs_parse_fs_string+0x13b/0x1a0 [ 824.925573][T10936] ? cap_capable+0x250/0x290 [ 824.925585][T10936] ? safesetid_security_capable+0x89/0xf0 [ 824.930583][T10948] kobject: 'queues' (0000000076bd584a): kobject_add_internal: parent: 'gre1', set: '' [ 824.934209][T10936] legacy_get_tree+0xf9/0x1a0 16:56:18 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timzr\x00', 0x0, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x5}}) [ 824.934220][T10936] ? btrfs_resize_thread_pool+0x290/0x290 [ 824.934233][T10936] vfs_get_tree+0x8b/0x2a0 [ 824.934246][T10936] do_mount+0x16c0/0x2510 [ 824.934262][T10936] ? copy_mount_options+0x308/0x3c0 [ 824.934274][T10936] ksys_mount+0xcc/0x100 [ 824.938300][T10948] kobject: 'queues' (0000000076bd584a): kobject_uevent_env [ 824.942976][T10936] __x64_sys_mount+0xbf/0xd0 [ 824.942990][T10936] do_syscall_64+0xf7/0x1c0 [ 824.943005][T10936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.943014][T10936] RIP: 0033:0x45d08a [ 824.943024][T10936] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 824.943030][T10936] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 824.943040][T10936] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 824.943046][T10936] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 824.943052][T10936] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 824.943058][T10936] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 824.943063][T10936] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 824.954837][T10936] ------------[ cut here ]------------ [ 824.970404][T10948] kobject: 'queues' (0000000076bd584a): kobject_uevent_env: filter function caused the event to drop! [ 824.971816][T10936] kernel BUG at fs/btrfs/volumes.c:1271! [ 824.972885][T10936] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 824.977272][T10948] kobject: 'rx-0' (00000000e4468589): kobject_add_internal: parent: 'queues', set: 'queues' [ 824.986326][T10936] CPU: 0 PID: 10936 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 824.986331][T10936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.986349][T10936] RIP: 0010:close_fs_devices+0x8c8/0x8d0 [ 824.986357][T10936] Code: e9 73 ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 7c 87 48 89 df e8 59 70 f9 fe e9 7a ff ff ff e8 1f 2d c0 fe 0f 0b e8 18 2d c0 fe <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 [ 824.986361][T10936] RSP: 0018:ffff888051dd79a0 EFLAGS: 00010246 [ 824.986368][T10936] RAX: ffffffff82b349f8 RBX: ffff88809d986590 RCX: 0000000000040000 [ 824.986372][T10936] RDX: ffffc9000814e000 RSI: 000000000003ffff RDI: 0000000000040000 [ 824.986377][T10936] RBP: ffff888051dd7a30 R08: ffffffff82b4c4b5 R09: ffffed1015d46b05 [ 824.986381][T10936] R10: ffffed1015d46b05 R11: 0000000000000000 R12: dffffc0000000000 [ 824.986385][T10936] R13: ffff8880a0cf3000 R14: 000000000000000a R15: ffff88808d8b2400 [ 824.986392][T10936] FS: 00007fd465e15700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 824.986397][T10936] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 824.986402][T10936] CR2: 00007f5cf329ca20 CR3: 0000000099524000 CR4: 00000000001406f0 [ 824.986410][T10936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 824.986414][T10936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 824.986416][T10936] Call Trace: [ 824.986431][T10936] btrfs_close_devices+0x33/0x130 [ 824.986441][T10936] btrfs_mount_root+0xa9d/0x1040 [ 824.986453][T10936] ? trace_kfree+0xb2/0x110 [ 824.986464][T10936] legacy_get_tree+0xf9/0x1a0 [ 824.986471][T10936] ? btrfs_control_open+0x40/0x40 [ 824.986482][T10936] vfs_get_tree+0x8b/0x2a0 [ 824.986491][T10936] vfs_kern_mount+0xc2/0x160 [ 824.986499][T10936] btrfs_mount+0x34f/0x18e0 [ 824.986511][T10936] ? check_preemption_disabled+0x47/0x2a0 [ 824.986523][T10936] ? vfs_parse_fs_string+0x13b/0x1a0 [ 824.986532][T10936] ? cap_capable+0x250/0x290 [ 824.986541][T10936] ? safesetid_security_capable+0x89/0xf0 [ 824.986552][T10936] legacy_get_tree+0xf9/0x1a0 [ 825.001713][T10948] kobject: 'rx-0' (00000000e4468589): kobject_uevent_env [ 825.002015][T10936] ? btrfs_resize_thread_pool+0x290/0x290 [ 825.007088][T10948] kobject: 'rx-0' (00000000e4468589): fill_kobj_path: path = '/devices/virtual/net/gre1/queues/rx-0' [ 825.012292][T10936] vfs_get_tree+0x8b/0x2a0 [ 825.012303][T10936] do_mount+0x16c0/0x2510 [ 825.012313][T10936] ? copy_mount_options+0x308/0x3c0 [ 825.012322][T10936] ksys_mount+0xcc/0x100 [ 825.012335][T10936] __x64_sys_mount+0xbf/0xd0 [ 825.022907][T10948] kobject: 'tx-0' (000000003f2219ea): kobject_add_internal: parent: 'queues', set: 'queues' [ 825.027035][T10936] do_syscall_64+0xf7/0x1c0 [ 825.027048][T10936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 825.027055][T10936] RIP: 0033:0x45d08a [ 825.027065][T10936] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 825.033192][T10948] kobject: 'tx-0' (000000003f2219ea): kobject_uevent_env [ 825.037149][T10936] RSP: 002b:00007fd465e14a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 825.037158][T10936] RAX: ffffffffffffffda RBX: 00007fd465e14b40 RCX: 000000000045d08a [ 825.037163][T10936] RDX: 00007fd465e14ae0 RSI: 0000000020000100 RDI: 00007fd465e14b00 [ 825.037169][T10936] RBP: 0000000000000001 R08: 00007fd465e14b40 R09: 00007fd465e14ae0 [ 825.037173][T10936] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 825.037182][T10936] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 825.041894][T10948] kobject: 'tx-0' (000000003f2219ea): fill_kobj_path: path = '/devices/virtual/net/gre1/queues/tx-0' [ 825.046767][T10936] Modules linked in: [ 825.051944][T10936] ---[ end trace 08dc4dff0c9490e2 ]--- [ 825.062439][T10948] device gre1 entered promiscuous mode [ 825.063148][T10936] RIP: 0010:close_fs_devices+0x8c8/0x8d0 [ 825.562025][T10937] kobject: 'loop0' (00000000cae2534a): kobject_uevent_env [ 825.565147][T10936] Code: e9 73 ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 7c 87 48 89 df e8 59 70 f9 fe e9 7a ff ff ff e8 1f 2d c0 fe 0f 0b e8 18 2d c0 fe <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 [ 825.571832][T10937] kobject: 'loop0' (00000000cae2534a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 825.589724][T10936] RSP: 0018:ffff888051dd79a0 EFLAGS: 00010246 [ 825.601056][T10948] kobject: 'rx-0' (00000000e4468589): kobject_cleanup, parent 0000000076bd584a [ 825.605985][T10936] RAX: ffffffff82b349f8 RBX: ffff88809d986590 RCX: 0000000000040000 [ 825.617751][T10948] kobject: 'rx-0' (00000000e4468589): auto cleanup 'remove' event [ 825.631932][T10936] RDX: ffffc9000814e000 RSI: 000000000003ffff RDI: 0000000000040000 [ 825.640570][ T3906] kobject: 'loop4' (000000004f2c2927): kobject_uevent_env [ 825.643224][T10948] kobject: 'rx-0' (00000000e4468589): kobject_uevent_env [ 825.647707][ T3906] kobject: 'loop4' (000000004f2c2927): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 825.660636][T10936] RBP: ffff888051dd7a30 R08: ffffffff82b4c4b5 R09: ffffed1015d46b05 [ 825.669332][T10948] kobject: 'rx-0' (00000000e4468589): fill_kobj_path: path = '/devices/virtual/net/gre1/queues/rx-0' [ 825.674907][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 825.674914][ T26] audit: type=1804 audit(1574009778.703:355): pid=10958 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1365/file0" dev="sda1" ino=16755 res=1 [ 825.686692][T10948] kobject: 'rx-0' (00000000e4468589): auto cleanup kobject_del [ 825.699863][T10936] R10: ffffed1015d46b05 R11: 0000000000000000 R12: dffffc0000000000 16:56:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) socket(0x10, 0x2, 0x0) r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000480)={0x28, 0x0, 0x0, @host}, 0x10, 0x80000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000400)=0xfffffffffffffcf2) r2 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r2, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) epoll_wait(r2, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x93) setresuid(0x0, r1, 0x0) r3 = open(&(0x7f0000000280)='./file0\x00', 0x1, 0x120) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x18000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04002dbd7000000002410000001400136574683a6e657464657673696d3000"/42], 0x30}, 0x1, 0x0, 0x0, 0x8104}, 0x40) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2, 0x0) setsockopt$packet_int(r4, 0x107, 0xb, &(0x7f0000000080)=0x4, 0x4) openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x2, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000000c0)={0x50, 0x24, 0x3, {0x7, 0x1f, 0xcf, 0x4188, 0x4, 0xffff, 0x4, 0x557}}, 0x50) [ 825.719882][T10948] kobject: 'rx-0' (00000000e4468589): calling ktype release [ 825.731321][ T3906] kobject: 'loop2' (00000000db36fee9): kobject_uevent_env [ 825.739924][T10948] kobject: 'rx-0': free name [ 825.748766][T10948] kobject: 'tx-0' (000000003f2219ea): kobject_cleanup, parent 0000000076bd584a [ 825.763131][ T3906] kobject: 'loop2' (00000000db36fee9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 825.771453][T10948] kobject: 'tx-0' (000000003f2219ea): auto cleanup 'remove' event 16:56:18 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100606c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 825.774996][T10936] R13: ffff8880a0cf3000 R14: 000000000000000a R15: ffff88808d8b2400 [ 825.791778][ T26] audit: type=1804 audit(1574009778.803:356): pid=10963 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1366/file0" dev="sda1" ino=16545 res=1 [ 825.802925][T10948] kobject: 'tx-0' (000000003f2219ea): kobject_uevent_env 16:56:18 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r1, &(0x7f0000005780), 0x4000000000000d2, 0x0) ftruncate(r1, 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) open(&(0x7f0000000040)='./file0\x00', 0x8000, 0x40) setresuid(0x0, r2, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 825.820721][ T26] audit: type=1804 audit(1574009778.803:357): pid=10963 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1366/file0" dev="sda1" ino=16545 res=1 [ 825.853236][ T3906] kobject: 'loop4' (000000004f2c2927): kobject_uevent_env [ 825.860679][T10936] FS: 00007fd465e15700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 825.870002][ T3906] kobject: 'loop4' (000000004f2c2927): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 825.890438][T10967] kobject: 'loop0' (00000000cae2534a): kobject_uevent_env [ 825.897684][T10936] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 825.899928][ T3906] kobject: 'loop4' (000000004f2c2927): kobject_uevent_env [ 825.908243][T10967] kobject: 'loop0' (00000000cae2534a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 825.916750][T10948] kobject: 'tx-0' (000000003f2219ea): fill_kobj_path: path = '/devices/virtual/net/gre1/queues/tx-0' 16:56:19 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0xa1) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e1e, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r2, &(0x7f0000005780), 0x4000000000000d2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) [ 825.921764][ T26] audit: type=1804 audit(1574009778.813:358): pid=10964 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1366/file0" dev="sda1" ino=16545 res=1 [ 825.946907][ T3906] kobject: 'loop4' (000000004f2c2927): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 825.956826][T10936] CR2: 0000000000738000 CR3: 0000000099524000 CR4: 00000000001406f0 [ 825.974925][T10948] kobject: 'tx-0' (000000003f2219ea): auto cleanup kobject_del [ 825.980028][T10936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 825.991623][T10967] EXT4-fs (loop0): unsupported inode size: 0 [ 825.998451][ T26] audit: type=1804 audit(1574009778.813:359): pid=10964 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir110929796/syzkaller.gDFDRr/1366/file0" dev="sda1" ino=16545 res=1 [ 826.023332][T10948] kobject: 'tx-0' (000000003f2219ea): calling ktype release [ 826.029177][T10936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 826.038924][T10936] Kernel panic - not syncing: Fatal exception [ 826.046695][T10936] Kernel Offset: disabled [ 826.051151][T10936] Rebooting in 86400 seconds..