ile1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:33 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)

04:55:33 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:50 executing program 0:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:55:50 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:50 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0)
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:50 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:55:50 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)

04:55:50 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:50 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:55:50 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)

04:55:51 executing program 0:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:08 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:56:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:08 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:08 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:08 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:08 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:56:08 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)

04:56:08 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:08 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:09 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:09 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:09 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:09 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:56:09 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:09 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:56:09 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:09 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)

04:56:09 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:09 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:10 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:10 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:10 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:10 executing program 7:
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)

04:56:10 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:10 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:56:26 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:26 executing program 6:
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:26 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:56:26 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:26 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:26 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:56:26 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:26 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:26 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:26 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:26 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:26 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:27 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:27 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:50 executing program 2:
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:50 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:56:50 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:50 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:50 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:50 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:56:50 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:50 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:51 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:51 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:51 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:56:51 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:56:51 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:56:51 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x10, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:57:08 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:08 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:08 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:08 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:08 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:08 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:08 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x10, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:57:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))

04:57:08 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 1981.173075] 9pnet: Insufficient options for proto=fd
04:57:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))

04:57:08 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 1981.453606] 9pnet: Insufficient options for proto=fd
04:57:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))

[ 1981.662632] 9pnet: Insufficient options for proto=fd
04:57:09 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:09 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:09 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, 0x0)

04:57:22 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:22 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, 0x0)

04:57:22 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x10, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:22 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:57:22 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:22 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:22 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:22 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:22 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:22 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:23 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x10, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:38 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:38 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:57:38 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, 0x0)

04:57:38 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))

04:57:38 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:38 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:38 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[ 2011.012348] 9pnet: Insufficient options for proto=fd
04:57:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

04:57:38 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

04:57:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0)

04:57:38 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0)

04:57:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0)

04:57:38 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:39 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})

04:57:39 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2011.791593] 9pnet: Insufficient options for proto=fd
04:57:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})

[ 2011.967683] 9pnet: Insufficient options for proto=fd
04:57:39 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

04:57:39 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

04:57:39 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:57:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})

[ 2012.182072] 9pnet: Insufficient options for proto=fd
04:57:39 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:57:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}})

[ 2012.380182] 9pnet: Insufficient options for proto=fd
04:57:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}})

04:57:40 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2012.541844] 9pnet: Insufficient options for proto=fd
04:57:40 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}})

04:57:40 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

[ 2012.616637] 9pnet: Insufficient options for proto=fd
04:57:40 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:57 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:57 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:57 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540a, 0x3)
write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a3189388bcb4160160846624c0ae3dbf802e4865d212dab19ae16f98b3bdfdb99f66c0c63a87a1c202b67790de2e35adb832f5d12c72e25ee94d0ef6060b4aecf6d00a91cb2a678c2934b75cfb9c7020983e12f9d42309b8b9cd353d9a823fa0ebdb8235edd3ba2ba815faf0595f3321e35fca8882e929feb3b175f057904cba3ce6a57a06fd3fb4ebb3c18f26bf5f0dc08c5b840296cfdf31614075fad08219dd6752b162107232243295eb09fa2bc0095f29968a99964492d4ea19a0bae5ef71251bdc03e57ca4d6690c6958f9d48dd2de96f9b587e373e89c71217d67060f7c730b5eabeb8b0872c80e229e5a9374f84cd52eb123284b886ff67824e3bfe3cbddaf5a8f9a1f1ead57da054c91fc7e4a63d6d59d728924b3aea60fddd1dce38a968582fdb31ca719f2726303b6f4c62a06cbc180cd333e162c612b7ca70088dfea3160e41ecfb129827dbd38bd1ffce24246f4353ddfe5779c4709fe59e76876178c2663add6e908a4188d3c1912066e0375ac81cfdd2a4559d3a9ec88deb0ada0a96e3beed153a28a59d6356e756a290d9ec41f2d00878ccf58d1e35803e5651353b20de61b2d442ef9ace00a095280829eae33f952433d3b525c824409c9a95f14604d5ae6062786ce4e3d10b38d4d9c9e3ea349d411a8f11c33b88286c2885790278961973d3dab9beb640503e36b00e7b3d29a3264eaecc6c08d01353203179f1586cb32ba80b16f3d3efdc105ecd4b62a4d0bb62f8947fff7335e1c06aa5f1dae965bf122250392214226e99503434a94fcb6f29b1400048dd8a12271c94e123c3eec98685088779e958252e761250af7863d49227c069fa0e965cb945585daf3b85b4f3079edc107b83c097786ce8d5e493e5f61da684cdc3b39c2a16d3ed9a0343391dfe0ccfaa1c8223686f39381c5d11e3dba90b1706fd1805b7c3a339f69fe76b939bc441c447e6388ac23880d37e507aec4ea896c942f2faaf53e12b88c81ee14fa69283bbbbbb565ed2973d7a759675999c7ad8725de79dae063f316a53be30ecfd56a7032f30790474ed3eb92ce4940d8ae7e2186bbe61ed15abdc249c454dc669770d7d0cab8d14e812cbe19bf2d0fd58f7adb1fe824dd322af8a0ca0fc9b08c9885a158e117ebeee53148d32689dfe9ce96250f98482656181e91f68087bf7563223292e87c161aceae6cc35f573820d856f09c7245662eb5007f8a81a54bf67a561bdc32d5d405f82c6b7866317002ef2fed9ed9851f841e1c418b1155d569545ccb40933fffeca838f05a7d7771a80c51e86748c8ab067134f465e4a0cf574d0e7eb91cf18d4dce7137d497ce6c30c5f35e0aae55cbfec3afae70d5bbf0a779030698ad31361908a3bf4a4c5f186a543cc218448a76139dc2e203962abb0c241173cc8453e3f3ee02b725c24c6a9b8f2e3c639b06fd056aa295e988d96684f7a81b1190c538af63e95bf63326a80991f9dd5a14c4828a9da58cfb749533375c5dc908209ba22adec9374403e3eb598da4b969eb77ea64468558d234cdb71d955a8189149c3b9156ffc27480c2fcaa5229f2bfa42dae29325db3f39e9211c8d237943f8a435b42f37b2acc9647c4c53e6a5d5f2a5eec8e6515cb01d45763a50671413fb5b32a22c758a14e4203f0f97968daa3f1b5a1b92aca653f4715dfc22073e07df9aba00c2b7c2c8aa33dc34b5ddcaf581ed885d2c39964e02fe70ed61e870b0636a7dd52cd40fde7bf252dcb0fb5ef41d26fe2a347d243e37dde3ef9374eee8a3a7b1169a72f98b321c3e54bbda471554cefc02e378d6cb59c8b7626df9b72bac713b3108d77da8af1379e510e643c4a413bca66b22c65ddd458210121cda5891f8ab1ac0e755ce662ce3efad4e37397820b8c161de56e733702a3b0b3fde7bc717bcf29482218171b7596558bc6e14d6f337d864f194986c96d39841b39fabd68856c3f45e0776320ae679143bd577c546785864b94352a8646d46d4aefc34e67164dc1cfade8f18ba441223b2b80e977ec194231694f31d5f179642bac0bc31017d07067979dc4867f36a819211062c35fca651c9af6be2fef344da169b8e23de2ee8e0f3f11db219fe9edf60c25e49b563beb6f0edc0f4d849e7217db067281c25c9adc483cc16aef863b5b2fb63752d571829eab958d63f12b225a2c5d8e46da2d8e9f6f52048408bc3c2a2da61100931276c03be8a046e1df1764150cd98b7754c31a7166b23cecc2754df3e5fa1385ae5f6ee078e3012dca530c58a007fb65ff6a18d51b30bf919e22def05172c36e7129dbee1ba0f0820a9dfda6e87212a7d2d16fab0f8cad6166cb8df8841f71fb1ff9d4d2dbec0853d5c3ef0cc58817f692644f82e8390e61a052120449aeb6417a844728702dbf42b1d68ccca49575a37d7031f3ddd004c2abdb8e1e6bbfe0ce3102ce2b9b2c66a84818efad50aaa61ea2bdd037678cf5e4a462a7feb8e3311a714393da30e6328534e05f473bdba7b5890334104d1e134e8e07eaf28ef838338b8765417773d73aa1b6bf4badafd2f2e19d0ebb2638cb274c790f09746c66dcacf128044f71fb82eecac32523dcb8dde5dfc7be1397d564bceedd4366df496e1aaca55e64d4806be5f9c43c8e106534ff557f07a3aab6f67987f78dadfcf7bb8436f7858aa7bc25b86dce41ab2896768f0ea1a6690cd89ee308f239f129bded1e84fdd578e3d4de7298993371a3aa33971e6f21b94eba374ebaa762944783940ca059bdf61f4bb222645ff9c0bb2a757ac2b66f3f9b9355984dad7e1a13c8f339bc898b8aa73d3e56b70588dbd4355cfd86e3459ebbcace398bc64729b5022ba4ee520561edd3ca51ff527b4d2ff98eec30e18fa149dccbcc9a73b7701bd030a3b7c0f7ba6c8342131f9ca2b9b3f6c5af0008a3e32ef3160df31de2cad7cfae60ff9d680e37f5694617ff74ede2c7fbb25f455abc2039df6111e560e4c6e919bf32e4c954ee93cd612c63e6d4c9d3c5e891a608f6e4d22fcfb406a741197a63d0f5d6b78df1048507abd228c3a4551bf4c7154a2396598a1eb07861e29b6452bbcbb8ed4f3a9a56affeb7a6572dff137ca102a029065487b5d0a743b08c7f2d9529488305fee814ca6c749a5b03576a8fbd830e257564eea5b0e9d4f154b17c8429abaf46b0c210302d9de395f485f02cbb9bc4995799083818a3f9d4bf99a85dcf5546c259cf21970fa09218888bcf41bba48fe4614a4e705f741c6403ac1a03717403235961aa8b0f4c5a444cb065a657253139be4a5346d5bb6820d81fa6a66d411b721eba2f7ca64b26d278387a548fa25b48359f826f3acc622cecabab2cccc098fe86612011f656d5b02c02c4c174bbe7fd652bb1d0afba7bc1d748dbfe1c2d2d6e386c5606fa65bd668cb72a46c3e773c649274d403ee85b27dd28b172c174167237e5db85919f333517bf411b99b198b50d5e222c14bb9673aa84de5ceacbaf55876b391821b69107fd0a8f82ca189e020da292cbb0d5fc91d8b154624b41ba05ab000caacb7957a3430fda12faa8aa40fd19dee8cf10a6e5dfe5afae09ca20c27ed08ced068b3c8318213d42815663b5f4130ddbde5e6b498b2cd352d5b844d9a267599a2281e86c6dd467447b6c46c992990d4de0a799f7c256d43ea980e1bab548e190752c727db9a3e3ebf36ac80eb7ad65fa4aefc6ed2991fd8c702480ad5da78d66298ccbb49839dba4bba8f17a7b522dba85bdd6e1906ca67c827c765470b74ec17d42742fc89cf7dc06b0104c614e7a5914ed3095262b2829e43be07bbbb27d654fa3d63dffc8db10c82c2036bc1756fd6b02740a1e217e73f053067748cabf5e9ffb805057607d6ff2e3b29437a72afd2ec8f7ba8260eb856981a69f0692aa3eadd9a9a0e6f4b62b779575506f352ebd132d5be307a5cba5dbe7f7d4db43c9cd906567d4e4e35250b0b9e32726f6865d845a4bc8f235c6669b146c62ae18dd7a5068a97ea0f5bc90d5e3edca3e810d1a7407834d1dda5880e02842f78ba2c93aebc44d8e8db2838fda6e2a3953cd710a347f01221751f1a3314a3d21ddd934759add085f78e8d3a9210018f1e79c27ecea45f0df50a23d4d18bedc5aec25ed3d06e00223a20612fda1b3a6249ed40e148cd5734c4f6f43552d22322f0680bb10943bcfa8dda07fa7cc4f742b4b4e11b831a1c0c2e99af5a7d1512ab6a7dc295d5430c2a00ce2f2e33fe8507ba30aab6f190bcd57a9236e898d2051eaf09dbe3562ec2f8471aca7af6ced47efc653e2e926f90176c9a867879f8e07ad363abac05c5652639248b16557649cf5230d6fee7936e90269b3303d1c601f6a92501ea814255238d381c8808f39166a0540e49e405cfa822ff557f7d29fe998da4b3bc883cbaac64cf7fd53399a6930115a9b884b92ba1d643d609d49fb309919d0aa87957102195344948309a5003134dbb502d3f626837c4c4bb96165e9cb5941365a6ec2b25ea3b7f6b6396f787ee3f963cdd490d7c47a7634bc8e837e6b6d80647340ff533ce0235b46cfe520e9cc7c7af5f05b28e93acb2cffdc4cfcc1c2d8b43b44fd5658fcb54fa150d2dba608d596bf0b2b22530cb35f755fa63cd122e1cc18b18d3b85e4910f7549ad7cb3296ae6c302937155bf99c69beb429903a233b9228d0d36f14fa4b93fb3cfc4c3c48d2825c2c050709510bca1c86debe5cfe26c0fda09974072d7133320cf044711bd5d3d711befe499bf07220225c82d0cbf8f8267f9fde176e620cf9d47e058cdf9084ef5efaeb26c189dc93b216f4473db283bfda3679ef0c68e11573d22579fa02e3ed1d139f45f19bb3f976607be4a1256157b7d64c77928dd219d4f30284c565baa61e20fd038fc48d6de7c570411ad244f82122f65870df60f2aa8ccc228ee8aa8f252116a8ee1d69c90fd06fec2f0f215d2f8ba91d21e644e0ff54ee46dfac59e8135dcb70b39f268602d3dc7cbf6029d9f1d4ec4591fb1012905dadba5210648fe34d97af527f62c977bcc8333e48b7b0ed23c4ef63f4192db5f7de441b3ebeac45dc0109c354c9a80de867caffdda7c5685606d538803fc9a18d98ee07b41850ba7514063d150a06372b9f4e4cfd2b01990905191416e740f4a158e70ef98b67b7960c799ee6db05da4f5168388b95495584340fb2d7df52dd8269251e3b9a162d6b5c14231039a816697b4b7ae484264341a1d8617aa3a68add01d0f2ea0a672660f94ccc120bfb186d80a73882eef760cb85cc8265f826147bc686ebd356fd23c2f9392e79b400a5b31e6a2d3661019f47b74bf2364e031912e3bda8803c61bf98c26ee1dc7c5b3f9b0a825944524613384707ef1e03bc7e8ac11b13fb3d73e76e1c93a8dcc3f94a761386c19a457485161b9ae507eb601c86588ffbeea8bd627bb771a133f1defc82140bcf5ff20e82aa6ccc5dbe6ad7d6c748f4236ace5a778e87d20b2fd5392d6ea0c60bc83f312472d45e17346aa4de035e36fcb92e5539af64ffb67ed49c6985dc7c23a1225b3a26ab06c531e11802268c9a3bbbe8c24f5d8e861b7df465309bde684bdf393ab0a1728986564346985bda97214ebc95e4418b3dc9d49ac6030caeccc8eb118906057867aed90be0791dfa6037bc724cf24bf246565ef8ab3d09c304386e9231349db105a1108e27d3cb2d186d11237f153f8ca9e6a52fc56495f785e209d7f3380c0f55fbb3f6514e4120d0e814ea7166103cd7cc7d8beb81eecbdced57f45e95ddc68c7309ce6d861699a26f6c2a6a969cbf09b84ed0fb318b"], 0x1004)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x24, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40801)
pipe(&(0x7f00000003c0))

04:57:57 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:57:57 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:57 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:57 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:57:57 executing program 3:
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
fcntl$setpipe(r0, 0x407, 0x0)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:57 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:57:57 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:58 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:57:58 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:57:58 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:15 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
ioctl$TCXONC(r1, 0x540a, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:15 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000040))
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x8, 0x40)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x44000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x34, 0x0, 0x20, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4}}}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x34}}, 0x4000)
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000a80)=ANY=[@ANYBLOB="cdddb8d48e54235af4d8caa70000000000005502005e36473eccb13ef6d7605cfcdd09cb2a6f0fed69e37c2269f7c0d5cc05912b919b58d4881751721d9b2ffa2e853e89928bf4a3b78443e4856aad71e18250a2c7e622649c1121562ae7aec7197f1a14c11b671061c38583ea1b3a0f58b44c9d8900267f142f64a2d40f77cc4ee6bbce35549fc32b358c2aac75dc63c17510b9a057452a584f6a1141715b39193e8f51ee17f1b3e6a6ecca876bfba77799729e41f27572f720adf1d44cc7b21e6de1c9e925d11e78391e805a53b37aebe817d4150ddbf385e191c21dee8a79531f72dd941b80e8cb17e5a44ee48ff6d9008738a578e47c960827c1ca48227b9a553c20e89058ef8bdd696fdcd0bbe61825e9834d68bb727850b358dd25c655384fe2a7a0f6cd8a83b3bff5407125a4eee17c3a13dc678b90779fd2d416d122f9b6804af199d622f1e1fcf850cb4870533ca02821caa2a2f3a842630b45e5667b5f776bb80d623e3a69597b0aefda4eafe38983fd0b641ee76faeed8c8eb4456ab71286bd805c7dc1260d989efa64ae4b0a5ef50c3132d090aab8fa678917d77552ed12c20fee287474dce21c97aeae6f9a6ecec4659e59a4ffb71c31337cd14bad734f6f54ccb0f59bf43e88030e7e0be544e04b43b629509eaa0e30696fdb000000000000008970000000008bfd6b23ef157b5e80ad7a592e86af34ee1fa43169a4db6d857694457cc5c957bccc31056bab8e58a23da1236cb28857775d7571ee42c1bbd43c1fb2f540b57780053c92fcb95def18a05ae1ba8bfcf5bdc9b7e1b26c4951aba409ba39981fb1f0d7cb136659821511a6d400dd82651ddad00e0d51503507124bf8eaae7ebdad652033faa861ace27281ea3c7f5bff229ad096d1e22c3c1aa62adea63962d9d408dfd9d559d3bc287c2fd5a8832ae8d2815d9d440e4d7f9dca3adc740ab13c2f9684e7b62b1d0aa846801d611cba3796a395a4f91017000da47711e3d186f7122fcc8d4dfcdd65f1a70f30ed77fc1115ce8928fd4f45d742991c4531da69dc6565b6e06b2e762b3ff49960db3a289244143303c3618eb06c4595", @ANYRES16, @ANYBLOB="000328bd7000fcdbdf257c0000000c009900070000000f0000000a0006000802110000010000"], 0x2c}, 0x1, 0x0, 0x0, 0x20028000}, 0x20040001)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x7ff}}, './file0\x00'})
ioctl$TCXONC(r0, 0x540a, 0x3)

04:58:15 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:58:15 executing program 0:
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
fcntl$setpipe(r0, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:15 executing program 1:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
ioctl$TCXONC(r1, 0x540a, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:15 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:58:15 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:15 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2047.877843] tmpfs: Bad value for 'size'
[ 2047.890128] tmpfs: Bad value for 'size'
04:58:15 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:15 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
ioctl$TCXONC(r1, 0x540a, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:15 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2048.079182] tmpfs: Bad value for 'size'
04:58:15 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
ioctl$TCXONC(r1, 0x540a, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2048.186877] tmpfs: Bad value for 'size'
04:58:28 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

[ 2061.483324] tmpfs: Bad value for 'size'
04:58:28 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:28 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:58:28 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:28 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:58:28 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:28 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:58:28 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:44 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c775782c2ac5e", @ANYRESHEX=r1, @ANYBLOB=',\x00'])
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:44 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:58:44 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:58:44 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:44 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:44 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:58:44 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:58:44 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

[ 2077.445422] tmpfs: Bad value for 'size'
04:58:44 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0))
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2077.570707] tmpfs: Bad value for 'size'
04:58:45 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2077.639236] tmpfs: Bad value for 'size'
04:58:45 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2077.774741] tmpfs: Bad value for 'size'
04:58:45 executing program 4:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0))
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:45 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:58:45 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:58:45 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2078.077439] tmpfs: Bad value for 'size'
04:58:45 executing program 5:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:59:00 executing program 4:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0))
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:00 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:00 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:00 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2092.724746] tmpfs: Bad value for 'size'
04:59:00 executing program 4:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0))
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2093.000344] tmpfs: Bad value for 'size'
04:59:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 4:
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2093.288075] tmpfs: Bad value for 'size'
04:59:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2093.445741] tmpfs: Bad value for 'size'
[ 2093.456751] tmpfs: Bad value for 'size'
04:59:01 executing program 4:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:01 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2093.661092] tmpfs: Bad value for 'size'
[ 2107.634533] tmpfs: Bad value for 'size'
04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:15 executing program 4:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:59:15 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:15 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:59:15 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:15 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:59:15 executing program 4:
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file1\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:59:15 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:59:15 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:15 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), 0x0, 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2108.429378] tmpfs: Bad value for 'size'
04:59:15 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2108.579335] tmpfs: Bad value for 'size'
04:59:28 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="18e79b46910bbd03e3e0d21cb5f4a19beef3aefa6fd378c08445166d39a2dc06e56992614ad076fd2f90735f5414b593f34f2c7605ca68f9a6fdbb6f9f3fa6447148fce5fd3bc4ff76f029cc4dc552e44d", 0x51, 0x7}], 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:28 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:28 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:28 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:28 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:28 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:28 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)

04:59:28 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2121.401322] tmpfs: Bad value for 'size'
[ 2121.418614] tmpfs: Bad value for 'size'
04:59:28 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x8, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:28 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2121.493548] tmpfs: Bad value for 'size'
[ 2121.537124] tmpfs: Bad value for 'size'
04:59:29 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x38, 0x3a]}}}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2121.643767] tmpfs: Bad value for 'size'
[ 2121.699408] tmpfs: Bad value for 'size'
04:59:29 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2121.831662] tmpfs: Bad value for 'size'
04:59:29 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2122.000584] tmpfs: Bad value for 'size'
04:59:45 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

04:59:45 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:45 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

04:59:45 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:45 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:59:45 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:45 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

04:59:45 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2138.509742] tmpfs: Bad value for 'size'
04:59:45 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}, {}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:46 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2138.560030] tmpfs: Bad value for 'size'
04:59:46 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x78]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2138.645506] tmpfs: Bad value for 'size'
[ 2138.689610] tmpfs: Unknown parameter 'appraise_type'
04:59:46 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}, {@huge_never}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

04:59:46 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2138.820875] tmpfs: Bad value for 'size'
04:59:46 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@huge_always}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2138.878156] tmpfs: Bad value for 'size'
[ 2138.949266] tmpfs: Unknown parameter 'appraise_type'
04:59:46 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2139.024509] tmpfs: Bad value for 'size'
05:00:00 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:00:00 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:00:00 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:00:00 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2152.993399] tmpfs: Bad value for 'size'
05:00:00 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fcntl$setpipe(r2, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}, {@huge_always}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:00 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2153.000267] tmpfs: Unknown parameter 'appraise_type'
05:00:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}, {@huge_within_size}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2153.119674] tmpfs: Bad value for 'size'
[ 2153.202564] tmpfs: Unknown parameter 'appraise_type'
05:00:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2153.345418] tmpfs: Unknown parameter 'appraise_type'
[ 2153.358898] tmpfs: Bad value for 'size'
05:00:00 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2153.524627] tmpfs: Unknown parameter 'appraise_type'
[ 2153.585475] tmpfs: Unknown parameter 'appraise_type'
05:00:01 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:01 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2153.703520] tmpfs: Unknown parameter 'appraise_type'
05:00:01 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:00:17 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:17 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:17 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2170.145281] tmpfs: Unknown parameter 'appraise_type'
05:00:17 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:00:17 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:17 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:00:17 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:17 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2170.373480] tmpfs: Unknown parameter 'appraise_type'
05:00:17 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2170.570923] tmpfs: Unknown parameter 'appraise_type'
[ 2170.684496] tmpfs: Unknown parameter 'appraise_type'
05:00:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2170.757755] tmpfs: Unknown parameter 'appraise_type'
05:00:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:18 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2170.913440] tmpfs: Unknown parameter 'appraise_type'
05:00:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5600, 0x3)

05:00:34 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:34 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:00:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x0]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:34 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:34 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

[ 2186.718993] tmpfs: Unknown parameter 'appraise_type'
05:00:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2186.860347] tmpfs: Bad value for 'size'
[ 2186.878749] tmpfs: Unknown parameter 'appraise_type'
05:00:34 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
fcntl$setpipe(r1, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2186.956688] tmpfs: Unknown parameter 'appraise_type'
05:00:34 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2187.097607] tmpfs: Bad value for 'size'
05:00:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:34 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2187.316749] tmpfs: Unknown parameter 'appraise_type'
[ 2187.409043] tmpfs: Bad value for 'size'
05:00:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2187.562991] tmpfs: Unknown parameter 'appraise_type'
[ 2203.892128] tmpfs: Bad value for 'size'
05:00:51 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:51 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}]})

05:00:51 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:51 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
fcntl$setpipe(r1, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:51 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:51 executing program 0:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:51 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:00:51 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)

[ 2203.909022] tmpfs: Unknown parameter 'appraise_type'
[ 2203.930844] tmpfs: Bad value for 'size'
05:00:51 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

05:00:51 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)

05:00:51 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}]})

[ 2204.051620] tmpfs: Bad value for 'size'
[ 2204.108372] tmpfs: Bad value for 'size'
05:00:51 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x0, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}, {@uid_gt={'uid>', 0xee00}}]})

[ 2204.156678] tmpfs: Bad value for 'size'
05:00:51 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}]})

05:00:51 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'wfdno'}}]})

[ 2204.337422] tmpfs: Bad value for 'size'
05:00:51 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}]})

[ 2204.407626] tmpfs: Bad value for 'size'
[ 2204.444713] tmpfs: Bad value for 'size'
05:00:52 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}, {@appraise_type}]})

[ 2204.596468] tmpfs: Bad value for 'size'
05:01:06 executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}, {@afid}]}})

05:01:06 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}]})

05:01:06 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
fcntl$setpipe(r1, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:06 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:06 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}, {@dont_appraise}]})

05:01:06 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:06 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:06 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2219.488346] tmpfs: Bad value for 'size'
[ 2219.525058] tmpfs: Bad value for 'size'
05:01:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}, {@subj_role={'subj_role', 0x3d, '-\x9e'}}]})

05:01:07 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}]})

[ 2219.695350] tmpfs: Bad value for 'size'
[ 2219.733229] tmpfs: Bad value for 'size'
05:01:07 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}, {@subj_user={'subj_user', 0x3d, '^\''}}]})

05:01:07 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2219.924287] tmpfs: Bad value for 'size'
[ 2219.953378] tmpfs: Bad value for 'size'
05:01:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}], [{@appraise_type}]})

[ 2220.105831] tmpfs: Bad value for 'size'
05:01:07 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2220.267901] tmpfs: Bad value for 'size'
05:01:07 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:07 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:01:07 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:01:08 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:08 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:01:08 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:01:25 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:25 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:25 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

05:01:25 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

05:01:25 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:25 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:25 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:25 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:26 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:26 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:26 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:26 executing program 5:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

05:01:26 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

05:01:26 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:26 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:26 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x3)

05:01:43 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:01:43 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:01:43 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x3)

05:02:01 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x3)

05:02:01 executing program 4:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)

05:02:01 executing program 6:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:02:01 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:02:01 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:01 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)

05:02:01 executing program 3:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:02:01 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:01 executing program 5:
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 5:
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 5:
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 1:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b63, 0x3)

05:02:02 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:02 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:02:02 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:02 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 1)

05:02:02 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x0)

05:02:02 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)

05:02:02 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:02:02 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)

05:02:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 1)

05:02:03 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2275.587414] FAULT_INJECTION: forcing a failure.
[ 2275.587414] name failslab, interval 1, probability 0, space 0, times 1
[ 2275.588899] CPU: 0 PID: 11256 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2275.589782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2275.590839] Call Trace:
[ 2275.591185]  dump_stack+0x107/0x167
[ 2275.591647]  should_fail.cold+0x5/0xa
[ 2275.592137]  ? getname_flags.part.0+0x50/0x4f0
[ 2275.592798]  should_failslab+0x5/0x20
[ 2275.593296]  kmem_cache_alloc+0x5b/0x310
[ 2275.593826]  getname_flags.part.0+0x50/0x4f0
[ 2275.594384]  getname_flags+0x9a/0xe0
[ 2275.594859]  do_mkdirat+0x8f/0x2b0
[ 2275.595312]  ? user_path_create+0xf0/0xf0
[ 2275.595856]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2275.596561]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2275.597349]  do_syscall_64+0x33/0x40
[ 2275.597954]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2275.598775] RIP: 0033:0x7f8a770ffc27
[ 2275.599331] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2275.602050] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2275.603230] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2275.604325] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2275.605435] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2275.606546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2275.607611] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:02:03 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x0)

[ 2275.630658] FAULT_INJECTION: forcing a failure.
[ 2275.630658] name failslab, interval 1, probability 0, space 0, times 0
[ 2275.632698] CPU: 1 PID: 11261 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2275.633863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2275.635023] Call Trace:
[ 2275.635398]  dump_stack+0x107/0x167
[ 2275.635910]  should_fail.cold+0x5/0xa
[ 2275.636447]  ? getname_flags.part.0+0x50/0x4f0
[ 2275.637094]  should_failslab+0x5/0x20
[ 2275.637629]  kmem_cache_alloc+0x5b/0x310
[ 2275.638199]  getname_flags.part.0+0x50/0x4f0
[ 2275.638819]  getname_flags+0x9a/0xe0
[ 2275.639339]  do_mkdirat+0x8f/0x2b0
[ 2275.639838]  ? user_path_create+0xf0/0xf0
[ 2275.640423]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2275.641163]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2275.641880]  do_syscall_64+0x33/0x40
[ 2275.642456]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2275.643182] RIP: 0033:0x7fcabb3d4c27
[ 2275.643704] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2275.646299] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2275.647370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2275.648364] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2275.649374] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2275.650365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2275.651357] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
05:02:03 executing program 3:
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

05:02:03 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 2)

[ 2275.725637] FAULT_INJECTION: forcing a failure.
[ 2275.725637] name failslab, interval 1, probability 0, space 0, times 0
[ 2275.727282] CPU: 1 PID: 11269 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2275.728255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2275.729420] Call Trace:
[ 2275.729838]  dump_stack+0x107/0x167
[ 2275.730345]  should_fail.cold+0x5/0xa
[ 2275.730887]  ? create_object.isra.0+0x3a/0xa20
[ 2275.731530]  should_failslab+0x5/0x20
[ 2275.732061]  kmem_cache_alloc+0x5b/0x310
[ 2275.732636]  ? ksys_write+0x21a/0x260
[ 2275.733166]  create_object.isra.0+0x3a/0xa20
[ 2275.733786]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2275.734500]  kmem_cache_alloc+0x159/0x310
[ 2275.735085]  getname_flags.part.0+0x50/0x4f0
[ 2275.735695]  getname_flags+0x9a/0xe0
[ 2275.736211]  do_mkdirat+0x8f/0x2b0
[ 2275.736720]  ? user_path_create+0xf0/0xf0
[ 2275.737305]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2275.738037]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2275.738757]  do_syscall_64+0x33/0x40
[ 2275.739280]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2275.740007] RIP: 0033:0x7f8a770ffc27
[ 2275.740523] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2275.743096] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2275.744162] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2275.745179] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2275.746172] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2275.747170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2275.748159] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:02:03 executing program 3:
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

05:02:03 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x0)

05:02:03 executing program 3:
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

[ 2276.006514] tmpfs: Bad value for 'size'
05:02:16 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 1)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2289.427171] FAULT_INJECTION: forcing a failure.
[ 2289.427171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2289.430493] CPU: 0 PID: 11286 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2289.432394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.434686] Call Trace:
[ 2289.435410]  dump_stack+0x107/0x167
[ 2289.436414]  should_fail.cold+0x5/0xa
[ 2289.437478]  strncpy_from_user+0x34/0x470
[ 2289.438622]  getname_flags.part.0+0x95/0x4f0
[ 2289.439830]  getname_flags+0x9a/0xe0
[ 2289.440863]  do_mkdirat+0x8f/0x2b0
[ 2289.441832]  ? user_path_create+0xf0/0xf0
[ 2289.442966]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.444401]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.445845]  do_syscall_64+0x33/0x40
[ 2289.446885]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.448295] RIP: 0033:0x7f8a770ffc27
[ 2289.449332] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.454465] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2289.455724] FAULT_INJECTION: forcing a failure.
[ 2289.455724] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.456465] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2289.456480] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2289.456522] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2289.456535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2289.456557] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:02:16 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 3)

05:02:16 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 1)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:02:16 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x3) (fail_nth: 1)

05:02:16 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

05:02:16 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 1)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:16 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 1)

05:02:16 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 2)

[ 2289.467380] CPU: 1 PID: 11291 Comm: syz-executor.2 Not tainted 5.10.234 #1
[ 2289.469786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.471807] Call Trace:
[ 2289.472359]  dump_stack+0x107/0x167
[ 2289.473173]  should_fail.cold+0x5/0xa
[ 2289.473981]  ? alloc_pipe_info+0x10a/0x590
[ 2289.474878]  should_failslab+0x5/0x20
[ 2289.475684]  kmem_cache_alloc_trace+0x55/0x320
[ 2289.476660]  alloc_pipe_info+0x10a/0x590
[ 2289.477552]  splice_direct_to_actor+0x774/0x980
[ 2289.478553]  ? _cond_resched+0x12/0x80
[ 2289.479381]  ? inode_security+0x107/0x140
[ 2289.480267]  ? pipe_to_sendpage+0x380/0x380
[ 2289.481207]  ? avc_policy_seqno+0x9/0x70
[ 2289.482074]  ? selinux_file_permission+0x92/0x520
[ 2289.483109]  ? do_splice_to+0x160/0x160
[ 2289.483952]  ? security_file_permission+0xb1/0xe0
[ 2289.485000]  do_splice_direct+0x1c4/0x290
[ 2289.485886]  ? splice_direct_to_actor+0x980/0x980
[ 2289.486550] FAULT_INJECTION: forcing a failure.
[ 2289.486550] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.486899]  ? avc_policy_seqno+0x9/0x70
[ 2289.486923]  ? security_file_permission+0xb1/0xe0
[ 2289.486951]  do_sendfile+0x553/0x11e0
[ 2289.491966]  ? do_pwritev+0x270/0x270
[ 2289.492802]  ? wait_for_completion_io+0x270/0x270
[ 2289.493835]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2289.494819]  ? vfs_write+0x354/0xb10
[ 2289.495600]  __x64_sys_sendfile64+0x1d1/0x210
[ 2289.496545]  ? __ia32_sys_sendfile+0x220/0x220
[ 2289.497534]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.498641]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.499729]  do_syscall_64+0x33/0x40
[ 2289.500544]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.501661] RIP: 0033:0x7fde14d81b19
[ 2289.502450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.506347] RSP: 002b:00007fde122f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2289.507957] RAX: ffffffffffffffda RBX: 00007fde14e94f60 RCX: 00007fde14d81b19
[ 2289.509463] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2289.511001] RBP: 00007fde122f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2289.512496] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2289.514009] R13: 00007fff79a251df R14: 00007fde122f7300 R15: 0000000000022000
[ 2289.515521] CPU: 0 PID: 11298 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2289.516902] FAULT_INJECTION: forcing a failure.
[ 2289.516902] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.517093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.521115] Call Trace:
[ 2289.521685]  dump_stack+0x107/0x167
[ 2289.522458]  should_fail.cold+0x5/0xa
[ 2289.523273]  should_failslab+0x5/0x20
[ 2289.524081]  __kmalloc_track_caller+0x79/0x370
[ 2289.525052]  ? strndup_user+0x74/0xe0
[ 2289.525860]  memdup_user+0x22/0xd0
[ 2289.526609]  strndup_user+0x74/0xe0
[ 2289.527381]  __x64_sys_mount+0x133/0x300
[ 2289.528234]  ? copy_mnt_ns+0xa00/0xa00
[ 2289.529075]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.530185]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.531271]  do_syscall_64+0x33/0x40
[ 2289.532058]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.533149] RIP: 0033:0x7fbbb0762b19
[ 2289.533936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.537841] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2289.539445] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2289.540957] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2289.542459] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2289.543961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2289.545472] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2289.547006] CPU: 1 PID: 11293 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2289.548436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.550141] Call Trace:
[ 2289.550683]  dump_stack+0x107/0x167
[ 2289.551314] FAULT_INJECTION: forcing a failure.
[ 2289.551314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2289.551441]  should_fail.cold+0x5/0xa
[ 2289.554691]  ? create_object.isra.0+0x3a/0xa20
[ 2289.555702]  should_failslab+0x5/0x20
[ 2289.556527]  kmem_cache_alloc+0x5b/0x310
[ 2289.557384]  ? ksys_write+0x21a/0x260
[ 2289.558177]  create_object.isra.0+0x3a/0xa20
[ 2289.559067]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2289.560099]  kmem_cache_alloc+0x159/0x310
[ 2289.560954]  getname_flags.part.0+0x50/0x4f0
[ 2289.561855]  getname_flags+0x9a/0xe0
[ 2289.562623]  do_mkdirat+0x8f/0x2b0
[ 2289.563340]  ? user_path_create+0xf0/0xf0
[ 2289.564182]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.565255]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.566314]  do_syscall_64+0x33/0x40
[ 2289.567082]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.568116] RIP: 0033:0x7fcabb3d4c27
[ 2289.568887] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.572559] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2289.574151] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2289.575583] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2289.577029] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2289.578520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2289.580018] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2289.581545] CPU: 0 PID: 11299 Comm: syz-executor.5 Not tainted 5.10.234 #1
[ 2289.583104] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.583110] Call Trace:
[ 2289.583130]  dump_stack+0x107/0x167
[ 2289.583149]  should_fail.cold+0x5/0xa
[ 2289.583173]  _copy_to_user+0x2e/0x180
[ 2289.583197]  simple_read_from_buffer+0xcc/0x160
[ 2289.583221]  proc_fail_nth_read+0x198/0x230
[ 2289.583242]  ? proc_sessionid_read+0x230/0x230
[ 2289.583259]  ? security_file_permission+0xb1/0xe0
[ 2289.583284]  ? proc_sessionid_read+0x230/0x230
[ 2289.583303]  vfs_read+0x228/0x620
[ 2289.583327]  ksys_read+0x12d/0x260
[ 2289.583345]  ? vfs_write+0xb10/0xb10
05:02:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 4)

[ 2289.583367]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.583384]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.583404]  do_syscall_64+0x33/0x40
[ 2289.583420]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.583431] RIP: 0033:0x7f0ff09f469c
[ 2289.583447] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2289.583456] RSP: 002b:00007f0fedf96170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2289.583474] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f0ff09f469c
[ 2289.583484] RDX: 000000000000000f RSI: 00007f0fedf961e0 RDI: 0000000000000003
[ 2289.583493] RBP: 00007f0fedf961d0 R08: 0000000000000000 R09: 0000000000000000
[ 2289.583502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2289.583512] R13: 00007fffd4a3449f R14: 00007f0fedf96300 R15: 0000000000022000
[ 2289.584514] FAULT_INJECTION: forcing a failure.
[ 2289.584514] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.584532] CPU: 0 PID: 11292 Comm: syz-executor.7 Not tainted 5.10.234 #1
[ 2289.584541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.584546] Call Trace:
[ 2289.584565]  dump_stack+0x107/0x167
[ 2289.584584]  should_fail.cold+0x5/0xa
[ 2289.584605]  ? alloc_pipe_info+0x10a/0x590
[ 2289.584625]  should_failslab+0x5/0x20
[ 2289.584642]  kmem_cache_alloc_trace+0x55/0x320
[ 2289.584667]  alloc_pipe_info+0x10a/0x590
[ 2289.584690]  splice_direct_to_actor+0x774/0x980
05:02:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 3)

[ 2289.584733]  ? _cond_resched+0x12/0x80
[ 2289.584750]  ? inode_security+0x107/0x140
[ 2289.584764]  ? pipe_to_sendpage+0x380/0x380
[ 2289.584781]  ? avc_policy_seqno+0x9/0x70
[ 2289.584838]  ? selinux_file_permission+0x92/0x520
05:02:17 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 2)

[ 2289.584859]  ? do_splice_to+0x160/0x160
[ 2289.584875]  ? security_file_permission+0xb1/0xe0
[ 2289.584901]  do_splice_direct+0x1c4/0x290
05:02:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 5)

[ 2289.584919]  ? splice_direct_to_actor+0x980/0x980
[ 2289.584935]  ? avc_policy_seqno+0x9/0x70
[ 2289.584960]  ? security_file_permission+0xb1/0xe0
[ 2289.584990]  do_sendfile+0x553/0x11e0
[ 2289.585020]  ? do_pwritev+0x270/0x270
[ 2289.585070]  ? wait_for_completion_io+0x270/0x270
[ 2289.585094]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2289.585110]  ? vfs_write+0x354/0xb10
[ 2289.585132]  __x64_sys_sendfile64+0x1d1/0x210
[ 2289.585149]  ? __ia32_sys_sendfile+0x220/0x220
[ 2289.585172]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.585189]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.585209]  do_syscall_64+0x33/0x40
[ 2289.585227]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.585238] RIP: 0033:0x7fc766e9cb19
[ 2289.585254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.585263] RSP: 002b:00007fc764412188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2289.585282] RAX: ffffffffffffffda RBX: 00007fc766faff60 RCX: 00007fc766e9cb19
[ 2289.585291] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2289.585301] RBP: 00007fc7644121d0 R08: 0000000000000000 R09: 0000000000000000
[ 2289.585311] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2289.585321] R13: 00007ffeabf2bf1f R14: 00007fc764412300 R15: 0000000000022000
[ 2289.614568] FAULT_INJECTION: forcing a failure.
[ 2289.614568] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.614605] CPU: 1 PID: 11297 Comm: syz-executor.1 Not tainted 5.10.234 #1
[ 2289.614625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.614635] Call Trace:
[ 2289.614735]  dump_stack+0x107/0x167
[ 2289.614768]  should_fail.cold+0x5/0xa
[ 2289.614805]  ? alloc_pipe_info+0x10a/0x590
[ 2289.614832]  should_failslab+0x5/0x20
[ 2289.614857]  kmem_cache_alloc_trace+0x55/0x320
[ 2289.614892]  alloc_pipe_info+0x10a/0x590
[ 2289.614924]  splice_direct_to_actor+0x774/0x980
[ 2289.614953]  ? _cond_resched+0x12/0x80
[ 2289.614974]  ? inode_security+0x107/0x140
[ 2289.614992]  ? pipe_to_sendpage+0x380/0x380
[ 2289.615012]  ? avc_policy_seqno+0x9/0x70
[ 2289.615032]  ? selinux_file_permission+0x92/0x520
[ 2289.615053]  ? do_splice_to+0x160/0x160
[ 2289.615074]  ? security_file_permission+0xb1/0xe0
[ 2289.615112]  do_splice_direct+0x1c4/0x290
[ 2289.615137]  ? splice_direct_to_actor+0x980/0x980
[ 2289.615157]  ? avc_policy_seqno+0x9/0x70
[ 2289.615217]  ? security_file_permission+0xb1/0xe0
[ 2289.615257]  do_sendfile+0x553/0x11e0
[ 2289.615300]  ? do_pwritev+0x270/0x270
[ 2289.615329]  ? wait_for_completion_io+0x270/0x270
[ 2289.615357]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2289.615378]  ? vfs_write+0x354/0xb10
[ 2289.615408]  __x64_sys_sendfile64+0x1d1/0x210
[ 2289.615431]  ? __ia32_sys_sendfile+0x220/0x220
[ 2289.615462]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.615484]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.615511]  do_syscall_64+0x33/0x40
[ 2289.615533]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.615548] RIP: 0033:0x7f222a3ebb19
[ 2289.615571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.615584] RSP: 002b:00007f2227961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2289.615609] RAX: ffffffffffffffda RBX: 00007f222a4fef60 RCX: 00007f222a3ebb19
[ 2289.615623] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2289.615636] RBP: 00007f22279611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2289.615649] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2289.615663] R13: 00007fffe668f2ff R14: 00007f2227961300 R15: 0000000000022000
[ 2289.662031] tmpfs: Bad value for 'size'
[ 2289.754911] FAULT_INJECTION: forcing a failure.
[ 2289.754911] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.754983] CPU: 1 PID: 11305 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2289.754992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.754997] Call Trace:
[ 2289.755018]  dump_stack+0x107/0x167
[ 2289.755037]  should_fail.cold+0x5/0xa
[ 2289.755056]  ? __d_alloc+0x2a/0x990
[ 2289.755076]  should_failslab+0x5/0x20
[ 2289.755092]  kmem_cache_alloc+0x5b/0x310
[ 2289.755104]  ? __d_lookup+0x3bf/0x760
[ 2289.755126]  __d_alloc+0x2a/0x990
[ 2289.755148]  d_alloc+0x46/0x1c0
[ 2289.755166]  __lookup_hash+0xcc/0x190
[ 2289.755251]  filename_create+0x186/0x4a0
[ 2289.755270]  ? filename_parentat+0x570/0x570
[ 2289.755287]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2289.755312]  do_mkdirat+0xa2/0x2b0
[ 2289.755330]  ? user_path_create+0xf0/0xf0
[ 2289.755353]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.755370]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.755389]  do_syscall_64+0x33/0x40
[ 2289.755406]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.755417] RIP: 0033:0x7f8a770ffc27
[ 2289.755432] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.755441] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2289.755485] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2289.755495] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2289.755504] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2289.755513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2289.755522] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2289.849203] FAULT_INJECTION: forcing a failure.
[ 2289.849203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2289.849226] CPU: 1 PID: 11307 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2289.849236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.849242] Call Trace:
[ 2289.849266]  dump_stack+0x107/0x167
[ 2289.849287]  should_fail.cold+0x5/0xa
[ 2289.849314]  strncpy_from_user+0x34/0x470
[ 2289.849339]  getname_flags.part.0+0x95/0x4f0
[ 2289.849362]  getname_flags+0x9a/0xe0
[ 2289.849381]  do_mkdirat+0x8f/0x2b0
[ 2289.849402]  ? user_path_create+0xf0/0xf0
[ 2289.849426]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2289.849447]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2289.849468]  do_syscall_64+0x33/0x40
[ 2289.849487]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2289.849500] RIP: 0033:0x7fcabb3d4c27
[ 2289.849517] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2289.849528] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2289.849548] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2289.849559] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2289.849569] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2289.849579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2289.849590] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2289.888872] FAULT_INJECTION: forcing a failure.
[ 2289.888872] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.980488] FAULT_INJECTION: forcing a failure.
[ 2289.980488] name failslab, interval 1, probability 0, space 0, times 0
[ 2289.981805] CPU: 0 PID: 11311 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2289.981816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2289.981821] Call Trace:
[ 2289.981846]  dump_stack+0x107/0x167
[ 2289.981870]  should_fail.cold+0x5/0xa
[ 2290.021225]  ? create_object.isra.0+0x3a/0xa20
05:02:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 4)

[ 2290.021247]  should_failslab+0x5/0x20
[ 2290.021264]  kmem_cache_alloc+0x5b/0x310
[ 2290.021287]  create_object.isra.0+0x3a/0xa20
[ 2290.021301]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2290.021324]  kmem_cache_alloc+0x159/0x310
[ 2290.021348]  __d_alloc+0x2a/0x990
[ 2290.021372]  d_alloc+0x46/0x1c0
[ 2290.021391]  __lookup_hash+0xcc/0x190
[ 2290.021411]  filename_create+0x186/0x4a0
[ 2290.021428]  ? filename_parentat+0x570/0x570
[ 2290.021446]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2290.021542]  do_mkdirat+0xa2/0x2b0
[ 2290.021563]  ? user_path_create+0xf0/0xf0
[ 2290.021586]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.021605]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.021624]  do_syscall_64+0x33/0x40
[ 2290.021642]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.021653] RIP: 0033:0x7f8a770ffc27
[ 2290.021669] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.021679] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2290.021728] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2290.021737] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2290.021747] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2290.021756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2290.021766] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:02:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 6)

[ 2290.021819] CPU: 1 PID: 11313 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2290.021831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2290.021836] Call Trace:
[ 2290.021864]  dump_stack+0x107/0x167
[ 2290.021886]  should_fail.cold+0x5/0xa
[ 2290.021910]  ? __d_alloc+0x2a/0x990
[ 2290.021933]  should_failslab+0x5/0x20
[ 2290.021952]  kmem_cache_alloc+0x5b/0x310
[ 2290.021966]  ? __d_lookup+0x3bf/0x760
[ 2290.021991]  __d_alloc+0x2a/0x990
[ 2290.022017]  d_alloc+0x46/0x1c0
[ 2290.022038]  __lookup_hash+0xcc/0x190
05:02:17 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2290.022060]  filename_create+0x186/0x4a0
05:02:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 5)

[ 2290.022079]  ? filename_parentat+0x570/0x570
[ 2290.022099]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2290.022128]  do_mkdirat+0xa2/0x2b0
[ 2290.022149]  ? user_path_create+0xf0/0xf0
[ 2290.022175]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.022195]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.022216]  do_syscall_64+0x33/0x40
[ 2290.022235]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.022248] RIP: 0033:0x7fcabb3d4c27
[ 2290.022265] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.022275] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2290.022296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2290.022306] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2290.022316] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2290.022327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2290.022338] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2290.035436] FAULT_INJECTION: forcing a failure.
[ 2290.035436] name failslab, interval 1, probability 0, space 0, times 0
[ 2290.035462] CPU: 1 PID: 11310 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2290.035472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2290.035541] Call Trace:
[ 2290.035563]  dump_stack+0x107/0x167
[ 2290.035584]  should_fail.cold+0x5/0xa
[ 2290.035605]  ? create_object.isra.0+0x3a/0xa20
[ 2290.035626]  should_failslab+0x5/0x20
[ 2290.035654]  kmem_cache_alloc+0x5b/0x310
[ 2290.035686]  create_object.isra.0+0x3a/0xa20
[ 2290.035702]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2290.035728]  __kmalloc_track_caller+0x177/0x370
[ 2290.035743]  ? strndup_user+0x74/0xe0
[ 2290.035765]  memdup_user+0x22/0xd0
[ 2290.035782]  strndup_user+0x74/0xe0
[ 2290.035802]  __x64_sys_mount+0x133/0x300
[ 2290.035824]  ? copy_mnt_ns+0xa00/0xa00
[ 2290.035849]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.035899]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.035922]  do_syscall_64+0x33/0x40
[ 2290.035941]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.035953] RIP: 0033:0x7fbbb0762b19
[ 2290.035971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.035981] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2290.036002] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2290.036013] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2290.036023] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2290.036034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2290.036045] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2290.111424] tmpfs: Bad value for 'size'
[ 2290.274643] FAULT_INJECTION: forcing a failure.
[ 2290.274643] name failslab, interval 1, probability 0, space 0, times 0
[ 2290.274665] CPU: 0 PID: 11316 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2290.274674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2290.274755] Call Trace:
[ 2290.274789]  dump_stack+0x107/0x167
[ 2290.274809]  should_fail.cold+0x5/0xa
[ 2290.274828]  ? ext4_alloc_inode+0x1a/0x670
[ 2290.274850]  should_failslab+0x5/0x20
[ 2290.274868]  kmem_cache_alloc+0x5b/0x310
[ 2290.274888]  ? security_compute_validatetrans.part.0+0x960/0x960
[ 2290.274905]  ? ext4_init_journal_params+0x350/0x350
[ 2290.274921]  ext4_alloc_inode+0x1a/0x670
[ 2290.274937]  ? ext4_init_journal_params+0x350/0x350
[ 2290.274952]  alloc_inode+0x63/0x240
[ 2290.274969]  new_inode+0x23/0x250
[ 2290.274991]  __ext4_new_inode+0x32c/0x5370
[ 2290.275008]  ? avc_has_extended_perms+0xf40/0xf40
[ 2290.275051]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2290.275079]  ? dquot_initialize_needed+0x290/0x290
[ 2290.275098]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2290.275162]  ext4_mkdir+0x32c/0xb10
[ 2290.275194]  ? ext4_rmdir+0xf70/0xf70
[ 2290.275225]  vfs_mkdir+0x493/0x750
[ 2290.275247]  do_mkdirat+0x150/0x2b0
[ 2290.275267]  ? user_path_create+0xf0/0xf0
[ 2290.275292]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.275311]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.275331]  do_syscall_64+0x33/0x40
[ 2290.275350]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.275361] RIP: 0033:0x7f8a770ffc27
[ 2290.275378] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.275388] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2290.275407] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2290.275417] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2290.275426] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2290.275436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2290.275446] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2290.311139] FAULT_INJECTION: forcing a failure.
[ 2290.311139] name failslab, interval 1, probability 0, space 0, times 0
[ 2290.311162] CPU: 0 PID: 11318 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2290.311172] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2290.311177] Call Trace:
[ 2290.311201]  dump_stack+0x107/0x167
[ 2290.311222]  should_fail.cold+0x5/0xa
[ 2290.311244]  ? create_object.isra.0+0x3a/0xa20
[ 2290.311266]  should_failslab+0x5/0x20
[ 2290.311285]  kmem_cache_alloc+0x5b/0x310
[ 2290.311308]  create_object.isra.0+0x3a/0xa20
[ 2290.311324]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2290.311348]  kmem_cache_alloc+0x159/0x310
[ 2290.311375]  __d_alloc+0x2a/0x990
[ 2290.311400]  d_alloc+0x46/0x1c0
[ 2290.311420]  __lookup_hash+0xcc/0x190
[ 2290.311441]  filename_create+0x186/0x4a0
[ 2290.311459]  ? filename_parentat+0x570/0x570
[ 2290.311478]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2290.311507]  do_mkdirat+0xa2/0x2b0
[ 2290.311528]  ? user_path_create+0xf0/0xf0
[ 2290.311552]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.311571]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.311592]  do_syscall_64+0x33/0x40
[ 2290.311610]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.311622] RIP: 0033:0x7fcabb3d4c27
[ 2290.311638] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.311648] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2290.311667] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2290.311677] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2290.311760] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2290.311777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2290.311788] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2290.317347] tmpfs: Bad value for 'size'
[ 2290.395267] FAULT_INJECTION: forcing a failure.
[ 2290.395267] name failslab, interval 1, probability 0, space 0, times 0
[ 2290.395289] CPU: 1 PID: 11320 Comm: syz-executor.2 Not tainted 5.10.234 #1
[ 2290.395298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2290.395305] Call Trace:
[ 2290.395329]  dump_stack+0x107/0x167
[ 2290.395350]  should_fail.cold+0x5/0xa
[ 2290.395371]  ? create_object.isra.0+0x3a/0xa20
[ 2290.395457]  should_failslab+0x5/0x20
[ 2290.395478]  kmem_cache_alloc+0x5b/0x310
[ 2290.395503]  create_object.isra.0+0x3a/0xa20
[ 2290.395519]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2290.395544]  kmem_cache_alloc_trace+0x151/0x320
[ 2290.395571]  alloc_pipe_info+0x10a/0x590
[ 2290.395595]  splice_direct_to_actor+0x774/0x980
[ 2290.395618]  ? _cond_resched+0x12/0x80
[ 2290.395636]  ? inode_security+0x107/0x140
[ 2290.395652]  ? pipe_to_sendpage+0x380/0x380
[ 2290.395669]  ? avc_policy_seqno+0x9/0x70
[ 2290.395686]  ? selinux_file_permission+0x92/0x520
[ 2290.395705]  ? do_splice_to+0x160/0x160
[ 2290.395723]  ? security_file_permission+0xb1/0xe0
[ 2290.395750]  do_splice_direct+0x1c4/0x290
[ 2290.395769]  ? splice_direct_to_actor+0x980/0x980
[ 2290.395785]  ? avc_policy_seqno+0x9/0x70
[ 2290.395809]  ? security_file_permission+0xb1/0xe0
[ 2290.395838]  do_sendfile+0x553/0x11e0
[ 2290.395869]  ? do_pwritev+0x270/0x270
[ 2290.395891]  ? wait_for_completion_io+0x270/0x270
[ 2290.395913]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2290.395930]  ? vfs_write+0x354/0xb10
[ 2290.395953]  __x64_sys_sendfile64+0x1d1/0x210
[ 2290.395970]  ? __ia32_sys_sendfile+0x220/0x220
[ 2290.395994]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2290.396013]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2290.396035]  do_syscall_64+0x33/0x40
[ 2290.396053]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2290.396066] RIP: 0033:0x7fde14d81b19
[ 2290.396083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2290.396093] RSP: 002b:00007fde122f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2290.396113] RAX: ffffffffffffffda RBX: 00007fde14e94f60 RCX: 00007fde14d81b19
[ 2290.396123] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2290.396134] RBP: 00007fde122f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2290.396144] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2290.396186] R13: 00007fff79a251df R14: 00007fde122f7300 R15: 0000000000022000
[ 2306.044657] FAULT_INJECTION: forcing a failure.
[ 2306.044657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2306.047378] CPU: 0 PID: 11330 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2306.048882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.050586] Call Trace:
[ 2306.051151]  dump_stack+0x107/0x167
[ 2306.051249] FAULT_INJECTION: forcing a failure.
[ 2306.051249] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.051932]  should_fail.cold+0x5/0xa
[ 2306.051960]  _copy_from_user+0x2e/0x1b0
[ 2306.051984]  memdup_user+0x65/0xd0
[ 2306.056953]  strndup_user+0x74/0xe0
[ 2306.057755]  __x64_sys_mount+0x133/0x300
[ 2306.058604]  ? copy_mnt_ns+0xa00/0xa00
[ 2306.059457]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.060785]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.061897]  do_syscall_64+0x33/0x40
[ 2306.062846]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.064150] RIP: 0033:0x7fbbb0762b19
[ 2306.064980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.068993] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2306.070926] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2306.072481] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2306.074008] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2306.075476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2306.076970] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2306.078464] CPU: 1 PID: 11334 Comm: syz-executor.6 Not tainted 5.10.234 #1
05:02:33 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 6)

05:02:33 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 3)

05:02:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 7)

05:02:33 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

05:02:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b63, 0x3)

05:02:33 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 3)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:33 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2306.079894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.081894] Call Trace:
[ 2306.082470]  dump_stack+0x107/0x167
[ 2306.083218]  should_fail.cold+0x5/0xa
[ 2306.083993]  ? ext4_alloc_inode+0x1a/0x670
[ 2306.084872]  should_failslab+0x5/0x20
[ 2306.085637]  kmem_cache_alloc+0x5b/0x310
[ 2306.086480]  ? security_compute_validatetrans.part.0+0x960/0x960
[ 2306.087698]  ? ext4_init_journal_params+0x350/0x350
[ 2306.088691]  ext4_alloc_inode+0x1a/0x670
[ 2306.089580]  ? ext4_init_journal_params+0x350/0x350
[ 2306.090579]  alloc_inode+0x63/0x240
[ 2306.091303]  new_inode+0x23/0x250
[ 2306.092006]  __ext4_new_inode+0x32c/0x5370
[ 2306.092612] FAULT_INJECTION: forcing a failure.
[ 2306.092612] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.092847]  ? avc_has_extended_perms+0xf40/0xf40
[ 2306.092899]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2306.092927]  ? dquot_initialize_needed+0x290/0x290
[ 2306.098064]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2306.099186]  ext4_mkdir+0x32c/0xb10
[ 2306.099933]  ? ext4_rmdir+0xf70/0xf70
[ 2306.100732]  vfs_mkdir+0x493/0x750
[ 2306.101463]  do_mkdirat+0x150/0x2b0
[ 2306.102192]  ? user_path_create+0xf0/0xf0
[ 2306.103027]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.104087]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.105133]  do_syscall_64+0x33/0x40
[ 2306.105875]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.106903] RIP: 0033:0x7fcabb3d4c27
[ 2306.107663] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.111366] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2306.112938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2306.114364] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2306.115807] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2306.117263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2306.118701] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2306.120160] CPU: 0 PID: 11338 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2306.121632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.123377] Call Trace:
[ 2306.123936]  dump_stack+0x107/0x167
[ 2306.124706]  should_fail.cold+0x5/0xa
[ 2306.125519]  ? create_object.isra.0+0x3a/0xa20
[ 2306.126483]  should_failslab+0x5/0x20
[ 2306.127291]  kmem_cache_alloc+0x5b/0x310
[ 2306.128148]  create_object.isra.0+0x3a/0xa20
[ 2306.129078]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2306.130152]  kmem_cache_alloc+0x159/0x310
[ 2306.131029]  ? ext4_init_journal_params+0x350/0x350
[ 2306.132071]  ext4_alloc_inode+0x1a/0x670
[ 2306.132944]  ? ext4_init_journal_params+0x350/0x350
[ 2306.133995]  alloc_inode+0x63/0x240
[ 2306.134758]  new_inode+0x23/0x250
[ 2306.135497]  __ext4_new_inode+0x32c/0x5370
[ 2306.136379]  ? avc_has_extended_perms+0xf40/0xf40
[ 2306.137645]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2306.138682]  ? dquot_initialize_needed+0x290/0x290
[ 2306.139754]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2306.140913]  ext4_mkdir+0x32c/0xb10
[ 2306.141692]  ? ext4_rmdir+0xf70/0xf70
[ 2306.142503]  vfs_mkdir+0x493/0x750
[ 2306.143253]  do_mkdirat+0x150/0x2b0
[ 2306.144019]  ? user_path_create+0xf0/0xf0
[ 2306.144901]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:02:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x2, 0x3)

[ 2306.146241]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.147482]  do_syscall_64+0x33/0x40
[ 2306.148434]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.149767] RIP: 0033:0x7f8a770ffc27
[ 2306.150789] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.154688] FAULT_INJECTION: forcing a failure.
[ 2306.154688] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.155550] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2306.155572] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2306.155583] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2306.155596] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2306.155609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2306.155619] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2306.167400] CPU: 1 PID: 11339 Comm: syz-executor.7 Not tainted 5.10.234 #1
[ 2306.168817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.170537] Call Trace:
[ 2306.171094]  dump_stack+0x107/0x167
[ 2306.171841]  should_fail.cold+0x5/0xa
[ 2306.172629]  ? create_object.isra.0+0x3a/0xa20
[ 2306.173583]  should_failslab+0x5/0x20
[ 2306.174360]  kmem_cache_alloc+0x5b/0x310
[ 2306.175255]  create_object.isra.0+0x3a/0xa20
[ 2306.176180]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2306.177240]  kmem_cache_alloc_trace+0x151/0x320
[ 2306.178217]  alloc_pipe_info+0x10a/0x590
[ 2306.179069]  splice_direct_to_actor+0x774/0x980
[ 2306.180034]  ? _cond_resched+0x12/0x80
[ 2306.180829]  ? inode_security+0x107/0x140
[ 2306.181685]  ? pipe_to_sendpage+0x380/0x380
[ 2306.182559]  ? avc_policy_seqno+0x9/0x70
[ 2306.183393]  ? selinux_file_permission+0x92/0x520
[ 2306.183486] FAULT_INJECTION: forcing a failure.
[ 2306.183486] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.184369]  ? do_splice_to+0x160/0x160
[ 2306.184386]  ? security_file_permission+0xb1/0xe0
[ 2306.184411]  do_splice_direct+0x1c4/0x290
[ 2306.184434]  ? splice_direct_to_actor+0x980/0x980
[ 2306.190313]  ? avc_policy_seqno+0x9/0x70
[ 2306.191141]  ? security_file_permission+0xb1/0xe0
[ 2306.192134]  do_sendfile+0x553/0x11e0
[ 2306.192938]  ? do_pwritev+0x270/0x270
[ 2306.193720]  ? wait_for_completion_io+0x270/0x270
[ 2306.194689]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2306.195642]  ? vfs_write+0x354/0xb10
[ 2306.196409]  __x64_sys_sendfile64+0x1d1/0x210
[ 2306.197333]  ? __ia32_sys_sendfile+0x220/0x220
[ 2306.198278]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.199346]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.200387]  do_syscall_64+0x33/0x40
[ 2306.201151]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.202178] RIP: 0033:0x7fc766e9cb19
[ 2306.202930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.206657] RSP: 002b:00007fc764412188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2306.208225] RAX: ffffffffffffffda RBX: 00007fc766faff60 RCX: 00007fc766e9cb19
[ 2306.209678] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2306.211124] RBP: 00007fc7644121d0 R08: 0000000000000000 R09: 0000000000000000
[ 2306.212582] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2306.214054] R13: 00007ffeabf2bf1f R14: 00007fc764412300 R15: 0000000000022000
[ 2306.215533] CPU: 0 PID: 11341 Comm: syz-executor.2 Not tainted 5.10.234 #1
[ 2306.217323] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.217330] Call Trace:
[ 2306.217351]  dump_stack+0x107/0x167
[ 2306.217373]  should_fail.cold+0x5/0xa
[ 2306.217393]  ? memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2306.217415]  should_failslab+0x5/0x20
[ 2306.217432]  __kmalloc_node+0x76/0x420
[ 2306.217459]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2306.217481]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 2306.217500]  ? trace_hardirqs_on+0x5b/0x180
[ 2306.217524]  kmem_cache_alloc_trace+0x169/0x320
[ 2306.217553]  alloc_pipe_info+0x10a/0x590
[ 2306.217577]  splice_direct_to_actor+0x774/0x980
[ 2306.217600]  ? _cond_resched+0x12/0x80
[ 2306.217618]  ? inode_security+0x107/0x140
[ 2306.217633]  ? pipe_to_sendpage+0x380/0x380
[ 2306.217651]  ? avc_policy_seqno+0x9/0x70
[ 2306.217668]  ? selinux_file_permission+0x92/0x520
[ 2306.217688]  ? do_splice_to+0x160/0x160
[ 2306.217705]  ? security_file_permission+0xb1/0xe0
[ 2306.217733]  do_splice_direct+0x1c4/0x290
[ 2306.217753]  ? splice_direct_to_actor+0x980/0x980
[ 2306.217769]  ? avc_policy_seqno+0x9/0x70
[ 2306.217793]  ? security_file_permission+0xb1/0xe0
[ 2306.217823]  do_sendfile+0x553/0x11e0
[ 2306.217855]  ? do_pwritev+0x270/0x270
[ 2306.217878]  ? wait_for_completion_io+0x270/0x270
[ 2306.217900]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2306.217917]  ? vfs_write+0x354/0xb10
[ 2306.217940]  __x64_sys_sendfile64+0x1d1/0x210
[ 2306.217958]  ? __ia32_sys_sendfile+0x220/0x220
[ 2306.217982]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.218001]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.218023]  do_syscall_64+0x33/0x40
[ 2306.218041]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.218053] RIP: 0033:0x7fde14d81b19
[ 2306.218070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.218080] RSP: 002b:00007fde122f7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2306.218100] RAX: ffffffffffffffda RBX: 00007fde14e94f60 RCX: 00007fde14d81b19
[ 2306.218157] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2306.218196] RBP: 00007fde122f71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2306.218207] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2306.218218] R13: 00007fff79a251df R14: 00007fde122f7300 R15: 0000000000022000
[ 2306.221538] FAULT_INJECTION: forcing a failure.
[ 2306.221538] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.277256] CPU: 0 PID: 11342 Comm: syz-executor.1 Not tainted 5.10.234 #1
[ 2306.277266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.277280] Call Trace:
[ 2306.280516] tmpfs: Bad value for 'size'
[ 2306.280664]  dump_stack+0x107/0x167
[ 2306.280687]  should_fail.cold+0x5/0xa
[ 2306.283915]  ? create_object.isra.0+0x3a/0xa20
[ 2306.283937]  should_failslab+0x5/0x20
[ 2306.283964]  kmem_cache_alloc+0x5b/0x310
[ 2306.286758]  create_object.isra.0+0x3a/0xa20
[ 2306.286782]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2306.288888]  kmem_cache_alloc_trace+0x151/0x320
[ 2306.288929]  alloc_pipe_info+0x10a/0x590
[ 2306.290825]  splice_direct_to_actor+0x774/0x980
[ 2306.291949]  ? _cond_resched+0x12/0x80
[ 2306.292877]  ? inode_security+0x107/0x140
[ 2306.293866]  ? pipe_to_sendpage+0x380/0x380
[ 2306.294892]  ? avc_policy_seqno+0x9/0x70
[ 2306.295868]  ? selinux_file_permission+0x92/0x520
[ 2306.297032]  ? do_splice_to+0x160/0x160
[ 2306.297992]  ? security_file_permission+0xb1/0xe0
[ 2306.299152]  do_splice_direct+0x1c4/0x290
[ 2306.300137]  ? splice_direct_to_actor+0x980/0x980
[ 2306.301283]  ? avc_policy_seqno+0x9/0x70
[ 2306.302275]  ? security_file_permission+0xb1/0xe0
[ 2306.303440]  do_sendfile+0x553/0x11e0
[ 2306.304408]  ? do_pwritev+0x270/0x270
[ 2306.305351]  ? wait_for_completion_io+0x270/0x270
[ 2306.306505]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2306.307607]  ? vfs_write+0x354/0xb10
[ 2306.308515]  __x64_sys_sendfile64+0x1d1/0x210
[ 2306.309592]  ? __ia32_sys_sendfile+0x220/0x220
[ 2306.310675]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.311916]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.313148]  do_syscall_64+0x33/0x40
[ 2306.314076]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.315298] RIP: 0033:0x7f222a3ebb19
[ 2306.316202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.320611] RSP: 002b:00007f2227961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2306.322448] RAX: ffffffffffffffda RBX: 00007f222a4fef60 RCX: 00007f222a3ebb19
[ 2306.324174] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2306.325909] RBP: 00007f22279611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2306.327625] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001
[ 2306.329396] R13: 00007fffe668f2ff R14: 00007f2227961300 R15: 0000000000022000
05:02:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b2f, 0x3)

05:02:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 8)

05:02:33 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)

05:02:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 7)

05:02:33 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 4)

[ 2306.459623] FAULT_INJECTION: forcing a failure.
[ 2306.459623] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.462090] CPU: 1 PID: 11357 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2306.463621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.465303] Call Trace:
[ 2306.465326]  dump_stack+0x107/0x167
[ 2306.465346]  should_fail.cold+0x5/0xa
[ 2306.465369]  ? security_inode_alloc+0x34/0x160
[ 2306.465390]  should_failslab+0x5/0x20
[ 2306.465407]  kmem_cache_alloc+0x5b/0x310
[ 2306.465432]  security_inode_alloc+0x34/0x160
[ 2306.465451]  inode_init_always+0xa4e/0xd10
[ 2306.465471]  alloc_inode+0x84/0x240
05:02:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b30, 0x3)

05:02:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 9)

[ 2306.465486]  new_inode+0x23/0x250
[ 2306.465508]  __ext4_new_inode+0x32c/0x5370
[ 2306.465524]  ? avc_has_extended_perms+0xf40/0xf40
[ 2306.465566]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2306.465594]  ? dquot_initialize_needed+0x290/0x290
[ 2306.465612]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2306.465644]  ext4_mkdir+0x32c/0xb10
[ 2306.465673]  ? ext4_rmdir+0xf70/0xf70
[ 2306.465702]  vfs_mkdir+0x493/0x750
[ 2306.465722]  do_mkdirat+0x150/0x2b0
[ 2306.465741]  ? user_path_create+0xf0/0xf0
[ 2306.465765]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.465783]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.465803]  do_syscall_64+0x33/0x40
[ 2306.465820]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.465831] RIP: 0033:0x7f8a770ffc27
[ 2306.465900] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.465910] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2306.465928] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2306.465938] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2306.465947] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2306.465956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2306.465966] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2306.466608] FAULT_INJECTION: forcing a failure.
[ 2306.466608] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.466626] CPU: 1 PID: 11356 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2306.466634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.466639] Call Trace:
[ 2306.466657]  dump_stack+0x107/0x167
[ 2306.466676]  should_fail.cold+0x5/0xa
[ 2306.466695]  ? create_object.isra.0+0x3a/0xa20
[ 2306.466715]  should_failslab+0x5/0x20
[ 2306.466731]  kmem_cache_alloc+0x5b/0x310
[ 2306.466755]  create_object.isra.0+0x3a/0xa20
[ 2306.466814]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2306.466839]  kmem_cache_alloc+0x159/0x310
[ 2306.466859]  ? ext4_init_journal_params+0x350/0x350
[ 2306.466875]  ext4_alloc_inode+0x1a/0x670
[ 2306.466891]  ? ext4_init_journal_params+0x350/0x350
[ 2306.466905]  alloc_inode+0x63/0x240
[ 2306.466921]  new_inode+0x23/0x250
[ 2306.466942]  __ext4_new_inode+0x32c/0x5370
[ 2306.466958]  ? avc_has_extended_perms+0xf40/0xf40
[ 2306.466999]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2306.467025]  ? dquot_initialize_needed+0x290/0x290
[ 2306.467043]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2306.467073]  ext4_mkdir+0x32c/0xb10
[ 2306.467102]  ? ext4_rmdir+0xf70/0xf70
[ 2306.467129]  vfs_mkdir+0x493/0x750
[ 2306.467150]  do_mkdirat+0x150/0x2b0
[ 2306.467170]  ? user_path_create+0xf0/0xf0
[ 2306.467192]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.467210]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.467230]  do_syscall_64+0x33/0x40
[ 2306.467248]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.467258] RIP: 0033:0x7fcabb3d4c27
[ 2306.467274] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.467284] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2306.467302] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2306.467311] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2306.467321] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2306.467331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2306.467341] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2306.474394] tmpfs: Bad value for 'size'
[ 2306.505339] FAULT_INJECTION: forcing a failure.
[ 2306.505339] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.505358] CPU: 1 PID: 11360 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2306.505367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.505372] Call Trace:
[ 2306.505392]  dump_stack+0x107/0x167
[ 2306.505411]  should_fail.cold+0x5/0xa
[ 2306.505432]  ? copy_mount_options+0x55/0x180
[ 2306.505451]  should_failslab+0x5/0x20
[ 2306.505469]  kmem_cache_alloc_trace+0x55/0x320
[ 2306.505487]  ? _copy_from_user+0xfb/0x1b0
[ 2306.505516]  copy_mount_options+0x55/0x180
[ 2306.505535]  __x64_sys_mount+0x1a8/0x300
[ 2306.505551]  ? copy_mnt_ns+0xa00/0xa00
[ 2306.505573]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.505591]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.505611]  do_syscall_64+0x33/0x40
[ 2306.505628]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.505688] RIP: 0033:0x7fbbb0762b19
[ 2306.505705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.505715] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2306.505733] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2306.505772] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2306.505783] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2306.505793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2306.505803] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2306.623970] FAULT_INJECTION: forcing a failure.
[ 2306.623970] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.623993] CPU: 0 PID: 11365 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2306.624004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2306.624010] Call Trace:
[ 2306.624036]  dump_stack+0x107/0x167
[ 2306.624061]  should_fail.cold+0x5/0xa
[ 2306.624087]  ? create_object.isra.0+0x3a/0xa20
[ 2306.624111]  should_failslab+0x5/0x20
[ 2306.624133]  kmem_cache_alloc+0x5b/0x310
[ 2306.624160]  create_object.isra.0+0x3a/0xa20
[ 2306.624176]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2306.624203]  kmem_cache_alloc+0x159/0x310
[ 2306.624235]  security_inode_alloc+0x34/0x160
[ 2306.624257]  inode_init_always+0xa4e/0xd10
[ 2306.624280]  alloc_inode+0x84/0x240
[ 2306.624298]  new_inode+0x23/0x250
[ 2306.624324]  __ext4_new_inode+0x32c/0x5370
[ 2306.624342]  ? avc_has_extended_perms+0xf40/0xf40
[ 2306.624390]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2306.624421]  ? dquot_initialize_needed+0x290/0x290
[ 2306.624442]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2306.624477]  ext4_mkdir+0x32c/0xb10
[ 2306.624510]  ? ext4_rmdir+0xf70/0xf70
[ 2306.624551]  vfs_mkdir+0x493/0x750
[ 2306.624575]  do_mkdirat+0x150/0x2b0
[ 2306.624597]  ? user_path_create+0xf0/0xf0
[ 2306.624624]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2306.624646]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2306.624669]  do_syscall_64+0x33/0x40
[ 2306.624689]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2306.624703] RIP: 0033:0x7f8a770ffc27
[ 2306.624723] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2306.624738] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2306.624768] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2306.624785] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2306.624801] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2306.624812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2306.624824] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2306.645397] tmpfs: Bad value for 'size'
05:02:49 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:49 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:02:49 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b31, 0x3)

05:02:49 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 8)

05:02:49 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 5)

05:02:49 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 10)

05:02:49 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000001)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:02:49 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x0)

[ 2321.982372] FAULT_INJECTION: forcing a failure.
[ 2321.982372] name failslab, interval 1, probability 0, space 0, times 0
[ 2321.984709] CPU: 1 PID: 11386 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2321.986138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2321.987823] Call Trace:
[ 2321.988350]  dump_stack+0x107/0x167
[ 2321.989115]  should_fail.cold+0x5/0xa
[ 2321.989904]  ? create_object.isra.0+0x3a/0xa20
[ 2321.990857]  should_failslab+0x5/0x20
[ 2321.991618]  kmem_cache_alloc+0x5b/0x310
[ 2321.992451]  create_object.isra.0+0x3a/0xa20
[ 2321.993339]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2321.994369]  kmem_cache_alloc_trace+0x151/0x320
[ 2321.995322]  copy_mount_options+0x55/0x180
[ 2321.996184]  __x64_sys_mount+0x1a8/0x300
[ 2321.996261]  ? copy_mnt_ns+0xa00/0xa00
[ 2321.996285]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2321.996302]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2321.996320]  do_syscall_64+0x33/0x40
[ 2321.996336]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2321.996347] RIP: 0033:0x7fbbb0762b19
05:02:49 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 9)

[ 2321.996362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2321.996370] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2321.996387] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2321.996397] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2321.996406] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
05:02:49 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 11)

[ 2321.996414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2321.996423] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2321.997330] FAULT_INJECTION: forcing a failure.
[ 2321.997330] name failslab, interval 1, probability 0, space 0, times 0
[ 2321.997356] CPU: 0 PID: 11387 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2321.997368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2321.997374] Call Trace:
[ 2321.997404]  dump_stack+0x107/0x167
[ 2321.997428]  should_fail.cold+0x5/0xa
[ 2321.997452]  ? jbd2__journal_start+0x190/0x7e0
[ 2321.997479]  should_failslab+0x5/0x20
[ 2321.997501]  kmem_cache_alloc+0x5b/0x310
[ 2321.997529]  jbd2__journal_start+0x190/0x7e0
05:02:49 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 10)

[ 2321.997562]  __ext4_journal_start_sb+0x214/0x390
[ 2321.997592]  __ext4_new_inode+0x2e0b/0x5370
[ 2321.997644]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2321.997678]  ? dquot_initialize_needed+0x290/0x290
[ 2321.997712]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2321.997750]  ext4_mkdir+0x32c/0xb10
[ 2321.997794]  ? ext4_rmdir+0xf70/0xf70
[ 2321.997830]  vfs_mkdir+0x493/0x750
[ 2321.997855]  do_mkdirat+0x150/0x2b0
[ 2321.997913]  ? user_path_create+0xf0/0xf0
[ 2321.997946]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:02:49 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 6)

[ 2321.997969]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2321.997994]  do_syscall_64+0x33/0x40
[ 2321.998016]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
05:02:49 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 12)

[ 2321.998030] RIP: 0033:0x7f8a770ffc27
[ 2321.998050] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
05:02:49 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 11)

[ 2321.998061] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2321.998084] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2321.998095] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2321.998107] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2321.998119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2321.998131] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2321.998340] EXT4-fs error (device sda) in __ext4_new_inode:1086: Out of memory
[ 2321.999504] FAULT_INJECTION: forcing a failure.
[ 2321.999504] name failslab, interval 1, probability 0, space 0, times 0
[ 2321.999526] CPU: 1 PID: 11384 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2321.999543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
05:02:49 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 13)

[ 2321.999556] Call Trace:
[ 2321.999580]  dump_stack+0x107/0x167
[ 2321.999601]  should_fail.cold+0x5/0xa
[ 2321.999639]  ? security_inode_alloc+0x34/0x160
[ 2321.999663]  should_failslab+0x5/0x20
[ 2321.999686]  kmem_cache_alloc+0x5b/0x310
[ 2321.999713]  security_inode_alloc+0x34/0x160
[ 2321.999742]  inode_init_always+0xa4e/0xd10
[ 2321.999773]  alloc_inode+0x84/0x240
05:02:49 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 12)

[ 2321.999795]  new_inode+0x23/0x250
[ 2321.999819]  __ext4_new_inode+0x32c/0x5370
[ 2321.999835]  ? avc_has_extended_perms+0xf40/0xf40
[ 2321.999876]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2321.999903]  ? dquot_initialize_needed+0x290/0x290
[ 2321.999921]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2321.999953]  ext4_mkdir+0x32c/0xb10
[ 2321.999981]  ? ext4_rmdir+0xf70/0xf70
[ 2322.000009]  vfs_mkdir+0x493/0x750
[ 2322.000030]  do_mkdirat+0x150/0x2b0
[ 2322.000050]  ? user_path_create+0xf0/0xf0
[ 2322.000072]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.000088]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.000108]  do_syscall_64+0x33/0x40
[ 2322.000125]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.000136] RIP: 0033:0x7fcabb3d4c27
[ 2322.000151] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.000160] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.000177] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2322.000187] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.000239] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.000254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.000267] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2322.104659] FAULT_INJECTION: forcing a failure.
[ 2322.104659] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.104684] CPU: 1 PID: 11397 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2322.104748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.104757] Call Trace:
[ 2322.104794]  dump_stack+0x107/0x167
[ 2322.104821]  should_fail.cold+0x5/0xa
[ 2322.104848]  ? create_object.isra.0+0x3a/0xa20
[ 2322.104876]  should_failslab+0x5/0x20
[ 2322.104898]  kmem_cache_alloc+0x5b/0x310
[ 2322.104931]  create_object.isra.0+0x3a/0xa20
[ 2322.104950]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.104983]  kmem_cache_alloc+0x159/0x310
[ 2322.105040]  security_inode_alloc+0x34/0x160
[ 2322.105066]  inode_init_always+0xa4e/0xd10
[ 2322.105096]  alloc_inode+0x84/0x240
[ 2322.105118]  new_inode+0x23/0x250
[ 2322.105148]  __ext4_new_inode+0x32c/0x5370
[ 2322.105170]  ? avc_has_extended_perms+0xf40/0xf40
[ 2322.105229]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.105268]  ? dquot_initialize_needed+0x290/0x290
[ 2322.105293]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.105337]  ext4_mkdir+0x32c/0xb10
[ 2322.105379]  ? ext4_rmdir+0xf70/0xf70
[ 2322.105419]  vfs_mkdir+0x493/0x750
[ 2322.105448]  do_mkdirat+0x150/0x2b0
[ 2322.105475]  ? user_path_create+0xf0/0xf0
[ 2322.105507]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.105531]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.105560]  do_syscall_64+0x33/0x40
[ 2322.105585]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.105599] RIP: 0033:0x7fcabb3d4c27
[ 2322.105620] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.105633] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.105658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2322.105671] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.105685] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.105698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.105711] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2322.109181] tmpfs: Bad value for 'size'
[ 2322.173632] FAULT_INJECTION: forcing a failure.
[ 2322.173632] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.173658] CPU: 0 PID: 11403 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2322.173666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.173670] Call Trace:
[ 2322.173691]  dump_stack+0x107/0x167
[ 2322.173762]  should_fail.cold+0x5/0xa
[ 2322.173783]  ? create_object.isra.0+0x3a/0xa20
[ 2322.173801]  should_failslab+0x5/0x20
[ 2322.173817]  kmem_cache_alloc+0x5b/0x310
[ 2322.173836]  create_object.isra.0+0x3a/0xa20
[ 2322.173849]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.173867]  kmem_cache_alloc+0x159/0x310
[ 2322.173887]  jbd2__journal_start+0x190/0x7e0
[ 2322.173910]  __ext4_journal_start_sb+0x214/0x390
[ 2322.173929]  __ext4_new_inode+0x2e0b/0x5370
[ 2322.173962]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.173984]  ? dquot_initialize_needed+0x290/0x290
[ 2322.174004]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.174034]  ext4_mkdir+0x32c/0xb10
[ 2322.174056]  ? ext4_rmdir+0xf70/0xf70
[ 2322.174079]  vfs_mkdir+0x493/0x750
[ 2322.174096]  do_mkdirat+0x150/0x2b0
[ 2322.174112]  ? user_path_create+0xf0/0xf0
[ 2322.174132]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.174148]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.174165]  do_syscall_64+0x33/0x40
[ 2322.174179]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.174189] RIP: 0033:0x7f8a770ffc27
[ 2322.174202] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.174210] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.174226] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2322.174233] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.174241] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.174249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.174257] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2322.183558] tmpfs: Bad value for 'size'
[ 2322.222294] FAULT_INJECTION: forcing a failure.
[ 2322.222294] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.222377] CPU: 0 PID: 11405 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2322.222386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.222391] Call Trace:
[ 2322.222416]  dump_stack+0x107/0x167
[ 2322.222435]  should_fail.cold+0x5/0xa
[ 2322.222454]  ? create_object.isra.0+0x3a/0xa20
[ 2322.222471]  should_failslab+0x5/0x20
[ 2322.222486]  kmem_cache_alloc+0x5b/0x310
[ 2322.222505]  create_object.isra.0+0x3a/0xa20
[ 2322.222517]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.222536]  kmem_cache_alloc+0x159/0x310
[ 2322.222561]  security_inode_alloc+0x34/0x160
[ 2322.222577]  inode_init_always+0xa4e/0xd10
[ 2322.222620]  alloc_inode+0x84/0x240
[ 2322.222634]  new_inode+0x23/0x250
[ 2322.222676]  __ext4_new_inode+0x32c/0x5370
[ 2322.222691]  ? avc_has_extended_perms+0xf40/0xf40
[ 2322.222724]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.222746]  ? dquot_initialize_needed+0x290/0x290
[ 2322.222761]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.222793]  ext4_mkdir+0x32c/0xb10
[ 2322.222816]  ? ext4_rmdir+0xf70/0xf70
[ 2322.222839]  vfs_mkdir+0x493/0x750
[ 2322.222856]  do_mkdirat+0x150/0x2b0
[ 2322.222873]  ? user_path_create+0xf0/0xf0
[ 2322.222894]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.222910]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.222926]  do_syscall_64+0x33/0x40
[ 2322.222941]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.222951] RIP: 0033:0x7fcabb3d4c27
[ 2322.222965] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.222972] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.222988] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2322.222996] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.223004] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.223012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.223020] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2322.224005] tmpfs: Bad value for 'size'
[ 2322.315658] FAULT_INJECTION: forcing a failure.
[ 2322.315658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2322.315677] CPU: 0 PID: 11407 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2322.315684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.315689] Call Trace:
[ 2322.315709]  dump_stack+0x107/0x167
[ 2322.315724]  should_fail.cold+0x5/0xa
[ 2322.315745]  _copy_from_user+0x2e/0x1b0
[ 2322.315764]  copy_mount_options+0x76/0x180
[ 2322.315787]  __x64_sys_mount+0x1a8/0x300
[ 2322.315799]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.315818]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.315834]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.315849]  do_syscall_64+0x33/0x40
[ 2322.315863]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.315874] RIP: 0033:0x7fbbb0762b19
[ 2322.315886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.315894] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.315909] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2322.315917] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2322.315925] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2322.315932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2322.315940] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2322.344546] FAULT_INJECTION: forcing a failure.
[ 2322.344546] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.344619] CPU: 0 PID: 11409 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2322.344627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.344631] Call Trace:
[ 2322.344650]  dump_stack+0x107/0x167
[ 2322.344666]  should_fail.cold+0x5/0xa
[ 2322.344683]  ? create_object.isra.0+0x3a/0xa20
[ 2322.344700]  should_failslab+0x5/0x20
[ 2322.344715]  kmem_cache_alloc+0x5b/0x310
[ 2322.344733]  create_object.isra.0+0x3a/0xa20
[ 2322.344745]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.344763]  kmem_cache_alloc+0x159/0x310
[ 2322.344789]  start_this_handle+0x674/0x1390
[ 2322.344839]  ? mark_held_locks+0x9e/0xe0
[ 2322.344853]  ? __jbd2_journal_unfile_buffer+0xb0/0xb0
[ 2322.344869]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.344887]  ? kmem_cache_alloc+0x2a6/0x310
[ 2322.344905]  jbd2__journal_start+0x390/0x7e0
[ 2322.344926]  __ext4_journal_start_sb+0x214/0x390
[ 2322.344946]  __ext4_new_inode+0x2e0b/0x5370
[ 2322.344981]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.345019]  ? dquot_initialize_needed+0x290/0x290
[ 2322.345034]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.345061]  ext4_mkdir+0x32c/0xb10
[ 2322.345085]  ? ext4_rmdir+0xf70/0xf70
[ 2322.345109]  vfs_mkdir+0x493/0x750
[ 2322.345125]  do_mkdirat+0x150/0x2b0
[ 2322.345141]  ? user_path_create+0xf0/0xf0
[ 2322.345159]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.345174]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.345189]  do_syscall_64+0x33/0x40
[ 2322.345203]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.345212] RIP: 0033:0x7f8a770ffc27
[ 2322.345225] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.345232] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.345247] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2322.345255] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.345262] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.345270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.345277] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2322.346389] tmpfs: Bad value for 'size'
[ 2322.409095] FAULT_INJECTION: forcing a failure.
[ 2322.409095] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.409118] CPU: 0 PID: 11411 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2322.409126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.409131] Call Trace:
[ 2322.409150]  dump_stack+0x107/0x167
[ 2322.409166]  should_fail.cold+0x5/0xa
[ 2322.409183]  ? create_object.isra.0+0x3a/0xa20
[ 2322.409261]  should_failslab+0x5/0x20
[ 2322.409278]  kmem_cache_alloc+0x5b/0x310
[ 2322.409297]  create_object.isra.0+0x3a/0xa20
[ 2322.409309]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.409327]  kmem_cache_alloc+0x159/0x310
[ 2322.409346]  jbd2__journal_start+0x190/0x7e0
[ 2322.409367]  __ext4_journal_start_sb+0x214/0x390
[ 2322.409386]  __ext4_new_inode+0x2e0b/0x5370
[ 2322.409420]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.409441]  ? dquot_initialize_needed+0x290/0x290
[ 2322.409457]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.409483]  ext4_mkdir+0x32c/0xb10
[ 2322.409505]  ? ext4_rmdir+0xf70/0xf70
[ 2322.409528]  vfs_mkdir+0x493/0x750
[ 2322.409545]  do_mkdirat+0x150/0x2b0
[ 2322.409560]  ? user_path_create+0xf0/0xf0
[ 2322.409580]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.409595]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.409612]  do_syscall_64+0x33/0x40
[ 2322.409626]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.409635] RIP: 0033:0x7fcabb3d4c27
[ 2322.409648] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.409656] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.409670] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2322.409678] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.409685] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.409693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.409701] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2322.423992] tmpfs: Bad value for 'size'
[ 2322.530326] FAULT_INJECTION: forcing a failure.
[ 2322.530326] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.530406] CPU: 1 PID: 11416 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2322.530413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.530417] Call Trace:
[ 2322.530437]  dump_stack+0x107/0x167
[ 2322.530451]  should_fail.cold+0x5/0xa
[ 2322.530468]  ? create_object.isra.0+0x3a/0xa20
[ 2322.530483]  should_failslab+0x5/0x20
[ 2322.530519]  kmem_cache_alloc+0x5b/0x310
[ 2322.530535]  ? sidtab_sid2str_get+0x65/0x720
[ 2322.530550]  create_object.isra.0+0x3a/0xa20
[ 2322.530561]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.530578]  __kmalloc_track_caller+0x177/0x370
[ 2322.530589]  ? sidtab_sid2str_get+0x17e/0x720
[ 2322.530609]  kmemdup+0x23/0x50
[ 2322.530622]  sidtab_sid2str_get+0x17e/0x720
[ 2322.530639]  sidtab_entry_to_string+0x33/0x110
[ 2322.530676]  security_sid_to_context_core+0x33c/0x5d0
[ 2322.530700]  selinux_inode_init_security+0x4ab/0x690
[ 2322.530716]  ? selinux_dentry_init_security+0x280/0x280
[ 2322.530727]  ? get_cached_acl_rcu+0x120/0x120
[ 2322.530744]  ? find_held_lock+0x2c/0x110
[ 2322.530766]  security_inode_init_security+0x151/0x360
[ 2322.530776]  ? ext4_init_acl+0x310/0x310
[ 2322.530791]  ? inode_free_by_rcu+0x20/0x20
[ 2322.530814]  ? chksum_update+0x4c/0xb0
[ 2322.530833]  __ext4_new_inode+0x386e/0x5370
[ 2322.530863]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.530882]  ? dquot_initialize_needed+0x290/0x290
[ 2322.530894]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.530917]  ext4_mkdir+0x32c/0xb10
[ 2322.530938]  ? ext4_rmdir+0xf70/0xf70
[ 2322.530959]  vfs_mkdir+0x493/0x750
[ 2322.530974]  do_mkdirat+0x150/0x2b0
[ 2322.530987]  ? user_path_create+0xf0/0xf0
[ 2322.531003]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.531018]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.531032]  do_syscall_64+0x33/0x40
[ 2322.531046]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.531054] RIP: 0033:0x7f8a770ffc27
[ 2322.531067] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.531073] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.531087] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2322.531093] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.531100] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.531107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.531114] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2322.532995] tmpfs: Bad value for 'size'
[ 2322.590193] FAULT_INJECTION: forcing a failure.
[ 2322.590193] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.590214] CPU: 1 PID: 11419 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2322.590223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.590229] Call Trace:
[ 2322.590252]  dump_stack+0x107/0x167
[ 2322.590272]  should_fail.cold+0x5/0xa
[ 2322.590310]  should_failslab+0x5/0x20
[ 2322.590328]  __kmalloc_track_caller+0x79/0x370
[ 2322.590347]  ? sidtab_sid2str_get+0x17e/0x720
[ 2322.590374]  kmemdup+0x23/0x50
[ 2322.590393]  sidtab_sid2str_get+0x17e/0x720
[ 2322.590417]  sidtab_entry_to_string+0x33/0x110
[ 2322.590442]  security_sid_to_context_core+0x33c/0x5d0
[ 2322.590468]  selinux_inode_init_security+0x4ab/0x690
[ 2322.590490]  ? selinux_dentry_init_security+0x280/0x280
[ 2322.590506]  ? get_cached_acl_rcu+0x120/0x120
[ 2322.590573]  ? find_held_lock+0x2c/0x110
[ 2322.590605]  security_inode_init_security+0x151/0x360
[ 2322.590619]  ? ext4_init_acl+0x310/0x310
[ 2322.590639]  ? inode_free_by_rcu+0x20/0x20
[ 2322.590674]  ? chksum_update+0x4c/0xb0
[ 2322.590701]  __ext4_new_inode+0x386e/0x5370
[ 2322.590746]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2322.590775]  ? dquot_initialize_needed+0x290/0x290
[ 2322.590792]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2322.590828]  ext4_mkdir+0x32c/0xb10
[ 2322.590859]  ? ext4_rmdir+0xf70/0xf70
[ 2322.590891]  vfs_mkdir+0x493/0x750
[ 2322.590913]  do_mkdirat+0x150/0x2b0
[ 2322.590934]  ? user_path_create+0xf0/0xf0
[ 2322.590956]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.590974]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.590994]  do_syscall_64+0x33/0x40
[ 2322.591012]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.591023] RIP: 0033:0x7fcabb3d4c27
[ 2322.591040] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.591049] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2322.591095] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2322.591105] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2322.591114] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2322.591124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2322.591134] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
05:03:05 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000002)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:03:05 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x0)

[ 2337.974464] FAULT_INJECTION: forcing a failure.
[ 2337.974464] name failslab, interval 1, probability 0, space 0, times 0
[ 2337.976044] CPU: 0 PID: 11423 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2337.976847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2337.977854] Call Trace:
[ 2337.977869]  dump_stack+0x107/0x167
[ 2337.977881]  should_fail.cold+0x5/0xa
[ 2337.977894]  ? create_object.isra.0+0x3a/0xa20
[ 2337.977906]  should_failslab+0x5/0x20
[ 2337.977916]  kmem_cache_alloc+0x5b/0x310
[ 2337.977927]  ? sidtab_sid2str_get+0x65/0x720
[ 2337.977940]  create_object.isra.0+0x3a/0xa20
[ 2337.977949]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2337.977963]  __kmalloc_track_caller+0x177/0x370
[ 2337.977973]  ? sidtab_sid2str_get+0x17e/0x720
[ 2337.977988]  kmemdup+0x23/0x50
05:03:05 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 13)

05:03:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b32, 0x3)

05:03:05 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 14)

05:03:05 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000002)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:03:05 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 7)

05:03:05 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000002)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2337.978000]  sidtab_sid2str_get+0x17e/0x720
[ 2337.978013]  sidtab_entry_to_string+0x33/0x110
[ 2337.978027]  security_sid_to_context_core+0x33c/0x5d0
[ 2337.978041]  selinux_inode_init_security+0x4ab/0x690
[ 2337.978054]  ? selinux_dentry_init_security+0x280/0x280
[ 2337.978107]  ? get_cached_acl_rcu+0x120/0x120
[ 2337.978121]  ? find_held_lock+0x2c/0x110
[ 2337.978139]  security_inode_init_security+0x151/0x360
[ 2337.978147]  ? ext4_init_acl+0x310/0x310
[ 2337.978159]  ? inode_free_by_rcu+0x20/0x20
[ 2337.978178]  ? chksum_update+0x4c/0xb0
[ 2337.978194]  __ext4_new_inode+0x386e/0x5370
[ 2337.978219]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2337.978235]  ? dquot_initialize_needed+0x290/0x290
[ 2337.978246]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2337.978265]  ext4_mkdir+0x32c/0xb10
[ 2337.978282]  ? ext4_rmdir+0xf70/0xf70
[ 2337.978299]  vfs_mkdir+0x493/0x750
[ 2337.978312]  do_mkdirat+0x150/0x2b0
[ 2337.978324]  ? user_path_create+0xf0/0xf0
[ 2337.978337]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2337.978348]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2337.978360]  do_syscall_64+0x33/0x40
[ 2337.978370]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2337.978377] RIP: 0033:0x7fcabb3d4c27
[ 2337.978387] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2337.978393] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2337.978404] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2337.978410] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2337.978415] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2337.978421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2337.978427] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2337.986449] tmpfs: Bad value for 'size'
[ 2338.043989] FAULT_INJECTION: forcing a failure.
[ 2338.043989] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.046827] CPU: 1 PID: 11436 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2338.048398] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.050236] Call Trace:
[ 2338.050802]  dump_stack+0x107/0x167
[ 2338.051580]  should_fail.cold+0x5/0xa
[ 2338.052386]  ? create_object.isra.0+0x3a/0xa20
[ 2338.053368]  should_failslab+0x5/0x20
[ 2338.054170]  kmem_cache_alloc+0x5b/0x310
[ 2338.055027]  ? sidtab_sid2str_get+0x65/0x720
[ 2338.055959]  create_object.isra.0+0x3a/0xa20
[ 2338.056881]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2338.057976]  __kmalloc_track_caller+0x177/0x370
[ 2338.058956]  ? sidtab_sid2str_get+0x17e/0x720
[ 2338.059908]  kmemdup+0x23/0x50
[ 2338.060588]  sidtab_sid2str_get+0x17e/0x720
[ 2338.061703]  sidtab_entry_to_string+0x33/0x110
[ 2338.062672]  security_sid_to_context_core+0x33c/0x5d0
[ 2338.064009]  selinux_inode_init_security+0x4ab/0x690
[ 2338.065157]  ? selinux_dentry_init_security+0x280/0x280
[ 2338.066528]  ? get_cached_acl_rcu+0x120/0x120
[ 2338.067486]  ? find_held_lock+0x2c/0x110
[ 2338.068539]  security_inode_init_security+0x151/0x360
[ 2338.069673]  ? ext4_init_acl+0x310/0x310
[ 2338.070722]  ? inode_free_by_rcu+0x20/0x20
[ 2338.071642]  ? chksum_update+0x4c/0xb0
[ 2338.072642]  __ext4_new_inode+0x386e/0x5370
[ 2338.073608]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2338.074845]  ? dquot_initialize_needed+0x290/0x290
[ 2338.075971]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2338.077388]  ext4_mkdir+0x32c/0xb10
[ 2338.078234]  ? ext4_rmdir+0xf70/0xf70
[ 2338.079228]  vfs_mkdir+0x493/0x750
[ 2338.079992]  do_mkdirat+0x150/0x2b0
[ 2338.080922]  ? user_path_create+0xf0/0xf0
[ 2338.081821]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.083154]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.084251]  do_syscall_64+0x33/0x40
[ 2338.085213]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.086286] RIP: 0033:0x7f8a770ffc27
[ 2338.087228] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2338.091926] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2338.093890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2338.095724] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2338.097559] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2338.099368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2338.101259] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:03:05 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x0)

05:03:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b33, 0x3)

[ 2338.106382] tmpfs: Bad value for 'size'
[ 2338.121678] FAULT_INJECTION: forcing a failure.
[ 2338.121678] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.124005] CPU: 1 PID: 11438 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2338.125458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.127183] Call Trace:
[ 2338.127734]  dump_stack+0x107/0x167
[ 2338.128623]  should_fail.cold+0x5/0xa
[ 2338.129657]  ? getname_flags.part.0+0x50/0x4f0
[ 2338.130702]  should_failslab+0x5/0x20
[ 2338.131506]  kmem_cache_alloc+0x5b/0x310
[ 2338.132445]  getname_flags.part.0+0x50/0x4f0
[ 2338.133591]  ? _copy_from_user+0xfb/0x1b0
[ 2338.134479]  user_path_at_empty+0xa1/0x100
[ 2338.135692]  __x64_sys_mount+0x1e9/0x300
[ 2338.136659]  ? copy_mnt_ns+0xa00/0xa00
[ 2338.137527]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.138698]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.139830]  do_syscall_64+0x33/0x40
[ 2338.140714]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.141936] RIP: 0033:0x7fbbb0762b19
[ 2338.142913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2338.147272] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2338.149020] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2338.150752] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2338.152293] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2338.153896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2338.155649] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:03:05 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 14)

[ 2338.192264] FAULT_INJECTION: forcing a failure.
[ 2338.192264] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.195190] CPU: 1 PID: 11445 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2338.196707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.198557] Call Trace:
[ 2338.199114]  dump_stack+0x107/0x167
[ 2338.199884]  should_fail.cold+0x5/0xa
[ 2338.200734]  ? create_object.isra.0+0x3a/0xa20
[ 2338.201713]  should_failslab+0x5/0x20
[ 2338.202512]  kmem_cache_alloc+0x5b/0x310
[ 2338.203378]  ? sidtab_sid2str_get+0x65/0x720
[ 2338.204305]  create_object.isra.0+0x3a/0xa20
[ 2338.205240]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2338.206316]  __kmalloc_track_caller+0x177/0x370
[ 2338.207302]  ? sidtab_sid2str_get+0x17e/0x720
[ 2338.208251]  kmemdup+0x23/0x50
[ 2338.208935]  sidtab_sid2str_get+0x17e/0x720
[ 2338.209853]  sidtab_entry_to_string+0x33/0x110
[ 2338.210835]  security_sid_to_context_core+0x33c/0x5d0
[ 2338.211922]  selinux_inode_init_security+0x4ab/0x690
[ 2338.213005]  ? selinux_dentry_init_security+0x280/0x280
[ 2338.214130]  ? get_cached_acl_rcu+0x120/0x120
[ 2338.215127]  ? find_held_lock+0x2c/0x110
[ 2338.216006]  security_inode_init_security+0x151/0x360
[ 2338.217097]  ? ext4_init_acl+0x310/0x310
[ 2338.217969]  ? inode_free_by_rcu+0x20/0x20
[ 2338.218891]  ? chksum_update+0x4c/0xb0
[ 2338.219734]  __ext4_new_inode+0x386e/0x5370
[ 2338.220682]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2338.221724]  ? dquot_initialize_needed+0x290/0x290
[ 2338.222764]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2338.223928]  ext4_mkdir+0x32c/0xb10
[ 2338.224708]  ? ext4_rmdir+0xf70/0xf70
[ 2338.225537]  vfs_mkdir+0x493/0x750
[ 2338.226301]  do_mkdirat+0x150/0x2b0
[ 2338.227081]  ? user_path_create+0xf0/0xf0
[ 2338.227966]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.229079]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.230194]  do_syscall_64+0x33/0x40
[ 2338.231016]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.232127] RIP: 0033:0x7fcabb3d4c27
[ 2338.232144] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2338.232153] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2338.232171] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2338.232180] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2338.232190] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2338.232200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2338.232209] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2338.247435] tmpfs: Bad value for 'size'
05:03:05 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 15)

05:03:05 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 8)

05:03:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b34, 0x3)

05:03:05 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3) (fail_nth: 1)

[ 2338.371638] FAULT_INJECTION: forcing a failure.
[ 2338.371638] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.374490] CPU: 0 PID: 11453 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2338.375965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.377726] Call Trace:
[ 2338.378287]  dump_stack+0x107/0x167
[ 2338.379058]  should_fail.cold+0x5/0xa
[ 2338.379868]  ? create_object.isra.0+0x3a/0xa20
[ 2338.380840]  should_failslab+0x5/0x20
[ 2338.381655]  kmem_cache_alloc+0x5b/0x310
[ 2338.382521]  create_object.isra.0+0x3a/0xa20
[ 2338.383462]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2338.384538]  __kmalloc+0x16e/0x390
[ 2338.385344]  ext4_find_extent+0xa77/0xd70
[ 2338.386235]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2338.387208]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2338.388316]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2338.389436]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2338.390548]  ? ext4_ext_release+0x10/0x10
[ 2338.391432]  ? lock_release+0x680/0x680
[ 2338.392285]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2338.393291]  ? lock_downgrade+0x6d0/0x6d0
[ 2338.394180]  ? down_read+0x10f/0x430
[ 2338.394963]  ? down_write+0x160/0x160
[ 2338.395764]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2338.396759]  ext4_map_blocks+0x8e1/0x1910
[ 2338.397720]  ? ext4_issue_zeroout+0x1c0/0x1c0
05:03:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b35, 0x3)

[ 2338.397767]  ? __brelse+0x84/0xa0
[ 2338.397785]  ? __ext4_new_inode+0x148/0x5370
[ 2338.397817]  ext4_append+0x1b8/0x4e0
[ 2338.397838]  ? ext4_move_extents+0x3050/0x3050
[ 2338.397858]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2338.397891]  ext4_init_new_dir+0x25e/0x4d0
[ 2338.397911]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2338.397944]  ext4_mkdir+0x3c1/0xb10
[ 2338.397970]  ? ext4_rmdir+0xf70/0xf70
[ 2338.398002]  vfs_mkdir+0x493/0x750
[ 2338.398091]  do_mkdirat+0x150/0x2b0
[ 2338.398113]  ? user_path_create+0xf0/0xf0
[ 2338.398135]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.398153]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.398173]  do_syscall_64+0x33/0x40
[ 2338.398190]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.398202] RIP: 0033:0x7f8a770ffc27
[ 2338.398219] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2338.398228] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2338.398247] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2338.398257] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2338.398267] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2338.398276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2338.398316] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2338.400463] tmpfs: Bad value for 'size'
[ 2338.441888] FAULT_INJECTION: forcing a failure.
[ 2338.441888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2338.441907] CPU: 0 PID: 11456 Comm: syz-executor.3 Not tainted 5.10.234 #1
[ 2338.441916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.441921] Call Trace:
[ 2338.441941]  dump_stack+0x107/0x167
[ 2338.441961]  should_fail.cold+0x5/0xa
[ 2338.441986]  _copy_to_user+0x2e/0x180
[ 2338.442010]  simple_read_from_buffer+0xcc/0x160
[ 2338.442036]  proc_fail_nth_read+0x198/0x230
[ 2338.442059]  ? proc_sessionid_read+0x230/0x230
[ 2338.442077]  ? security_file_permission+0xb1/0xe0
[ 2338.442102]  ? proc_sessionid_read+0x230/0x230
[ 2338.442121]  vfs_read+0x228/0x620
[ 2338.442146]  ksys_read+0x12d/0x260
[ 2338.442164]  ? vfs_write+0xb10/0xb10
[ 2338.442187]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.442205]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.442225]  do_syscall_64+0x33/0x40
[ 2338.442242]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.442254] RIP: 0033:0x7f67c1dcf69c
[ 2338.442269] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2338.442279] RSP: 002b:00007f67bf371170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2338.442297] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f67c1dcf69c
[ 2338.442307] RDX: 000000000000000f RSI: 00007f67bf3711e0 RDI: 0000000000000004
[ 2338.442317] RBP: 00007f67bf3711d0 R08: 0000000000000000 R09: 0000000000000000
[ 2338.442326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2338.442336] R13: 00007fffb6012e6f R14: 00007f67bf371300 R15: 0000000000022000
[ 2338.622619] FAULT_INJECTION: forcing a failure.
[ 2338.622619] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.625115] CPU: 1 PID: 11462 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2338.626580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2338.628316] Call Trace:
[ 2338.628872]  dump_stack+0x107/0x167
[ 2338.629698]  should_fail.cold+0x5/0xa
[ 2338.630510]  ? create_object.isra.0+0x3a/0xa20
[ 2338.631470]  should_failslab+0x5/0x20
[ 2338.632269]  kmem_cache_alloc+0x5b/0x310
[ 2338.633123]  create_object.isra.0+0x3a/0xa20
[ 2338.634050]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2338.635118]  kmem_cache_alloc+0x159/0x310
[ 2338.635992]  getname_flags.part.0+0x50/0x4f0
[ 2338.636920]  ? _copy_from_user+0xfb/0x1b0
[ 2338.637797]  user_path_at_empty+0xa1/0x100
[ 2338.638687]  __x64_sys_mount+0x1e9/0x300
[ 2338.639537]  ? copy_mnt_ns+0xa00/0xa00
[ 2338.640363]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2338.641471]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2338.642552]  do_syscall_64+0x33/0x40
[ 2338.643331]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2338.644402] RIP: 0033:0x7fbbb0762b19
[ 2338.645183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2338.649054] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2338.650655] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2338.652397] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2338.653904] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2338.655389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2338.656881] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:03:23 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b36, 0x3)

05:03:23 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 15)

05:03:23 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 16)

05:03:23 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000003)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2355.929672] FAULT_INJECTION: forcing a failure.
[ 2355.929672] name failslab, interval 1, probability 0, space 0, times 0
[ 2355.932285] CPU: 1 PID: 11473 Comm: syz-executor.6 Not tainted 5.10.234 #1
05:03:23 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 9)

[ 2355.933760] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
05:03:23 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000003)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2355.935735] Call Trace:
[ 2355.936427]  dump_stack+0x107/0x167
[ 2355.937269]  should_fail.cold+0x5/0xa
[ 2355.938088]  ? create_object.isra.0+0x3a/0xa20
[ 2355.939113]  should_failslab+0x5/0x20
05:03:23 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000003)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2355.939928]  kmem_cache_alloc+0x5b/0x310
[ 2355.940877]  create_object.isra.0+0x3a/0xa20
[ 2355.941846]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2355.942947]  __kmalloc+0x16e/0x390
[ 2355.943744]  ext4_find_extent+0xa77/0xd70
[ 2355.944674]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2355.945617]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2355.946724]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2355.947883]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2355.948797] FAULT_INJECTION: forcing a failure.
[ 2355.948797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2355.949009]  ? ext4_ext_release+0x10/0x10
[ 2355.949038]  ? lock_release+0x680/0x680
[ 2355.953175]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2355.954305]  ? lock_downgrade+0x6d0/0x6d0
[ 2355.955237]  ? down_read+0x10f/0x430
[ 2355.956105]  ? down_write+0x160/0x160
[ 2355.956950]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2355.957993]  ext4_map_blocks+0x8e1/0x1910
[ 2355.958903]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2355.959866]  ? __brelse+0x84/0xa0
[ 2355.960603]  ? __ext4_new_inode+0x148/0x5370
[ 2355.961600]  ext4_append+0x1b8/0x4e0
[ 2355.962408]  ? ext4_move_extents+0x3050/0x3050
[ 2355.963388]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2355.964436]  ext4_init_new_dir+0x25e/0x4d0
[ 2355.965377]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2355.966398]  ext4_mkdir+0x3c1/0xb10
[ 2355.967195]  ? ext4_rmdir+0xf70/0xf70
[ 2355.968033]  vfs_mkdir+0x493/0x750
[ 2355.968822]  do_mkdirat+0x150/0x2b0
[ 2355.969616]  ? user_path_create+0xf0/0xf0
[ 2355.970517]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2355.971650]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2355.972773]  do_syscall_64+0x33/0x40
[ 2355.973596]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2355.974701] RIP: 0033:0x7fcabb3d4c27
[ 2355.975506] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2355.979515] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2355.981172] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2355.982873] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2355.984765] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2355.986331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2355.987890] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2355.989477] CPU: 0 PID: 11475 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2355.990954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2355.992836] Call Trace:
[ 2355.993554]  dump_stack+0x107/0x167
[ 2355.994327]  should_fail.cold+0x5/0xa
[ 2355.995136]  strncpy_from_user+0x34/0x470
[ 2355.996012]  getname_flags.part.0+0x95/0x4f0
[ 2355.996933]  ? _copy_from_user+0xfb/0x1b0
[ 2355.997819]  user_path_at_empty+0xa1/0x100
[ 2355.998705]  __x64_sys_mount+0x1e9/0x300
[ 2355.999555]  ? copy_mnt_ns+0xa00/0xa00
[ 2356.000378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.001495]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.002581]  do_syscall_64+0x33/0x40
[ 2356.003362]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.004435] RIP: 0033:0x7fbbb0762b19
[ 2356.005220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.007637] FAULT_INJECTION: forcing a failure.
[ 2356.007637] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.009170] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2356.009192] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2356.009211] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2356.009222] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2356.009231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2356.009241] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2356.020761] CPU: 1 PID: 11480 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2356.022296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.024091] Call Trace:
[ 2356.024656]  dump_stack+0x107/0x167
[ 2356.025477]  should_fail.cold+0x5/0xa
[ 2356.026317]  ? __es_insert_extent+0xed1/0x1370
[ 2356.027320]  should_failslab+0x5/0x20
[ 2356.028221]  kmem_cache_alloc+0x5b/0x310
[ 2356.028247]  __es_insert_extent+0xed1/0x1370
[ 2356.028267]  ? do_raw_read_unlock+0x70/0x70
[ 2356.028329]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.028360]  ext4_es_insert_extent+0x45d/0xf10
05:03:23 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2356.028389]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2356.028407]  ? ext4_es_find_extent_range+0x1cb/0x460
[ 2356.028424]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.028446]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2356.028461]  ? __es_find_extent_range+0x197/0x4b0
[ 2356.028482]  ? do_raw_read_unlock+0x3b/0x70
[ 2356.028507]  ext4_ext_map_blocks+0x1863/0x5830
[ 2356.028540]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.028562]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.028581]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.028603]  ? ext4_ext_release+0x10/0x10
[ 2356.028630]  ? lock_release+0x680/0x680
[ 2356.028650]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.028668]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.028695]  ? down_read+0x10f/0x430
[ 2356.028710]  ? down_write+0x160/0x160
[ 2356.028733]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.028776]  ext4_map_blocks+0x8e1/0x1910
[ 2356.028821]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.028838]  ? __brelse+0x84/0xa0
[ 2356.028856]  ? __ext4_new_inode+0x148/0x5370
[ 2356.028886]  ext4_append+0x1b8/0x4e0
[ 2356.028907]  ? ext4_move_extents+0x3050/0x3050
[ 2356.028927]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.028956]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.028980]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.047743] tmpfs: Bad value for 'size'
[ 2356.047969]  ext4_mkdir+0x3c1/0xb10
[ 2356.047998]  ? ext4_rmdir+0xf70/0xf70
[ 2356.061037]  vfs_mkdir+0x493/0x750
[ 2356.061061]  do_mkdirat+0x150/0x2b0
[ 2356.061082]  ? user_path_create+0xf0/0xf0
[ 2356.061104]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.061121]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.061142]  do_syscall_64+0x33/0x40
[ 2356.061159]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.061170] RIP: 0033:0x7f8a770ffc27
[ 2356.061186] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
05:03:23 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 10)

[ 2356.061195] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.061213] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2356.061223] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.061232] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.061244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.061254] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2356.091079] tmpfs: Bad value for 'size'
[ 2356.161518] FAULT_INJECTION: forcing a failure.
[ 2356.161518] name failslab, interval 1, probability 0, space 0, times 0
05:03:23 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 17)

05:03:23 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 16)

[ 2356.161540] CPU: 1 PID: 11491 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2356.161549] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.161554] Call Trace:
[ 2356.161575]  dump_stack+0x107/0x167
[ 2356.161596]  should_fail.cold+0x5/0xa
[ 2356.161614]  ? alloc_fs_context+0x57/0x840
[ 2356.161635]  should_failslab+0x5/0x20
[ 2356.161655]  kmem_cache_alloc_trace+0x55/0x320
[ 2356.161683]  alloc_fs_context+0x57/0x840
[ 2356.161715]  path_mount+0xaa3/0x2120
05:03:23 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 11)

[ 2356.161760]  ? strncpy_from_user+0x9e/0x470
[ 2356.161796]  ? finish_automount+0xa90/0xa90
[ 2356.161819]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2356.161841]  ? _copy_from_user+0xfb/0x1b0
[ 2356.161874]  __x64_sys_mount+0x282/0x300
[ 2356.161894]  ? copy_mnt_ns+0xa00/0xa00
[ 2356.161922]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.161946]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.161975]  do_syscall_64+0x33/0x40
[ 2356.161999]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.162011] RIP: 0033:0x7fbbb0762b19
[ 2356.162036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
05:03:23 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 18)

[ 2356.162050] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2356.162073] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2356.162085] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2356.162096] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2356.162109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2356.162177] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2356.243609] FAULT_INJECTION: forcing a failure.
[ 2356.243609] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.243704] CPU: 1 PID: 11496 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2356.243715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.243721] Call Trace:
05:03:23 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 17)

[ 2356.243746]  dump_stack+0x107/0x167
[ 2356.243774]  should_fail.cold+0x5/0xa
[ 2356.243796]  ? __es_insert_extent+0xed1/0x1370
[ 2356.243820]  should_failslab+0x5/0x20
[ 2356.243839]  kmem_cache_alloc+0x5b/0x310
[ 2356.243864]  __es_insert_extent+0xed1/0x1370
[ 2356.243887]  ? do_raw_read_unlock+0x70/0x70
[ 2356.243907]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.243937]  ext4_es_insert_extent+0x45d/0xf10
[ 2356.243966]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2356.243985]  ? ext4_es_find_extent_range+0x1cb/0x460
[ 2356.244004]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.244026]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2356.244043]  ? __es_find_extent_range+0x197/0x4b0
[ 2356.244064]  ? do_raw_read_unlock+0x3b/0x70
[ 2356.244090]  ext4_ext_map_blocks+0x1863/0x5830
[ 2356.244123]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.244146]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.244168]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.244195]  ? ext4_ext_release+0x10/0x10
[ 2356.244222]  ? lock_release+0x680/0x680
[ 2356.244244]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.244263]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.244293]  ? down_read+0x10f/0x430
05:03:24 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 19)

[ 2356.244309]  ? down_write+0x160/0x160
05:03:24 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 18)

[ 2356.244327]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.244357]  ext4_map_blocks+0x8e1/0x1910
[ 2356.244419]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.244440]  ? __brelse+0x84/0xa0
[ 2356.244459]  ? __ext4_new_inode+0x148/0x5370
[ 2356.244489]  ext4_append+0x1b8/0x4e0
[ 2356.244512]  ? ext4_move_extents+0x3050/0x3050
[ 2356.244538]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.244570]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.244592]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.244624]  ext4_mkdir+0x3c1/0xb10
[ 2356.244650]  ? ext4_rmdir+0xf70/0xf70
[ 2356.244681]  vfs_mkdir+0x493/0x750
[ 2356.244703]  do_mkdirat+0x150/0x2b0
[ 2356.244724]  ? user_path_create+0xf0/0xf0
[ 2356.244748]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.244767]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.244789]  do_syscall_64+0x33/0x40
[ 2356.244808]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.244846] RIP: 0033:0x7fcabb3d4c27
[ 2356.244864] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.244874] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.244894] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2356.244904] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.244914] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.244924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.244935] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2356.253451] tmpfs: Bad value for 'size'
[ 2356.304331] FAULT_INJECTION: forcing a failure.
[ 2356.304331] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.304352] CPU: 0 PID: 11498 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2356.304362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.304367] Call Trace:
[ 2356.304390]  dump_stack+0x107/0x167
[ 2356.304410]  should_fail.cold+0x5/0xa
[ 2356.304430]  ? __es_insert_extent+0xed1/0x1370
[ 2356.304451]  should_failslab+0x5/0x20
[ 2356.304470]  kmem_cache_alloc+0x5b/0x310
[ 2356.304493]  __es_insert_extent+0xed1/0x1370
[ 2356.304514]  ? do_raw_read_unlock+0x70/0x70
[ 2356.304532]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.304562]  ext4_es_insert_extent+0x45d/0xf10
[ 2356.304589]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2356.304607]  ? ext4_es_find_extent_range+0x1cb/0x460
[ 2356.304624]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.304646]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2356.304661]  ? __es_find_extent_range+0x197/0x4b0
[ 2356.304681]  ? do_raw_read_unlock+0x3b/0x70
[ 2356.304704]  ext4_ext_map_blocks+0x1863/0x5830
[ 2356.304734]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.304828]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.304850]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.304870]  ? ext4_ext_release+0x10/0x10
[ 2356.304895]  ? lock_release+0x680/0x680
[ 2356.304915]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.304931]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.304959]  ? down_read+0x10f/0x430
[ 2356.304974]  ? down_write+0x160/0x160
[ 2356.304989]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.305017]  ext4_map_blocks+0x8e1/0x1910
[ 2356.305045]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.305062]  ? __brelse+0x84/0xa0
[ 2356.305080]  ? __ext4_new_inode+0x148/0x5370
[ 2356.305107]  ext4_append+0x1b8/0x4e0
[ 2356.305127]  ? ext4_move_extents+0x3050/0x3050
[ 2356.305146]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.305200]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.305221]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.305249]  ext4_mkdir+0x3c1/0xb10
[ 2356.305272]  ? ext4_rmdir+0xf70/0xf70
[ 2356.305315]  vfs_mkdir+0x493/0x750
[ 2356.305335]  do_mkdirat+0x150/0x2b0
[ 2356.305354]  ? user_path_create+0xf0/0xf0
[ 2356.305375]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.305392]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.305412]  do_syscall_64+0x33/0x40
[ 2356.305429]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.305440] RIP: 0033:0x7f8a770ffc27
[ 2356.305455] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.305464] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.305481] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2356.305491] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.305500] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.305509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.305518] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2356.313264] tmpfs: Bad value for 'size'
[ 2356.422292] FAULT_INJECTION: forcing a failure.
[ 2356.422292] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.422312] CPU: 1 PID: 11501 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2356.422322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.422327] Call Trace:
[ 2356.422350]  dump_stack+0x107/0x167
[ 2356.422369]  should_fail.cold+0x5/0xa
[ 2356.422390]  ? create_object.isra.0+0x3a/0xa20
[ 2356.422410]  should_failslab+0x5/0x20
[ 2356.422429]  kmem_cache_alloc+0x5b/0x310
[ 2356.422453]  create_object.isra.0+0x3a/0xa20
[ 2356.422472]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2356.422502]  kmem_cache_alloc_trace+0x151/0x320
[ 2356.422531]  alloc_fs_context+0x57/0x840
[ 2356.422560]  path_mount+0xaa3/0x2120
[ 2356.422588]  ? strncpy_from_user+0x9e/0x470
[ 2356.422609]  ? finish_automount+0xa90/0xa90
[ 2356.422629]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2356.422650]  ? _copy_from_user+0xfb/0x1b0
[ 2356.422681]  __x64_sys_mount+0x282/0x300
[ 2356.422701]  ? copy_mnt_ns+0xa00/0xa00
[ 2356.422730]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.422754]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.422785]  do_syscall_64+0x33/0x40
[ 2356.422807]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.422819] RIP: 0033:0x7fbbb0762b19
[ 2356.422841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.422852] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2356.422945] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2356.422958] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2356.422967] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2356.422977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2356.422987] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2356.441057] FAULT_INJECTION: forcing a failure.
[ 2356.441057] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.441188] CPU: 1 PID: 11504 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2356.441197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.441202] Call Trace:
[ 2356.441221]  dump_stack+0x107/0x167
[ 2356.441242]  should_fail.cold+0x5/0xa
[ 2356.441291]  ? ext4_find_extent+0xa77/0xd70
[ 2356.441323]  should_failslab+0x5/0x20
[ 2356.441339]  __kmalloc+0x72/0x390
[ 2356.441369]  ext4_find_extent+0xa77/0xd70
[ 2356.441399]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2356.441434]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.441454]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.441481]  ? ext4_ext_release+0x10/0x10
[ 2356.441503]  ? ext4_map_blocks+0x5cd/0x1910
[ 2356.441525]  ? lock_release+0x680/0x680
[ 2356.441545]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.441563]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.441580]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.441609]  ? down_write+0xe0/0x160
[ 2356.441625]  ? down_write_killable+0x180/0x180
[ 2356.441657]  ext4_map_blocks+0x63f/0x1910
[ 2356.441682]  ? _down_write_nest_lock+0x160/0x160
[ 2356.441701]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.441719]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.441756]  ext4_getblk+0x144/0x680
[ 2356.441778]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2356.441795]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.441812]  ? __brelse+0x84/0xa0
[ 2356.441831]  ? __ext4_new_inode+0x148/0x5370
[ 2356.441856]  ext4_bread+0x29/0x1f0
[ 2356.441875]  ext4_append+0x228/0x4e0
[ 2356.441897]  ? ext4_move_extents+0x3050/0x3050
[ 2356.441917]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.441947]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.441969]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.441999]  ext4_mkdir+0x3c1/0xb10
[ 2356.442025]  ? ext4_rmdir+0xf70/0xf70
[ 2356.442055]  vfs_mkdir+0x493/0x750
[ 2356.442077]  do_mkdirat+0x150/0x2b0
[ 2356.442097]  ? user_path_create+0xf0/0xf0
[ 2356.442149]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.442168]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.442189]  do_syscall_64+0x33/0x40
[ 2356.442207]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.442218] RIP: 0033:0x7f8a770ffc27
[ 2356.442234] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.442244] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.442264] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2356.442274] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.442284] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.442295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.442305] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2356.466092] FAULT_INJECTION: forcing a failure.
[ 2356.466092] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.466111] CPU: 1 PID: 11505 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2356.466120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.466169] Call Trace:
[ 2356.466189]  dump_stack+0x107/0x167
[ 2356.466210]  should_fail.cold+0x5/0xa
[ 2356.466230]  ? create_object.isra.0+0x3a/0xa20
[ 2356.466251]  should_failslab+0x5/0x20
[ 2356.466268]  kmem_cache_alloc+0x5b/0x310
[ 2356.466293]  create_object.isra.0+0x3a/0xa20
[ 2356.466308]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2356.466333]  kmem_cache_alloc+0x159/0x310
[ 2356.466358]  __es_insert_extent+0xed1/0x1370
[ 2356.466378]  ? do_raw_read_unlock+0x70/0x70
[ 2356.466397]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.466433]  ext4_es_insert_extent+0x45d/0xf10
[ 2356.466462]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2356.466481]  ? ext4_es_find_extent_range+0x1cb/0x460
[ 2356.466500]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.466522]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2356.466538]  ? __es_find_extent_range+0x197/0x4b0
[ 2356.466559]  ? do_raw_read_unlock+0x3b/0x70
[ 2356.466585]  ext4_ext_map_blocks+0x1863/0x5830
[ 2356.466618]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.466641]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.466661]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.466683]  ? ext4_ext_release+0x10/0x10
[ 2356.466710]  ? lock_release+0x680/0x680
[ 2356.466732]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.466750]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.466779]  ? down_read+0x10f/0x430
[ 2356.466795]  ? down_write+0x160/0x160
[ 2356.466813]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.466843]  ext4_map_blocks+0x8e1/0x1910
[ 2356.466874]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.466919]  ? __brelse+0x84/0xa0
[ 2356.466964]  ? __ext4_new_inode+0x148/0x5370
[ 2356.466995]  ext4_append+0x1b8/0x4e0
[ 2356.467017]  ? ext4_move_extents+0x3050/0x3050
[ 2356.467037]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.467069]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.467090]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.467122]  ext4_mkdir+0x3c1/0xb10
[ 2356.467148]  ? ext4_rmdir+0xf70/0xf70
[ 2356.467178]  vfs_mkdir+0x493/0x750
[ 2356.467200]  do_mkdirat+0x150/0x2b0
[ 2356.467221]  ? user_path_create+0xf0/0xf0
[ 2356.467244]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.467262]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.467284]  do_syscall_64+0x33/0x40
[ 2356.467302]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.467313] RIP: 0033:0x7fcabb3d4c27
[ 2356.467330] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.467340] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.467359] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2356.467369] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.467379] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.467389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.467399] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2356.485098] tmpfs: Bad value for 'size'
[ 2356.649498] FAULT_INJECTION: forcing a failure.
[ 2356.649498] name failslab, interval 1, probability 0, space 0, times 0
[ 2356.649519] CPU: 1 PID: 11509 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2356.649528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2356.649533] Call Trace:
[ 2356.649556]  dump_stack+0x107/0x167
[ 2356.649577]  should_fail.cold+0x5/0xa
[ 2356.649597]  ? create_object.isra.0+0x3a/0xa20
[ 2356.649619]  should_failslab+0x5/0x20
[ 2356.649637]  kmem_cache_alloc+0x5b/0x310
[ 2356.649669]  create_object.isra.0+0x3a/0xa20
[ 2356.649684]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2356.649707]  __kmalloc+0x16e/0x390
[ 2356.649732]  ext4_find_extent+0xa77/0xd70
[ 2356.649761]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2356.649797]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.649817]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2356.649843]  ? ext4_ext_release+0x10/0x10
[ 2356.649865]  ? ext4_map_blocks+0x5cd/0x1910
[ 2356.649888]  ? lock_release+0x680/0x680
[ 2356.649907]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2356.649925]  ? lock_downgrade+0x6d0/0x6d0
[ 2356.650003]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2356.650034]  ? down_write+0xe0/0x160
[ 2356.650050]  ? down_write_killable+0x180/0x180
[ 2356.650081]  ext4_map_blocks+0x63f/0x1910
[ 2356.650107]  ? _down_write_nest_lock+0x160/0x160
[ 2356.650126]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.650144]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2356.650180]  ext4_getblk+0x144/0x680
[ 2356.650202]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2356.650219]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2356.650237]  ? __brelse+0x84/0xa0
[ 2356.650255]  ? __ext4_new_inode+0x148/0x5370
[ 2356.650281]  ext4_bread+0x29/0x1f0
[ 2356.650299]  ext4_append+0x228/0x4e0
[ 2356.650321]  ? ext4_move_extents+0x3050/0x3050
[ 2356.650341]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2356.650372]  ext4_init_new_dir+0x25e/0x4d0
[ 2356.650393]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2356.650424]  ext4_mkdir+0x3c1/0xb10
[ 2356.650449]  ? ext4_rmdir+0xf70/0xf70
[ 2356.650479]  vfs_mkdir+0x493/0x750
[ 2356.650500]  do_mkdirat+0x150/0x2b0
[ 2356.650520]  ? user_path_create+0xf0/0xf0
[ 2356.650543]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2356.650561]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2356.650583]  do_syscall_64+0x33/0x40
[ 2356.650600]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2356.650612] RIP: 0033:0x7f8a770ffc27
[ 2356.650629] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2356.650638] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2356.650658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2356.650668] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2356.650678] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2356.650717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2356.650728] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2356.666076] tmpfs: Bad value for 'size'
[ 2356.700336] FAULT_INJECTION: forcing a failure.
[ 2356.700336] name failslab, interval 1, probability 0, space 0, times 0
[ 2357.028375] CPU: 1 PID: 11511 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2357.028388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2357.028410] Call Trace:
[ 2357.032688]  dump_stack+0x107/0x167
[ 2357.033646]  should_fail.cold+0x5/0xa
[ 2357.034491]  ? ext4_find_extent+0xa77/0xd70
[ 2357.035440]  should_failslab+0x5/0x20
[ 2357.036305]  __kmalloc+0x72/0x390
[ 2357.037085]  ext4_find_extent+0xa77/0xd70
[ 2357.038157]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2357.039268]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2357.040441]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2357.041661]  ? ext4_ext_release+0x10/0x10
[ 2357.042553]  ? ext4_map_blocks+0x5cd/0x1910
[ 2357.043531]  ? lock_release+0x680/0x680
[ 2357.044392]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2357.044431]  ? lock_downgrade+0x6d0/0x6d0
[ 2357.044472]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2357.048087]  ? down_write+0xe0/0x160
[ 2357.049112]  ? down_write_killable+0x180/0x180
[ 2357.050368]  ext4_map_blocks+0x63f/0x1910
[ 2357.051508]  ? _down_write_nest_lock+0x160/0x160
[ 2357.052736]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2357.053902]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2357.055284]  ext4_getblk+0x144/0x680
[ 2357.056260]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2357.057552]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2357.058731]  ? __brelse+0x84/0xa0
[ 2357.059645]  ? __ext4_new_inode+0x148/0x5370
[ 2357.060793]  ext4_bread+0x29/0x1f0
[ 2357.061692]  ext4_append+0x228/0x4e0
[ 2357.062592]  ? ext4_move_extents+0x3050/0x3050
[ 2357.063779]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2357.065021]  ext4_init_new_dir+0x25e/0x4d0
[ 2357.066097]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2357.067278]  ext4_mkdir+0x3c1/0xb10
[ 2357.068173]  ? ext4_rmdir+0xf70/0xf70
[ 2357.069159]  vfs_mkdir+0x493/0x750
[ 2357.070066]  do_mkdirat+0x150/0x2b0
[ 2357.070983]  ? user_path_create+0xf0/0xf0
[ 2357.072041]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2357.073353]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2357.074683]  do_syscall_64+0x33/0x40
[ 2357.075621]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2357.076752] RIP: 0033:0x7fcabb3d4c27
[ 2357.077677] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2357.082175] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2357.084041] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2357.085815] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2357.087563] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2357.089322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2357.091073] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
05:03:42 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b37, 0x3)

05:03:42 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000004)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:03:42 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000004)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:03:42 executing program 3:
set_robust_list(&(0x7f00000000c0)={&(0x7f0000000000), 0x1, &(0x7f0000000240)={&(0x7f0000000080)}}, 0x18)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x2)
set_robust_list(&(0x7f0000000200)={&(0x7f0000000140)={&(0x7f0000000100)}, 0x3, &(0x7f00000001c0)={&(0x7f0000000180)}}, 0x18)

05:03:42 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000004)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:03:42 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 19)

05:03:42 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 12)

05:03:42 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 20)

[ 2374.690306] FAULT_INJECTION: forcing a failure.
[ 2374.690306] name failslab, interval 1, probability 0, space 0, times 0
[ 2374.690347] FAULT_INJECTION: forcing a failure.
[ 2374.690347] name failslab, interval 1, probability 0, space 0, times 0
[ 2374.693112] CPU: 0 PID: 11527 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2374.693193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2374.693214] Call Trace:
[ 2374.700040]  dump_stack+0x107/0x167
[ 2374.700974]  should_fail.cold+0x5/0xa
[ 2374.701939]  ? create_object.isra.0+0x3a/0xa20
[ 2374.703085]  should_failslab+0x5/0x20
[ 2374.704042]  kmem_cache_alloc+0x5b/0x310
[ 2374.705070]  create_object.isra.0+0x3a/0xa20
[ 2374.706175]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2374.707263]  __kmalloc+0x16e/0x390
[ 2374.708010]  ext4_find_extent+0xa77/0xd70
[ 2374.708880]  ext4_ext_map_blocks+0x1c8/0x5830
[ 2374.709839]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2374.710929]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2374.712016]  ? ext4_ext_release+0x10/0x10
[ 2374.712883]  ? ext4_map_blocks+0x5cd/0x1910
[ 2374.713786]  ? lock_release+0x680/0x680
[ 2374.714613]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2374.715588]  ? lock_downgrade+0x6d0/0x6d0
[ 2374.716476]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2374.717588]  ? down_write+0xe0/0x160
[ 2374.718354]  ? down_write_killable+0x180/0x180
[ 2374.719295]  ext4_map_blocks+0x63f/0x1910
[ 2374.720160]  ? _down_write_nest_lock+0x160/0x160
[ 2374.721141]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2374.722079]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2374.723054]  ext4_getblk+0x144/0x680
[ 2374.723836]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2374.724862]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2374.725794]  ? __brelse+0x84/0xa0
[ 2374.726511]  ? __ext4_new_inode+0x148/0x5370
[ 2374.727425]  ext4_bread+0x29/0x1f0
[ 2374.728146]  ext4_append+0x228/0x4e0
[ 2374.728917]  ? ext4_move_extents+0x3050/0x3050
[ 2374.729876]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2374.730875]  ext4_init_new_dir+0x25e/0x4d0
[ 2374.731745]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2374.732714]  ext4_mkdir+0x3c1/0xb10
[ 2374.733475]  ? ext4_rmdir+0xf70/0xf70
[ 2374.734268]  vfs_mkdir+0x493/0x750
[ 2374.734991]  do_mkdirat+0x150/0x2b0
[ 2374.735741]  ? user_path_create+0xf0/0xf0
[ 2374.736585]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2374.737666]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2374.738715]  do_syscall_64+0x33/0x40
[ 2374.739484]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2374.740535] RIP: 0033:0x7fcabb3d4c27
[ 2374.741306] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2374.745119] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2374.746699] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2374.748164] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2374.749649] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2374.751104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2374.752568] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2374.754070] CPU: 1 PID: 11528 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2374.755525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2374.757237] Call Trace:
[ 2374.757797]  dump_stack+0x107/0x167
[ 2374.758552]  should_fail.cold+0x5/0xa
[ 2374.759388]  ? ext4_mb_new_blocks+0x698/0x45c0
[ 2374.760553]  should_failslab+0x5/0x20
[ 2374.761335]  kmem_cache_alloc+0x5b/0x310
[ 2374.762265]  ext4_mb_new_blocks+0x698/0x45c0
[ 2374.763190]  ? trace_hardirqs_on+0x5b/0x180
[ 2374.764079]  ? kasan_unpoison_shadow+0x33/0x50
[ 2374.765017]  ? ext4_cache_extents+0x68/0x2d0
[ 2374.765924]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2374.766991]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2374.768087]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2374.769060]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2374.770120]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2374.771078]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2374.771344] FAULT_INJECTION: forcing a failure.
[ 2374.771344] name failslab, interval 1, probability 0, space 0, times 0
[ 2374.772157]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2374.772184]  ? ext4_ext_release+0x10/0x10
[ 2374.772212]  ? ext4_map_blocks+0x5cd/0x1910
[ 2374.777250]  ? lock_release+0x680/0x680
[ 2374.778084]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2374.779059]  ? lock_downgrade+0x6d0/0x6d0
[ 2374.779911]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2374.781002]  ? down_write_killable+0x180/0x180
[ 2374.781970]  ext4_map_blocks+0x63f/0x1910
[ 2374.782835]  ? _down_write_nest_lock+0x160/0x160
[ 2374.783823]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2374.784745]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2374.785740]  ext4_getblk+0x144/0x680
[ 2374.786516]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2374.787550]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2374.788478]  ? __brelse+0x84/0xa0
[ 2374.789203]  ? __ext4_new_inode+0x148/0x5370
[ 2374.790140]  ext4_bread+0x29/0x1f0
[ 2374.790883]  ext4_append+0x228/0x4e0
[ 2374.791663]  ? ext4_move_extents+0x3050/0x3050
[ 2374.792611]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2374.793631]  ext4_init_new_dir+0x25e/0x4d0
[ 2374.794628]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2374.795857]  ext4_mkdir+0x3c1/0xb10
[ 2374.796803]  ? ext4_rmdir+0xf70/0xf70
[ 2374.797793]  vfs_mkdir+0x493/0x750
[ 2374.798679]  do_mkdirat+0x150/0x2b0
[ 2374.799592]  ? user_path_create+0xf0/0xf0
[ 2374.800652]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2374.801791]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2374.802901]  do_syscall_64+0x33/0x40
[ 2374.803753]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2374.804850] RIP: 0033:0x7f8a770ffc27
[ 2374.805659] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2374.809738] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2374.811370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2374.812902] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2374.814441] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2374.815923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2374.817392] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2374.819466] CPU: 0 PID: 11530 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2374.820890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2374.822574] Call Trace:
[ 2374.823114]  dump_stack+0x107/0x167
[ 2374.823854]  should_fail.cold+0x5/0xa
[ 2374.824624]  ? legacy_init_fs_context+0x44/0xe0
[ 2374.825579]  should_failslab+0x5/0x20
[ 2374.826352]  kmem_cache_alloc_trace+0x55/0x320
[ 2374.827269]  ? lockdep_init_map_type+0x2c7/0x780
[ 2374.828238]  legacy_init_fs_context+0x44/0xe0
[ 2374.829170]  ? generic_parse_monolithic+0x1f0/0x1f0
[ 2374.830184]  alloc_fs_context+0x4fd/0x840
[ 2374.831046]  path_mount+0xaa3/0x2120
[ 2374.831806]  ? strncpy_from_user+0x9e/0x470
[ 2374.832697]  ? finish_automount+0xa90/0xa90
[ 2374.833574]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2374.834352] tmpfs: Bad value for 'size'
[ 2374.834536]  ? _copy_from_user+0xfb/0x1b0
[ 2374.836206]  __x64_sys_mount+0x282/0x300
[ 2374.837026]  ? copy_mnt_ns+0xa00/0xa00
[ 2374.838081]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2374.839225]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2374.840287]  do_syscall_64+0x33/0x40
[ 2374.841057]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2374.842125] RIP: 0033:0x7fbbb0762b19
[ 2374.842890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2374.846689] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2374.846708] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2374.846767] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2374.846777] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2374.846786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2374.846796] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:03:59 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b3a, 0x3)

05:03:59 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000005)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:03:59 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000005)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:03:59 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 13)

05:03:59 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 20)

05:03:59 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 21)

05:03:59 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:03:59 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000005)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2391.973633] FAULT_INJECTION: forcing a failure.
[ 2391.973633] name failslab, interval 1, probability 0, space 0, times 0
[ 2391.976717] CPU: 1 PID: 11553 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2391.978515] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2391.978522] Call Trace:
[ 2391.978549]  dump_stack+0x107/0x167
05:03:59 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b3b, 0x3)

[ 2391.978573]  should_fail.cold+0x5/0xa
[ 2391.978600] FAULT_INJECTION: forcing a failure.
[ 2391.978600] name failslab, interval 1, probability 0, space 0, times 0
[ 2391.978620]  ? create_object.isra.0+0x3a/0xa20
[ 2391.978646]  should_failslab+0x5/0x20
[ 2391.978667]  kmem_cache_alloc+0x5b/0x310
[ 2391.978703]  create_object.isra.0+0x3a/0xa20
[ 2391.978727]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2391.978762]  kmem_cache_alloc+0x159/0x310
[ 2391.978792]  ext4_mb_new_blocks+0x698/0x45c0
05:03:59 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 22)

[ 2391.978839]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2391.978861]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2391.978878]  ? trace_hardirqs_on+0x5b/0x180
05:03:59 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 21)

[ 2391.978901]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2391.978921]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2391.978950]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2391.978982]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2391.979023]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2391.979045]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2391.979076]  ? ext4_ext_release+0x10/0x10
[ 2391.979101]  ? ext4_map_blocks+0x5cd/0x1910
[ 2391.979127]  ? lock_release+0x680/0x680
[ 2391.979225]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2391.979247]  ? lock_downgrade+0x6d0/0x6d0
[ 2391.979266]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2391.979336]  ? down_write_killable+0x180/0x180
[ 2391.979373]  ext4_map_blocks+0x63f/0x1910
[ 2391.979402]  ? _down_write_nest_lock+0x160/0x160
[ 2391.979424]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2391.979445]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2391.979487]  ext4_getblk+0x144/0x680
[ 2391.979512]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
05:03:59 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 23)

[ 2391.979531]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2391.979552]  ? __brelse+0x84/0xa0
[ 2391.979573]  ? __ext4_new_inode+0x148/0x5370
[ 2391.979602]  ext4_bread+0x29/0x1f0
[ 2391.979623]  ext4_append+0x228/0x4e0
[ 2391.979648]  ? ext4_move_extents+0x3050/0x3050
05:03:59 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 14)

05:03:59 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 22)

[ 2391.979671]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2391.979737]  ext4_init_new_dir+0x25e/0x4d0
[ 2391.979763]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2391.979799]  ext4_mkdir+0x3c1/0xb10
[ 2391.979828]  ? ext4_rmdir+0xf70/0xf70
[ 2391.979862]  vfs_mkdir+0x493/0x750
[ 2391.979887]  do_mkdirat+0x150/0x2b0
[ 2391.979910]  ? user_path_create+0xf0/0xf0
[ 2391.979937]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2391.979957]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2391.979982]  do_syscall_64+0x33/0x40
05:03:59 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 24)

[ 2391.980002]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2391.980016] RIP: 0033:0x7f8a770ffc27
05:03:59 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 23)

[ 2391.980035] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2391.980046] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2391.980068] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2391.980079] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2391.980090] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2391.980101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2391.980113] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2391.980159] CPU: 0 PID: 11557 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2391.980169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2391.980175] Call Trace:
[ 2391.980201]  dump_stack+0x107/0x167
[ 2391.980221]  should_fail.cold+0x5/0xa
[ 2391.980242]  ? ext4_mb_new_blocks+0x698/0x45c0
[ 2391.980264]  should_failslab+0x5/0x20
[ 2391.980282]  kmem_cache_alloc+0x5b/0x310
[ 2391.980306]  ext4_mb_new_blocks+0x698/0x45c0
[ 2391.980338]  ? trace_hardirqs_on+0x5b/0x180
[ 2391.980357]  ? kasan_unpoison_shadow+0x33/0x50
[ 2391.980372]  ? ext4_cache_extents+0x68/0x2d0
[ 2391.980387]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2391.980405]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2391.980423]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2391.980443]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2391.980469]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2391.980506]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2391.980531]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2391.980557]  ? ext4_ext_release+0x10/0x10
[ 2391.980579]  ? ext4_map_blocks+0x5cd/0x1910
[ 2391.980601]  ? lock_release+0x680/0x680
[ 2391.980620]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2391.980638]  ? lock_downgrade+0x6d0/0x6d0
[ 2391.980655]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2391.980689]  ? down_write_killable+0x180/0x180
[ 2391.980720]  ext4_map_blocks+0x63f/0x1910
[ 2391.980813]  ? _down_write_nest_lock+0x160/0x160
[ 2391.980833]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2391.980851]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2391.980887]  ext4_getblk+0x144/0x680
[ 2391.980909]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2391.980925]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2391.980944]  ? __brelse+0x84/0xa0
[ 2391.980962]  ? __ext4_new_inode+0x148/0x5370
[ 2391.980987]  ext4_bread+0x29/0x1f0
[ 2391.981005]  ext4_append+0x228/0x4e0
[ 2391.981027]  ? ext4_move_extents+0x3050/0x3050
[ 2391.981046]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2391.981076]  ext4_init_new_dir+0x25e/0x4d0
[ 2391.981098]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2391.981128]  ext4_mkdir+0x3c1/0xb10
[ 2391.981153]  ? ext4_rmdir+0xf70/0xf70
[ 2391.981183]  vfs_mkdir+0x493/0x750
[ 2391.981204]  do_mkdirat+0x150/0x2b0
[ 2391.981224]  ? user_path_create+0xf0/0xf0
[ 2391.981247]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2391.981265]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2391.981286]  do_syscall_64+0x33/0x40
[ 2391.981304]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2391.981316] RIP: 0033:0x7fcabb3d4c27
[ 2391.981364] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2391.981374] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2391.981394] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2391.981404] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2391.981413] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2391.981423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2391.981433] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2391.996586] tmpfs: Bad value for 'size'
[ 2391.997598] FAULT_INJECTION: forcing a failure.
[ 2391.997598] name failslab, interval 1, probability 0, space 0, times 0
[ 2391.997628] CPU: 0 PID: 11559 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2391.997636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2391.997641] Call Trace:
[ 2391.997659]  dump_stack+0x107/0x167
[ 2391.997677]  should_fail.cold+0x5/0xa
[ 2391.997694]  ? create_object.isra.0+0x3a/0xa20
[ 2391.997713]  should_failslab+0x5/0x20
[ 2391.997729]  kmem_cache_alloc+0x5b/0x310
[ 2391.997751]  create_object.isra.0+0x3a/0xa20
[ 2391.997771]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2391.997794]  kmem_cache_alloc_trace+0x151/0x320
[ 2391.997811]  ? lockdep_init_map_type+0x2c7/0x780
[ 2391.997835]  legacy_init_fs_context+0x44/0xe0
[ 2391.997854]  ? generic_parse_monolithic+0x1f0/0x1f0
[ 2391.997905]  alloc_fs_context+0x4fd/0x840
[ 2391.997930]  path_mount+0xaa3/0x2120
[ 2391.997952]  ? strncpy_from_user+0x9e/0x470
[ 2391.997969]  ? finish_automount+0xa90/0xa90
[ 2391.997986]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2391.998003]  ? _copy_from_user+0xfb/0x1b0
[ 2391.998026]  __x64_sys_mount+0x282/0x300
[ 2391.998042]  ? copy_mnt_ns+0xa00/0xa00
[ 2391.998063]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2391.998080]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2391.998099]  do_syscall_64+0x33/0x40
[ 2391.998115]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2391.998126] RIP: 0033:0x7fbbb0762b19
[ 2391.998141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2391.998150] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2391.998168] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2391.998178] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2391.998187] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2391.998196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2391.998206] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2392.126685] FAULT_INJECTION: forcing a failure.
[ 2392.126685] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.126705] CPU: 0 PID: 11570 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2392.126714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.126719] Call Trace:
[ 2392.126742]  dump_stack+0x107/0x167
[ 2392.126771]  should_fail.cold+0x5/0xa
[ 2392.126791]  ? ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.126811]  should_failslab+0x5/0x20
[ 2392.126829]  kmem_cache_alloc+0x5b/0x310
[ 2392.126852]  ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.126882]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.126900]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.126914]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.126928]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.126945]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.126963]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.126980]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.127006]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.127040]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.127059]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.127084]  ? ext4_ext_release+0x10/0x10
[ 2392.127105]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.127125]  ? lock_release+0x680/0x680
[ 2392.127144]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.127161]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.127177]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.127281]  ? down_write_killable+0x180/0x180
[ 2392.127312]  ext4_map_blocks+0x63f/0x1910
[ 2392.127336]  ? _down_write_nest_lock+0x160/0x160
[ 2392.127381]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.127399]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.127434]  ext4_getblk+0x144/0x680
[ 2392.127455]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.127470]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.127487]  ? __brelse+0x84/0xa0
[ 2392.127505]  ? __ext4_new_inode+0x148/0x5370
[ 2392.127529]  ext4_bread+0x29/0x1f0
[ 2392.127546]  ext4_append+0x228/0x4e0
[ 2392.127567]  ? ext4_move_extents+0x3050/0x3050
[ 2392.127586]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.127614]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.127661]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.127691]  ext4_mkdir+0x3c1/0xb10
[ 2392.127715]  ? ext4_rmdir+0xf70/0xf70
[ 2392.127743]  vfs_mkdir+0x493/0x750
[ 2392.127764]  do_mkdirat+0x150/0x2b0
[ 2392.127783]  ? user_path_create+0xf0/0xf0
[ 2392.127805]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.127822]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.127842]  do_syscall_64+0x33/0x40
[ 2392.127858]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.127869] RIP: 0033:0x7f8a770ffc27
[ 2392.127885] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.127894] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.127912] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2392.127922] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.127931] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.127940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.127950] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2392.191205] FAULT_INJECTION: forcing a failure.
[ 2392.191205] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.191224] CPU: 0 PID: 11573 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2392.191233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.191239] Call Trace:
[ 2392.191262]  dump_stack+0x107/0x167
[ 2392.191282]  should_fail.cold+0x5/0xa
[ 2392.191302]  ? ext4_mb_new_blocks+0x698/0x45c0
[ 2392.191323]  should_failslab+0x5/0x20
[ 2392.191340]  kmem_cache_alloc+0x5b/0x310
[ 2392.191363]  ext4_mb_new_blocks+0x698/0x45c0
[ 2392.191399]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.191417]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.191431]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.191446]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
05:04:00 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 24)

05:04:00 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 15)

05:04:00 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 25)

05:04:00 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000007)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:04:00 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000007)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:04:00 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000007)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2392.191530]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.191548]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.191567]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.191592]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.191626]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.191645]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.191670]  ? ext4_ext_release+0x10/0x10
[ 2392.191690]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.191711]  ? lock_release+0x680/0x680
[ 2392.191730]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.191747]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.191768]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.191800]  ? down_write_killable+0x180/0x180
[ 2392.191829]  ext4_map_blocks+0x63f/0x1910
[ 2392.191853]  ? _down_write_nest_lock+0x160/0x160
[ 2392.191871]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.191889]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.191922]  ext4_getblk+0x144/0x680
[ 2392.191943]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.191960]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.191977]  ? __brelse+0x84/0xa0
[ 2392.191995]  ? __ext4_new_inode+0x148/0x5370
[ 2392.192019]  ext4_bread+0x29/0x1f0
[ 2392.192036]  ext4_append+0x228/0x4e0
[ 2392.192057]  ? ext4_move_extents+0x3050/0x3050
[ 2392.192076]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.192104]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.192124]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.192153]  ext4_mkdir+0x3c1/0xb10
[ 2392.192177]  ? ext4_rmdir+0xf70/0xf70
[ 2392.192205]  vfs_mkdir+0x493/0x750
[ 2392.192225]  do_mkdirat+0x150/0x2b0
[ 2392.192244]  ? user_path_create+0xf0/0xf0
[ 2392.192266]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.192284]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.192304]  do_syscall_64+0x33/0x40
[ 2392.192321]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.192332] RIP: 0033:0x7fcabb3d4c27
[ 2392.192378] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.192388] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.192406] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2392.192416] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.192425] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.192435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.192444] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2392.299320] FAULT_INJECTION: forcing a failure.
[ 2392.299320] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.299401] CPU: 0 PID: 11576 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2392.299410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.299415] Call Trace:
[ 2392.299436]  dump_stack+0x107/0x167
[ 2392.299454]  should_fail.cold+0x5/0xa
[ 2392.299473]  ? ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.299492]  should_failslab+0x5/0x20
[ 2392.299508]  kmem_cache_alloc+0x5b/0x310
[ 2392.299529]  ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.299556]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.299573]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.299585]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.299598]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.299613]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.299629]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.299646]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.299669]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.299700]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.299717]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.299739]  ? ext4_ext_release+0x10/0x10
[ 2392.299758]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.299777]  ? lock_release+0x680/0x680
[ 2392.299793]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.299809]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.299823]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.299852]  ? down_write_killable+0x180/0x180
[ 2392.299879]  ext4_map_blocks+0x63f/0x1910
[ 2392.299900]  ? _down_write_nest_lock+0x160/0x160
[ 2392.299917]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.299932]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.299963]  ext4_getblk+0x144/0x680
[ 2392.299982]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.299996]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.300012]  ? __brelse+0x84/0xa0
[ 2392.300027]  ? __ext4_new_inode+0x148/0x5370
[ 2392.300049]  ext4_bread+0x29/0x1f0
[ 2392.300065]  ext4_append+0x228/0x4e0
[ 2392.300083]  ? ext4_move_extents+0x3050/0x3050
[ 2392.300100]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.300126]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.300144]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.300170]  ext4_mkdir+0x3c1/0xb10
[ 2392.300192]  ? ext4_rmdir+0xf70/0xf70
[ 2392.300217]  vfs_mkdir+0x493/0x750
[ 2392.300236]  do_mkdirat+0x150/0x2b0
[ 2392.300253]  ? user_path_create+0xf0/0xf0
[ 2392.300273]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.300317]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.300336]  do_syscall_64+0x33/0x40
[ 2392.300352]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.300362] RIP: 0033:0x7f8a770ffc27
[ 2392.300377] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.300385] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.300402] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2392.300410] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.300419] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.300432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.300440] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2392.357877] FAULT_INJECTION: forcing a failure.
[ 2392.357877] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.357895] CPU: 0 PID: 11578 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2392.357903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.357907] Call Trace:
[ 2392.357925]  dump_stack+0x107/0x167
[ 2392.357941]  should_fail.cold+0x5/0xa
[ 2392.357956]  ? v9fs_mount+0x5a/0x8f0
[ 2392.357973]  should_failslab+0x5/0x20
[ 2392.358046]  kmem_cache_alloc_trace+0x55/0x320
[ 2392.358062]  ? v9fs_write_inode+0x60/0x60
[ 2392.358074]  v9fs_mount+0x5a/0x8f0
[ 2392.358088]  ? v9fs_write_inode+0x60/0x60
[ 2392.358104]  legacy_get_tree+0x105/0x220
[ 2392.358119]  vfs_get_tree+0x8e/0x300
[ 2392.358133]  path_mount+0x1429/0x2120
[ 2392.358152]  ? strncpy_from_user+0x9e/0x470
[ 2392.358166]  ? finish_automount+0xa90/0xa90
[ 2392.358180]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2392.358202] FAULT_INJECTION: forcing a failure.
[ 2392.358202] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.358216]  ? _copy_from_user+0xfb/0x1b0
[ 2392.358236]  __x64_sys_mount+0x282/0x300
[ 2392.358249]  ? copy_mnt_ns+0xa00/0xa00
[ 2392.358268]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.358283]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.358299]  do_syscall_64+0x33/0x40
[ 2392.358313]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.358323] RIP: 0033:0x7fbbb0762b19
[ 2392.358337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.358344] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2392.358360] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2392.358368] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2392.358376] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2392.358383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2392.358391] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2392.358493] CPU: 1 PID: 11580 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2392.358504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.358538] Call Trace:
[ 2392.358566]  dump_stack+0x107/0x167
[ 2392.358588]  should_fail.cold+0x5/0xa
[ 2392.358611]  ? ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.358634]  should_failslab+0x5/0x20
[ 2392.358655]  kmem_cache_alloc+0x5b/0x310
[ 2392.358679]  ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.358721]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.358747]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.358763]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.358779]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.358798]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.358817]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.358837]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.358865]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.358903]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.358923]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.358950]  ? ext4_ext_release+0x10/0x10
[ 2392.358973]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.358995]  ? lock_release+0x680/0x680
[ 2392.359015]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.359034]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.359052]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.359087]  ? down_write_killable+0x180/0x180
[ 2392.359119]  ext4_map_blocks+0x63f/0x1910
[ 2392.359144]  ? _down_write_nest_lock+0x160/0x160
[ 2392.359164]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.359182]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.359219]  ext4_getblk+0x144/0x680
[ 2392.359241]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.359258]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.359278]  ? __brelse+0x84/0xa0
[ 2392.359297]  ? __ext4_new_inode+0x148/0x5370
[ 2392.359322]  ext4_bread+0x29/0x1f0
[ 2392.359342]  ext4_append+0x228/0x4e0
[ 2392.359363]  ? ext4_move_extents+0x3050/0x3050
[ 2392.359383]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.359414]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.359435]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.359466]  ext4_mkdir+0x3c1/0xb10
[ 2392.359492]  ? ext4_rmdir+0xf70/0xf70
[ 2392.359522]  vfs_mkdir+0x493/0x750
[ 2392.359544]  do_mkdirat+0x150/0x2b0
[ 2392.359564]  ? user_path_create+0xf0/0xf0
[ 2392.359587]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.359607]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.359657]  do_syscall_64+0x33/0x40
[ 2392.359676]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.359688] RIP: 0033:0x7fcabb3d4c27
[ 2392.359705] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.359715] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.359764] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2392.359774] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.359784] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.359794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.359804] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2392.445200] FAULT_INJECTION: forcing a failure.
[ 2392.445200] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.445221] CPU: 1 PID: 11582 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2392.445231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.445237] Call Trace:
[ 2392.445259]  dump_stack+0x107/0x167
[ 2392.445280]  should_fail.cold+0x5/0xa
[ 2392.445303]  ? create_object.isra.0+0x3a/0xa20
[ 2392.445325]  should_failslab+0x5/0x20
[ 2392.445354]  kmem_cache_alloc+0x5b/0x310
[ 2392.445379]  create_object.isra.0+0x3a/0xa20
[ 2392.445394]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.445418]  kmem_cache_alloc+0x159/0x310
[ 2392.445444]  ext4_mb_new_blocks+0x1fd8/0x45c0
[ 2392.445478]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.445497]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.445513]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.445527]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.445545]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.445564]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.445584]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.445612]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.445722]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.445748]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.445783]  ? ext4_ext_release+0x10/0x10
[ 2392.445806]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.445828]  ? lock_release+0x680/0x680
[ 2392.445847]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.445866]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.445883]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.445917]  ? down_write_killable+0x180/0x180
[ 2392.445949]  ext4_map_blocks+0x63f/0x1910
[ 2392.445974]  ? _down_write_nest_lock+0x160/0x160
[ 2392.445993]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.446011]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.446048]  ext4_getblk+0x144/0x680
[ 2392.446070]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.446087]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.446167]  ? __brelse+0x84/0xa0
[ 2392.446187]  ? __ext4_new_inode+0x148/0x5370
[ 2392.446212]  ext4_bread+0x29/0x1f0
[ 2392.446231]  ext4_append+0x228/0x4e0
[ 2392.446253]  ? ext4_move_extents+0x3050/0x3050
[ 2392.446273]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.446303]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.446325]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.446355]  ext4_mkdir+0x3c1/0xb10
[ 2392.446381]  ? ext4_rmdir+0xf70/0xf70
[ 2392.446410]  vfs_mkdir+0x493/0x750
[ 2392.446432]  do_mkdirat+0x150/0x2b0
[ 2392.446453]  ? user_path_create+0xf0/0xf0
[ 2392.446476]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.446494]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.446515]  do_syscall_64+0x33/0x40
[ 2392.446533]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.446545] RIP: 0033:0x7fcabb3d4c27
[ 2392.446562] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.446571] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.446590] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2392.446600] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.446610] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.446619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.446629] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2392.448687] tmpfs: Bad value for 'size'
[ 2392.469096] FAULT_INJECTION: forcing a failure.
[ 2392.469096] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.469113] CPU: 0 PID: 11584 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2392.469121] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.469125] Call Trace:
[ 2392.469150]  dump_stack+0x107/0x167
[ 2392.469167]  should_fail.cold+0x5/0xa
[ 2392.469184]  ? create_object.isra.0+0x3a/0xa20
[ 2392.469209]  should_failslab+0x5/0x20
[ 2392.469293]  kmem_cache_alloc+0x5b/0x310
[ 2392.469313]  create_object.isra.0+0x3a/0xa20
[ 2392.469324]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.469343]  kmem_cache_alloc+0x159/0x310
[ 2392.469362]  ext4_mb_new_blocks+0x698/0x45c0
[ 2392.469388]  ? trace_hardirqs_on+0x5b/0x180
[ 2392.469402]  ? kasan_unpoison_shadow+0x33/0x50
[ 2392.469414]  ? ext4_cache_extents+0x68/0x2d0
[ 2392.469425]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.469439]  ? ext4_discard_preallocations+0xd80/0xd80
[ 2392.469453]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2392.469467]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2392.469515]  ext4_ext_map_blocks+0x1d49/0x5830
[ 2392.469544]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.469559]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2392.469580]  ? ext4_ext_release+0x10/0x10
[ 2392.469597]  ? ext4_map_blocks+0x5cd/0x1910
[ 2392.469613]  ? lock_release+0x680/0x680
[ 2392.469639]  ? ext4_es_lookup_extent+0x48d/0xaa0
[ 2392.469653]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.469666]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 2392.469693]  ? down_write_killable+0x180/0x180
[ 2392.469716]  ext4_map_blocks+0x63f/0x1910
[ 2392.469736]  ? _down_write_nest_lock+0x160/0x160
[ 2392.469750]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.469769]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.469796]  ext4_getblk+0x144/0x680
[ 2392.469813]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.469826]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.469841]  ? __brelse+0x84/0xa0
[ 2392.469855]  ? __ext4_new_inode+0x148/0x5370
[ 2392.469874]  ext4_bread+0x29/0x1f0
[ 2392.469891]  ext4_append+0x228/0x4e0
[ 2392.469910]  ? ext4_move_extents+0x3050/0x3050
[ 2392.469925]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.469948]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.469964]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.469988]  ext4_mkdir+0x3c1/0xb10
[ 2392.470012]  ? ext4_rmdir+0xf70/0xf70
[ 2392.470035]  vfs_mkdir+0x493/0x750
[ 2392.470052]  do_mkdirat+0x150/0x2b0
[ 2392.470067]  ? user_path_create+0xf0/0xf0
[ 2392.470111]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.470126]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.470142]  do_syscall_64+0x33/0x40
[ 2392.470155]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.470164] RIP: 0033:0x7f8a770ffc27
[ 2392.470178] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.470185] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.470200] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2392.470208] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.470215] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.470223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.470230] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2392.472063] tmpfs: Bad value for 'size'
[ 2392.914924] FAULT_INJECTION: forcing a failure.
[ 2392.914924] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.914972] CPU: 0 PID: 11590 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2392.914977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.914981] Call Trace:
[ 2392.915062]  dump_stack+0x107/0x167
[ 2392.915074]  should_fail.cold+0x5/0xa
[ 2392.915087]  ? __es_insert_extent+0xed1/0x1370
[ 2392.915099]  should_failslab+0x5/0x20
[ 2392.915110]  kmem_cache_alloc+0x5b/0x310
[ 2392.915123]  __es_insert_extent+0xed1/0x1370
[ 2392.915143]  ext4_es_insert_extent+0x45d/0xf10
[ 2392.915158]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2392.915169]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.915189]  ? down_write_killable+0x180/0x180
[ 2392.915207]  ext4_map_blocks+0x80b/0x1910
[ 2392.915224]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.915234]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.915254]  ext4_getblk+0x144/0x680
[ 2392.915266]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.915275]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.915286]  ? __brelse+0x84/0xa0
[ 2392.915296]  ? __ext4_new_inode+0x148/0x5370
[ 2392.915310]  ext4_bread+0x29/0x1f0
[ 2392.915321]  ext4_append+0x228/0x4e0
[ 2392.915333]  ? ext4_move_extents+0x3050/0x3050
[ 2392.915344]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.915361]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.915372]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.915389]  ext4_mkdir+0x3c1/0xb10
[ 2392.915425]  ? ext4_rmdir+0xf70/0xf70
[ 2392.915443]  vfs_mkdir+0x493/0x750
[ 2392.915455]  do_mkdirat+0x150/0x2b0
[ 2392.915466]  ? user_path_create+0xf0/0xf0
[ 2392.915479]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.915489]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.915501]  do_syscall_64+0x33/0x40
[ 2392.915511]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.915517] RIP: 0033:0x7fcabb3d4c27
[ 2392.915527] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.915532] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.915544] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2392.915550] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.915555] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.915560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.915566] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2392.920171] tmpfs: Bad value for 'size'
[ 2392.921685] FAULT_INJECTION: forcing a failure.
[ 2392.921685] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.921695] CPU: 0 PID: 11593 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2392.921699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.921702] Call Trace:
[ 2392.921738]  dump_stack+0x107/0x167
[ 2392.921749]  should_fail.cold+0x5/0xa
[ 2392.921759]  ? __es_insert_extent+0xed1/0x1370
[ 2392.921775]  should_failslab+0x5/0x20
[ 2392.921784]  kmem_cache_alloc+0x5b/0x310
[ 2392.921798]  __es_insert_extent+0xed1/0x1370
[ 2392.921818]  ext4_es_insert_extent+0x45d/0xf10
[ 2392.921833]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2392.921842]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.921861]  ? down_write_killable+0x180/0x180
[ 2392.921878]  ext4_map_blocks+0x80b/0x1910
[ 2392.921895]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.921905]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2392.921925]  ext4_getblk+0x144/0x680
[ 2392.921937]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2392.921946]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2392.921956]  ? __brelse+0x84/0xa0
[ 2392.921966]  ? __ext4_new_inode+0x148/0x5370
[ 2392.921980]  ext4_bread+0x29/0x1f0
[ 2392.921990]  ext4_append+0x228/0x4e0
[ 2392.922002]  ? ext4_move_extents+0x3050/0x3050
[ 2392.922013]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2392.922030]  ext4_init_new_dir+0x25e/0x4d0
[ 2392.922042]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2392.922059]  ext4_mkdir+0x3c1/0xb10
[ 2392.922073]  ? ext4_rmdir+0xf70/0xf70
[ 2392.922089]  vfs_mkdir+0x493/0x750
[ 2392.922101]  do_mkdirat+0x150/0x2b0
[ 2392.922112]  ? user_path_create+0xf0/0xf0
[ 2392.922125]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.922135]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.922146]  do_syscall_64+0x33/0x40
[ 2392.922156]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.922162] RIP: 0033:0x7f8a770ffc27
[ 2392.922171] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.922176] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2392.922186] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2392.922192] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2392.922197] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2392.922202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2392.922208] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2392.923137] FAULT_INJECTION: forcing a failure.
[ 2392.923137] name failslab, interval 1, probability 0, space 0, times 0
[ 2392.923157] CPU: 1 PID: 11594 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2392.923165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.923170] Call Trace:
[ 2392.923191]  dump_stack+0x107/0x167
[ 2392.923208]  should_fail.cold+0x5/0xa
[ 2392.923285]  ? create_object.isra.0+0x3a/0xa20
[ 2392.923305]  should_failslab+0x5/0x20
[ 2392.923321]  kmem_cache_alloc+0x5b/0x310
[ 2392.923337]  ? cred_has_capability.isra.0+0x152/0x2b0
[ 2392.923356]  create_object.isra.0+0x3a/0xa20
[ 2392.923394]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2392.923414]  kmem_cache_alloc_trace+0x151/0x320
[ 2392.923431]  ? v9fs_write_inode+0x60/0x60
[ 2392.923443]  v9fs_mount+0x5a/0x8f0
[ 2392.923457]  ? v9fs_write_inode+0x60/0x60
[ 2392.923474]  legacy_get_tree+0x105/0x220
[ 2392.923491]  vfs_get_tree+0x8e/0x300
[ 2392.923506]  path_mount+0x1429/0x2120
[ 2392.923526]  ? strncpy_from_user+0x9e/0x470
[ 2392.923540]  ? finish_automount+0xa90/0xa90
[ 2392.923555]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2392.923570]  ? _copy_from_user+0xfb/0x1b0
[ 2392.923590]  __x64_sys_mount+0x282/0x300
[ 2392.923603]  ? copy_mnt_ns+0xa00/0xa00
[ 2392.923623]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.923640]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.923656]  do_syscall_64+0x33/0x40
[ 2392.923672]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.923681] RIP: 0033:0x7fbbb0762b19
[ 2392.923695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.923702] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2392.923718] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2392.923726] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2392.923735] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2392.923743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2392.923751] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2392.924645] tmpfs: Bad value for 'size'
05:04:16 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b3c, 0x3)

05:04:16 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 16)

05:04:16 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
fcntl$dupfd(r0, 0x0, r2)

05:04:16 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 26)

05:04:16 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 25)

05:04:16 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000008)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:04:17 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000008)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:04:17 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000008)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2409.554998] FAULT_INJECTION: forcing a failure.
[ 2409.554998] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.557927] CPU: 1 PID: 11616 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2409.559442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2409.561257] Call Trace:
[ 2409.561874]  dump_stack+0x107/0x167
[ 2409.562690]  should_fail.cold+0x5/0xa
[ 2409.563531]  ? create_object.isra.0+0x3a/0xa20
[ 2409.564490]  should_failslab+0x5/0x20
[ 2409.565281]  kmem_cache_alloc+0x5b/0x310
[ 2409.566125]  create_object.isra.0+0x3a/0xa20
[ 2409.567028]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2409.568074]  kmem_cache_alloc+0x159/0x310
[ 2409.568922]  __es_insert_extent+0xed1/0x1370
[ 2409.569846]  ext4_es_insert_extent+0x45d/0xf10
[ 2409.570845]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2409.571727]  ? lock_downgrade+0x6d0/0x6d0
[ 2409.572593]  ? down_write_killable+0x180/0x180
[ 2409.573542]  ext4_map_blocks+0x80b/0x1910
[ 2409.574414]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2409.575333]  ? ext4_es_lookup_extent+0xc4/0xaa0
[ 2409.576304]  ext4_getblk+0x144/0x680
[ 2409.577064]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2409.578095]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2409.579008]  ? __brelse+0x84/0xa0
[ 2409.579713]  ? __ext4_new_inode+0x148/0x5370
[ 2409.580620]  ext4_bread+0x29/0x1f0
[ 2409.581352]  ext4_append+0x228/0x4e0
[ 2409.582127]  ? ext4_move_extents+0x3050/0x3050
[ 2409.583064]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2409.584098]  ext4_init_new_dir+0x25e/0x4d0
[ 2409.585209]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2409.585241]  ext4_mkdir+0x3c1/0xb10
[ 2409.585266]  ? ext4_rmdir+0xf70/0xf70
[ 2409.585295]  vfs_mkdir+0x493/0x750
[ 2409.585316]  do_mkdirat+0x150/0x2b0
[ 2409.585336]  ? user_path_create+0xf0/0xf0
[ 2409.585359]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2409.585377]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2409.585397]  do_syscall_64+0x33/0x40
[ 2409.585414]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2409.585426] RIP: 0033:0x7fcabb3d4c27
[ 2409.585445] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.585454] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2409.585473] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2409.585483] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2409.585492] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2409.585501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2409.585511] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2409.596233] FAULT_INJECTION: forcing a failure.
[ 2409.596233] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.596256] CPU: 0 PID: 11623 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2409.596265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2409.596271] Call Trace:
[ 2409.596297]  dump_stack+0x107/0x167
[ 2409.596318]  should_fail.cold+0x5/0xa
[ 2409.596345]  should_failslab+0x5/0x20
05:04:17 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b3d, 0x3)

[ 2409.596367]  __kmalloc_track_caller+0x79/0x370
[ 2409.596385]  ? v9fs_session_init+0xa7/0x1680
[ 2409.596403]  ? kernel_text_address+0xf2/0x120
[ 2409.596427]  kstrdup+0x36/0x70
[ 2409.596444]  v9fs_session_init+0xa7/0x1680
[ 2409.596467]  ? lock_release+0x680/0x680
[ 2409.596515]  ? find_held_lock+0x2c/0x110
[ 2409.596541]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2409.596558]  ? v9fs_show_options+0x690/0x690
[ 2409.596585]  ? trace_hardirqs_on+0x5b/0x180
[ 2409.596603]  ? kasan_unpoison_shadow+0x33/0x50
[ 2409.596621]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2409.596641]  v9fs_mount+0x79/0x8f0
[ 2409.596658]  ? v9fs_write_inode+0x60/0x60
[ 2409.596678]  legacy_get_tree+0x105/0x220
[ 2409.596699]  vfs_get_tree+0x8e/0x300
[ 2409.596717]  path_mount+0x1429/0x2120
[ 2409.596741]  ? strncpy_from_user+0x9e/0x470
[ 2409.596758]  ? finish_automount+0xa90/0xa90
[ 2409.596784]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2409.596802]  ? _copy_from_user+0xfb/0x1b0
[ 2409.596826]  __x64_sys_mount+0x282/0x300
[ 2409.596842]  ? copy_mnt_ns+0xa00/0xa00
[ 2409.596864]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2409.596884]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2409.596905]  do_syscall_64+0x33/0x40
[ 2409.596924]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2409.596935] RIP: 0033:0x7fbbb0762b19
[ 2409.596952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.596961] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2409.596981] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2409.596991] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2409.597001] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2409.597010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2409.597020] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2409.608584] FAULT_INJECTION: forcing a failure.
[ 2409.608584] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.608685] CPU: 1 PID: 11626 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2409.608694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2409.608700] Call Trace:
[ 2409.608720]  dump_stack+0x107/0x167
[ 2409.608740]  should_fail.cold+0x5/0xa
[ 2409.608770]  ? jbd2_journal_add_journal_head+0x1a3/0x540
[ 2409.608790]  should_failslab+0x5/0x20
[ 2409.608812]  kmem_cache_alloc+0x5b/0x310
[ 2409.608841]  jbd2_journal_add_journal_head+0x1a3/0x540
[ 2409.608864]  jbd2_journal_get_create_access+0x40/0x560
[ 2409.608889]  __ext4_journal_get_create_access+0x43/0x90
[ 2409.608912]  ext4_getblk+0x318/0x680
[ 2409.608934]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2409.608951]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2409.608969]  ? __brelse+0x84/0xa0
[ 2409.608987]  ? __ext4_new_inode+0x148/0x5370
[ 2409.609057]  ext4_bread+0x29/0x1f0
[ 2409.609077]  ext4_append+0x228/0x4e0
[ 2409.609098]  ? ext4_move_extents+0x3050/0x3050
[ 2409.609119]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2409.609151]  ext4_init_new_dir+0x25e/0x4d0
[ 2409.609172]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2409.609206]  ext4_mkdir+0x3c1/0xb10
[ 2409.632248] tmpfs: Bad value for 'size'
[ 2409.633510]  ? ext4_rmdir+0xf70/0xf70
[ 2409.633541]  vfs_mkdir+0x493/0x750
[ 2409.633563]  do_mkdirat+0x150/0x2b0
[ 2409.633583]  ? user_path_create+0xf0/0xf0
[ 2409.633606]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2409.633624]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2409.633647]  do_syscall_64+0x33/0x40
[ 2409.633665]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2409.633676] RIP: 0033:0x7f8a770ffc27
[ 2409.633692] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.633702] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2409.633760] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2409.633771] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2409.633791] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2409.633801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2409.633811] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2409.634942] ENOMEM in journal_alloc_journal_head, retrying.
[ 2409.671845] tmpfs: Bad value for 'size'
05:04:17 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 17)

05:04:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 27)

[ 2409.847072] FAULT_INJECTION: forcing a failure.
[ 2409.847072] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.849433] CPU: 1 PID: 11641 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2409.850870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2409.852566] Call Trace:
[ 2409.853114]  dump_stack+0x107/0x167
[ 2409.853879]  should_fail.cold+0x5/0xa
[ 2409.854663]  ? create_object.isra.0+0x3a/0xa20
[ 2409.855606]  should_failslab+0x5/0x20
[ 2409.856389]  kmem_cache_alloc+0x5b/0x310
[ 2409.857226]  create_object.isra.0+0x3a/0xa20
[ 2409.858134]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2409.859179]  kmem_cache_alloc+0x159/0x310
[ 2409.860048]  jbd2_journal_add_journal_head+0x1a3/0x540
[ 2409.861114]  jbd2_journal_get_create_access+0x40/0x560
[ 2409.862437]  __ext4_journal_get_create_access+0x43/0x90
[ 2409.863532]  ext4_getblk+0x318/0x680
[ 2409.864304]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2409.865319]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2409.866256]  ? __brelse+0x84/0xa0
[ 2409.866960]  ? __ext4_new_inode+0x148/0x5370
[ 2409.867874]  ext4_bread+0x29/0x1f0
[ 2409.868660]  ext4_append+0x228/0x4e0
[ 2409.869429]  ? ext4_move_extents+0x3050/0x3050
[ 2409.870382]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2409.871375]  ext4_init_new_dir+0x25e/0x4d0
[ 2409.872240]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2409.873198]  ext4_mkdir+0x3c1/0xb10
[ 2409.873957]  ? ext4_rmdir+0xf70/0xf70
[ 2409.874744]  vfs_mkdir+0x493/0x750
[ 2409.875466]  do_mkdirat+0x150/0x2b0
[ 2409.876219]  ? user_path_create+0xf0/0xf0
[ 2409.877203]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2409.878308]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2409.879390]  do_syscall_64+0x33/0x40
[ 2409.880163]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2409.881241] RIP: 0033:0x7f8a770ffc27
[ 2409.882032] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.885900] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2409.887503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a770ffc27
[ 2409.888995] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2409.890517] RBP: 00007f8a74676040 R08: 0000000000000000 R09: 0000000000000000
[ 2409.892008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2409.893494] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:04:17 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b44, 0x3)

[ 2409.902848] FAULT_INJECTION: forcing a failure.
[ 2409.902848] name failslab, interval 1, probability 0, space 0, times 0
[ 2409.905228] CPU: 1 PID: 11639 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2409.906697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2409.908435] Call Trace:
[ 2409.908987]  dump_stack+0x107/0x167
[ 2409.909813]  should_fail.cold+0x5/0xa
[ 2409.910722]  ? create_object.isra.0+0x3a/0xa20
[ 2409.911693]  should_failslab+0x5/0x20
[ 2409.912485]  kmem_cache_alloc+0x5b/0x310
[ 2409.913334]  create_object.isra.0+0x3a/0xa20
[ 2409.914262]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2409.915322]  __kmalloc_track_caller+0x177/0x370
[ 2409.916289]  ? v9fs_session_init+0xa7/0x1680
[ 2409.917206]  ? kernel_text_address+0xf2/0x120
[ 2409.918161]  kstrdup+0x36/0x70
[ 2409.918833]  v9fs_session_init+0xa7/0x1680
[ 2409.919720]  ? lock_release+0x680/0x680
[ 2409.920547]  ? find_held_lock+0x2c/0x110
[ 2409.921402]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2409.922438]  ? v9fs_show_options+0x690/0x690
[ 2409.923367]  ? trace_hardirqs_on+0x5b/0x180
[ 2409.924268]  ? kasan_unpoison_shadow+0x33/0x50
[ 2409.925218]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2409.926353]  v9fs_mount+0x79/0x8f0
[ 2409.927107]  ? v9fs_write_inode+0x60/0x60
[ 2409.928000]  legacy_get_tree+0x105/0x220
[ 2409.928850]  vfs_get_tree+0x8e/0x300
[ 2409.929257] tmpfs: Bad value for 'size'
[ 2409.929634]  path_mount+0x1429/0x2120
[ 2409.931302]  ? strncpy_from_user+0x9e/0x470
[ 2409.932203]  ? finish_automount+0xa90/0xa90
[ 2409.933289]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2409.934292]  ? _copy_from_user+0xfb/0x1b0
[ 2409.935165]  __x64_sys_mount+0x282/0x300
[ 2409.936010]  ? copy_mnt_ns+0xa00/0xa00
[ 2409.936823]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2409.937924]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2409.938996]  do_syscall_64+0x33/0x40
[ 2409.940011]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2409.941150] RIP: 0033:0x7fbbb0762b19
[ 2409.941934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2409.945774] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2409.947370] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2409.948803] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2409.950259] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2409.951745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2409.953391] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2425.908310] FAULT_INJECTION: forcing a failure.
[ 2425.908310] name failslab, interval 1, probability 0, space 0, times 0
[ 2425.910904] CPU: 0 PID: 11653 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2425.912392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2425.914140] Call Trace:
[ 2425.914693]  dump_stack+0x107/0x167
[ 2425.915475]  should_fail.cold+0x5/0xa
[ 2425.916280]  ? jbd2_journal_add_journal_head+0x1a3/0x540
[ 2425.917420]  should_failslab+0x5/0x20
[ 2425.918234]  kmem_cache_alloc+0x5b/0x310
[ 2425.919101]  jbd2_journal_add_journal_head+0x1a3/0x540
[ 2425.920228]  jbd2_journal_get_create_access+0x40/0x560
[ 2425.921351]  __ext4_journal_get_create_access+0x43/0x90
[ 2425.922492]  ext4_getblk+0x318/0x680
[ 2425.923272]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2425.924303]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2425.925242]  ? __brelse+0x84/0xa0
[ 2425.925983]  ? __ext4_new_inode+0x148/0x5370
[ 2425.926916]  ext4_bread+0x29/0x1f0
[ 2425.927884]  ext4_append+0x228/0x4e0
[ 2425.928669]  ? ext4_move_extents+0x3050/0x3050
[ 2425.929637]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2425.930664]  ext4_init_new_dir+0x25e/0x4d0
[ 2425.931537]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2425.932519]  ext4_mkdir+0x3c1/0xb10
[ 2425.933372]  ? ext4_rmdir+0xf70/0xf70
[ 2425.934214]  vfs_mkdir+0x493/0x750
[ 2425.934957]  do_mkdirat+0x150/0x2b0
[ 2425.935722]  ? user_path_create+0xf0/0xf0
[ 2425.936607]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2425.937858]  ? syscall_enter_from_user_mode+0x1d/0x50
05:04:33 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000009)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:04:33 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
tee(r1, 0xffffffffffffffff, 0x9, 0x8)

05:04:33 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000009)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:04:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:04:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 28)

05:04:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 26)

05:04:33 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 18)

05:04:33 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000009)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2425.937881]  do_syscall_64+0x33/0x40
[ 2425.937899]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2425.937910] RIP: 0033:0x7fcabb3d4c27
[ 2425.937942] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2425.937952] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2425.937970] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2425.937980] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2425.937989] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2425.937999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2425.938009] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2425.940103] ENOMEM in journal_alloc_journal_head, retrying.
[ 2425.945380] FAULT_INJECTION: forcing a failure.
[ 2425.945380] name failslab, interval 1, probability 0, space 0, times 0
[ 2425.957550] FAULT_INJECTION: forcing a failure.
[ 2425.957550] name failslab, interval 1, probability 0, space 0, times 0
[ 2425.958110] CPU: 1 PID: 11660 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2425.965319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2425.965326] Call Trace:
[ 2425.965351]  dump_stack+0x107/0x167
[ 2425.965370]  should_fail.cold+0x5/0xa
[ 2425.965405]  should_failslab+0x5/0x20
[ 2425.965428]  __kmalloc_track_caller+0x79/0x370
[ 2425.965445]  ? v9fs_session_init+0xe9/0x1680
[ 2425.965462]  ? kernel_text_address+0xf2/0x120
[ 2425.965486]  kstrdup+0x36/0x70
[ 2425.965568]  v9fs_session_init+0xe9/0x1680
[ 2425.965593]  ? lock_release+0x680/0x680
[ 2425.965608]  ? find_held_lock+0x2c/0x110
[ 2425.965632]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2425.965648]  ? v9fs_show_options+0x690/0x690
[ 2425.965674]  ? trace_hardirqs_on+0x5b/0x180
[ 2425.965691]  ? kasan_unpoison_shadow+0x33/0x50
[ 2425.965707]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2425.965726]  v9fs_mount+0x79/0x8f0
[ 2425.965743]  ? v9fs_write_inode+0x60/0x60
[ 2425.965761]  legacy_get_tree+0x105/0x220
[ 2425.965781]  vfs_get_tree+0x8e/0x300
[ 2425.965797]  path_mount+0x1429/0x2120
[ 2425.965821]  ? strncpy_from_user+0x9e/0x470
05:04:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 29)

[ 2425.965837]  ? finish_automount+0xa90/0xa90
[ 2425.965854]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2425.965871]  ? _copy_from_user+0xfb/0x1b0
[ 2425.965894]  __x64_sys_mount+0x282/0x300
[ 2425.965953]  ? copy_mnt_ns+0xa00/0xa00
[ 2425.965976]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2425.965995]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2425.966013]  do_syscall_64+0x33/0x40
[ 2425.966031]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2425.966042] RIP: 0033:0x7fbbb0762b19
[ 2425.966058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2425.966067] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2425.966085] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2425.966095] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2425.966104] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2425.966113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2425.966123] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2425.966160] CPU: 0 PID: 11661 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2425.966170] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2425.966176] Call Trace:
[ 2425.966195]  dump_stack+0x107/0x167
[ 2425.966214]  should_fail.cold+0x5/0xa
[ 2425.966237]  should_failslab+0x5/0x20
[ 2425.966255]  __kmalloc_track_caller+0x79/0x370
[ 2425.966269]  ? strndup_user+0x74/0xe0
[ 2425.966286]  ? dput+0x35/0xcd0
[ 2425.966304]  memdup_user+0x22/0xd0
[ 2425.966320]  strndup_user+0x74/0xe0
[ 2425.966340]  __x64_sys_mount+0x133/0x300
[ 2425.966356]  ? copy_mnt_ns+0xa00/0xa00
[ 2425.966378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2425.966404]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2425.966425]  do_syscall_64+0x33/0x40
[ 2425.966447]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2425.966464] RIP: 0033:0x7f8a7710204a
[ 2425.966485] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2425.966500] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2425.966531] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2425.966549] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2425.966567] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2425.966582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2425.966598] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2425.993487] tmpfs: Bad value for 'size'
[ 2426.110685] FAULT_INJECTION: forcing a failure.
[ 2426.110685] name failslab, interval 1, probability 0, space 0, times 0
[ 2426.113392] CPU: 0 PID: 11669 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2426.114921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2426.116633] Call Trace:
[ 2426.117173]  dump_stack+0x107/0x167
[ 2426.117944]  should_fail.cold+0x5/0xa
[ 2426.118742]  should_failslab+0x5/0x20
[ 2426.119598]  __kmalloc_track_caller+0x79/0x370
[ 2426.120566]  ? strndup_user+0x74/0xe0
[ 2426.121369]  ? dput+0x35/0xcd0
[ 2426.122051]  memdup_user+0x22/0xd0
[ 2426.122790]  strndup_user+0x74/0xe0
[ 2426.123546]  __x64_sys_mount+0x133/0x300
[ 2426.124407]  ? copy_mnt_ns+0xa00/0xa00
[ 2426.125227]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2426.126336]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2426.127407]  do_syscall_64+0x33/0x40
[ 2426.128191]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2426.129255] RIP: 0033:0x7f8a7710204a
[ 2426.130064] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2426.133909] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2426.135527] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2426.137013] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2426.138504] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2426.139991] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2426.141477] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:04:47 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 19)

05:04:47 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000a)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:04:47 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000a)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:04:47 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 30)

05:04:47 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b46, 0x3)

05:04:47 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x1)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x8, 0x3f, 0x7})
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:04:47 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 27)

05:04:47 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000a)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2440.436513] FAULT_INJECTION: forcing a failure.
[ 2440.436513] name failslab, interval 1, probability 0, space 0, times 0
[ 2440.439399] CPU: 1 PID: 11679 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2440.441137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.443231] Call Trace:
[ 2440.443901]  dump_stack+0x107/0x167
[ 2440.444817]  should_fail.cold+0x5/0xa
[ 2440.445775]  ? create_object.isra.0+0x3a/0xa20
[ 2440.446936]  should_failslab+0x5/0x20
[ 2440.447891]  kmem_cache_alloc+0x5b/0x310
[ 2440.448919]  create_object.isra.0+0x3a/0xa20
[ 2440.450018]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2440.451378]  kmem_cache_alloc+0x159/0x310
[ 2440.452441]  jbd2_journal_add_journal_head+0x1a3/0x540
[ 2440.453766]  jbd2_journal_get_create_access+0x40/0x560
[ 2440.455105]  __ext4_journal_get_create_access+0x43/0x90
[ 2440.456453]  ext4_getblk+0x318/0x680
[ 2440.457395]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2440.458194] FAULT_INJECTION: forcing a failure.
[ 2440.458194] name failslab, interval 1, probability 0, space 0, times 0
[ 2440.458649]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2440.458671]  ? __brelse+0x84/0xa0
[ 2440.461963]  ? __ext4_new_inode+0x148/0x5370
[ 2440.463078]  ext4_bread+0x29/0x1f0
[ 2440.463971]  ext4_append+0x228/0x4e0
[ 2440.464904]  ? ext4_move_extents+0x3050/0x3050
[ 2440.466043]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2440.467270]  ext4_init_new_dir+0x25e/0x4d0
[ 2440.468331]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2440.469510]  ext4_mkdir+0x3c1/0xb10
[ 2440.470475]  ? ext4_rmdir+0xf70/0xf70
[ 2440.471443]  vfs_mkdir+0x493/0x750
[ 2440.472334]  do_mkdirat+0x150/0x2b0
[ 2440.473247]  ? user_path_create+0xf0/0xf0
[ 2440.474310]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.475618]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.476913]  do_syscall_64+0x33/0x40
[ 2440.477841]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.479127] RIP: 0033:0x7fcabb3d4c27
[ 2440.480062] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.484670] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2440.486586] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2440.488371] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2440.490170] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2440.491965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2440.493754] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2440.495382] CPU: 0 PID: 11681 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2440.496203] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.497172] Call Trace:
[ 2440.497191]  dump_stack+0x107/0x167
[ 2440.497203]  should_fail.cold+0x5/0xa
[ 2440.497218]  ? create_object.isra.0+0x3a/0xa20
[ 2440.497232]  should_failslab+0x5/0x20
[ 2440.497244]  kmem_cache_alloc+0x5b/0x310
[ 2440.497257]  create_object.isra.0+0x3a/0xa20
[ 2440.497266]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2440.497280]  __kmalloc_track_caller+0x177/0x370
[ 2440.497291]  ? v9fs_session_init+0xa7/0x1680
[ 2440.497302]  ? kernel_text_address+0xf2/0x120
[ 2440.497317]  kstrdup+0x36/0x70
[ 2440.497327]  v9fs_session_init+0xa7/0x1680
[ 2440.497341]  ? lock_release+0x680/0x680
[ 2440.497350]  ? find_held_lock+0x2c/0x110
[ 2440.497364]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2440.497374]  ? v9fs_show_options+0x690/0x690
[ 2440.497390]  ? trace_hardirqs_on+0x5b/0x180
[ 2440.497400]  ? kasan_unpoison_shadow+0x33/0x50
[ 2440.497409]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2440.497462]  v9fs_mount+0x79/0x8f0
[ 2440.497473]  ? v9fs_write_inode+0x60/0x60
[ 2440.497486]  legacy_get_tree+0x105/0x220
[ 2440.497498]  vfs_get_tree+0x8e/0x300
05:04:48 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 31)

[ 2440.497508]  path_mount+0x1429/0x2120
[ 2440.497522]  ? strncpy_from_user+0x9e/0x470
[ 2440.497532]  ? finish_automount+0xa90/0xa90
[ 2440.497543]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2440.497576]  ? _copy_from_user+0xfb/0x1b0
[ 2440.497591]  __x64_sys_mount+0x282/0x300
[ 2440.497600]  ? copy_mnt_ns+0xa00/0xa00
[ 2440.497612]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.497626]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.497637]  do_syscall_64+0x33/0x40
[ 2440.497649]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.497656] RIP: 0033:0x7fbbb0762b19
[ 2440.497665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.497671] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2440.497682] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2440.497688] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2440.497694] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2440.497699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2440.497705] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2440.510684] FAULT_INJECTION: forcing a failure.
[ 2440.510684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2440.510695] CPU: 0 PID: 11694 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2440.510700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.510703] Call Trace:
[ 2440.510713]  dump_stack+0x107/0x167
[ 2440.510723]  should_fail.cold+0x5/0xa
[ 2440.510736]  _copy_from_user+0x2e/0x1b0
[ 2440.510746]  memdup_user+0x65/0xd0
[ 2440.510755]  strndup_user+0x74/0xe0
[ 2440.510771]  __x64_sys_mount+0x133/0x300
[ 2440.510780]  ? copy_mnt_ns+0xa00/0xa00
[ 2440.510792]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.510802]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.510813]  do_syscall_64+0x33/0x40
[ 2440.510824]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.510830] RIP: 0033:0x7f8a7710204a
[ 2440.510838] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.510844] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2440.510854] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2440.510859] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2440.510865] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2440.510870] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2440.510875] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2440.548232] tmpfs: Bad value for 'size'
[ 2440.600435] FAULT_INJECTION: forcing a failure.
[ 2440.600435] name failslab, interval 1, probability 0, space 0, times 0
[ 2440.601949] CPU: 0 PID: 11699 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2440.602836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.603751] Call Trace:
[ 2440.604051]  dump_stack+0x107/0x167
[ 2440.604457]  should_fail.cold+0x5/0xa
[ 2440.604887]  ? copy_mount_options+0x55/0x180
[ 2440.605380]  should_failslab+0x5/0x20
[ 2440.605865]  kmem_cache_alloc_trace+0x55/0x320
[ 2440.606386]  ? _copy_from_user+0xfb/0x1b0
[ 2440.606857]  copy_mount_options+0x55/0x180
[ 2440.607328]  __x64_sys_mount+0x1a8/0x300
[ 2440.607780]  ? copy_mnt_ns+0xa00/0xa00
[ 2440.608219]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.608805]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.609383]  do_syscall_64+0x33/0x40
[ 2440.609805]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.610384] RIP: 0033:0x7f8a7710204a
[ 2440.610799] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.612857] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2440.613708] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2440.614510] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2440.615307] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2440.616103] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2440.616905] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
05:04:48 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x10040, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000040))

05:04:48 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b47, 0x3)

05:04:48 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 20)

05:04:48 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b48, 0x3)

[ 2440.768400] FAULT_INJECTION: forcing a failure.
[ 2440.768400] name failslab, interval 1, probability 0, space 0, times 0
05:04:48 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x10000, 0x20}}, './file0\x00'})
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000040))
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', <r6=>0x0})
bind$packet(r4, &(0x7f0000000040)={0x11, 0x1, r6, 0x1, 0x8, 0x6, @random="190002400a00"}, 0x14)
[ 2440.771127] CPU: 1 PID: 11711 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2440.772658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.774394] Call Trace:
[ 2440.774939]  dump_stack+0x107/0x167
[ 2440.775700]  should_fail.cold+0x5/0xa
[ 2440.776499]  ? p9_client_create+0xaf/0x1230
[ 2440.777379]  should_failslab+0x5/0x20
[ 2440.778183]  kmem_cache_alloc_trace+0x55/0x320
[ 2440.779113]  ? find_held_lock+0x2c/0x110
[ 2440.779981]  p9_client_create+0xaf/0x1230
[ 2440.780866]  ? lock_downgrade+0x6d0/0x6d0
[ 2440.781755]  ? p9_client_flush+0x430/0x430
[ 2440.782678]  ? trace_hardirqs_on+0x5b/0x180
[ 2440.783602]  ? lockdep_init_map_type+0x2c7/0x780
sendmmsg$inet6(r2, &(0x7f0000002480)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x80000001, @dev={0xfe, 0x80, '\x00', 0x18}, 0x7fffffff}, 0x1c, &(0x7f00000005c0)=[{&(0x7f00000000c0)="d87f751344ebd3a046d120a05b72943a20242095c64db14566deaa38eee0676b83a25a80b61f397c52d30939af479557e0386dbbfe8ad7796a9d534357aa6aa3560a3b90a65dbe7da559790b6261b124744101603bfa91aa22983106a50d6c9a3c4162da6107940c8f8518568c2364ae6f99492156097f306eb782891e7840029bbb14d43048ebe1fbbbace9da9d87f4304c", 0x92}, {&(0x7f0000000180)="6329b64374a7918c33dcd56f8c36e3744de960f84342b7faef5259bb8a990bef28737f739501231a91dc6791a7b4d6da84abb2e3c20e2e0e3702fbc6d3f7c99556c002f487ff782bf802daa79401b42e787928a1a17d2831b45a2808967689c1c20715bb62393fdf328c2683df1a14073310acb222bed9849b95543c", 0x7c}, {&(0x7f0000000200)="d9ad894acb5aec82c9c75edf700d83cc174152b4d757bbece3c1a9a9a079d945cfc69bbb208188b511dcb9ebdf151a66a8dbfa1adc30a3d380bb2695d8be64749c9de18a927bc5722dd2d4353cb3119cafb35b0e0a93c79d632f57708b46250c7188914d26b102e07b39d4c5557f34e7a92c715961de7808640d06557ef02a986cde686f880d21ef44387e880e6148bbc60768c6f972e6798e300c7606da2c36b45140f76063e71d4fef3c1969fc0270b5c7af6868ba73baa665dd629522ba228a2f6758bcf11acb7ddd77e8501b8e4eceba6b2686a7b9e252cd639e67adc1325ebf9c8e12b27b2cd2698f4f07e4144b4726a35aa3bf9ca37a8b24cde327", 0xfe}, {&(0x7f0000000300)="f41179aaac38e7547bfaeede0d4f8decfc060f9596d0a2b1c0d4977fd05aa4d49b76895f8babec75a04b470188aef6682b939fd0a1e735ecb52b79eb797445cd1ecdce73c7dbfd79204eff144ed2a8606f3d275cb21b20e5c10cf4595d48d8e961f9c2ecb5cbb67eca9ada13e5c7db2bab05e3212febb2281191b5fec23a337281a5dbf6b521cfb2cfb05d60b980d1f52b5c0ec902198351f55cf3c910c284b658b28a5e2b788c87fbcb48b769b48e3d485dd07c79b97341b49dabb2b31d597934f71d20ea439233e668", 0xca}, {&(0x7f0000000400)="f6ea6b7611621368dbf56804d2a734fdab0bb1f871af9b2e3946162fa3d32b9d913580481f94d1556a751c25c34bdaa1ef0373bba617f0a4e2b73557f2b57498fd55fb76a7f43cb9db471f5777c0c1d6d6e4e3adfffa97950ffc9ab39b7b2b8085891d4dc3182addb3dda1cfc954de77116fb870404f0109e0c76878dcaf59058e7c79decb80f031a160980e748a8f9e4dac55e9ba08824835e5e743a17d02dd2960193c16d119a7a1", 0xa9}, {&(0x7f00000004c0)="743b54ec2a97a2c7662564a9e5fc8ee2fc70cb1929e20e6c9c810c9988a28bd964891cc42d1d6ed7", 0x28}, {&(0x7f0000000500)="8e744756252b99a6dbac72381167bc1d26c9dcbbdf6c568fdc752516ce9683827f5a34ad167af22ae79ac785eb8d59fc98f3a89f393ce669484263c9d3e69a7034571f2de78de0097db872121abe6b2282a8c77622a5aaad58d34587c14080f7b973ba64583f2c47dc11a5ca23240ed1635e891c12ba88d72fbb888562cf63e656845824963fc7dc50", 0x89}], 0x7, &(0x7f0000000640)=[@rthdr={{0xa8, 0x29, 0x39, {0x0, 0x12, 0x2, 0x8, 0x0, [@mcast1, @empty, @mcast2, @dev={0xfe, 0x80, '\x00', 0x2c}, @empty, @ipv4={'\x00', '\xff\xff', @broadcast}, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x10}]}}}, @dstopts_2292={{0x98, 0x29, 0x4, {0x0, 0xf, '\x00', [@pad1, @hao={0xc9, 0x10, @empty}, @hao={0xc9, 0x10, @empty}, @calipso={0x7, 0x50, {0x0, 0x12, 0x2c, 0x40, [0x1ff, 0x3, 0x371, 0x9, 0x0, 0x7, 0x8, 0x6, 0x1]}}, @jumbo={0xc2, 0x4, 0x8}]}}}, @hopopts={{0x200, 0x29, 0x36, {0x3c, 0x3c, '\x00', [@pad1, @generic={0x5, 0x1b, "b2b8b36e3183453ecc79b5651a0c492ac7840f1e68a57850979d9f"}, @padn={0x1, 0x1, [0x0]}, @enc_lim, @generic={0x1, 0xf1, "cb016ecbc4a41d979b0e30c3416a5d1361e6108ee492bdfab02cb56e0204f2df65368bd9c24045f815f59270848bd832ce1926fe96c5e2cbc14cec5df73e74c5885bd79d10ff6fb4db978e916dd17d9fba22342d674ead2c351b25ab0a7bf97129f536143b73bb87f156e1b34642bb58d42a78cf177f942e076f394e5354bd2a6fc20fe7a85791e5ae4f8599413705a2d4e59e4cbfa8f05210a235e718184eecd5719b030285683fa814484a8e69b5ed78bcd8d5cd5c2b41eb472f1037646718259ac27747b4815ad78a969daae11c62204fcdd2e902ecfc139754701b910e6c66ee5b6838411661986bbf6542af9792df"}, @generic={0x1, 0xc0, "f47edcd9b362cd07880e45156b3e11d00fce402381329d3d3a803281c2436077ca0f3097fa398987fcdf2467143c55e5d9cbe9f52fd97a2dbb76671c3cddebbd95cbad6bf5217432e3f9e431351723e079d4ead847f27dfa6ef15c7c21f15ca30eb036177ed673ffa9f66de84666a0ef807eea36c3d683cec0593849451fe67b72f46dce19ea145cafdb9f7b65ebb36094d08d1b310e4f14615fba2ef9e25d101a83ec4461f256b92e58289672965c96e96506e95140af2e06f8cee69407ec04"}, @enc_lim={0x4, 0x1, 0x3b}, @padn={0x1, 0x1, [0x0]}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x2e, 0x2, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1, r6}}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x84, 0x2, '\x00', [@enc_lim={0x4, 0x1, 0x1}, @jumbo={0xc2, 0x4, 0x5}, @pad1, @jumbo={0xc2, 0x4, 0x2}, @ra={0x5, 0x2, 0x5}]}}}, @tclass={{0x14, 0x29, 0x43, 0x7ff}}], 0x3f8}}, {{&(0x7f0000000a40)={0xa, 0x4e23, 0xffff, @empty, 0x9}, 0x1c, &(0x7f0000001cc0)=[{&(0x7f0000000a80)="45d4f0df9121a45a7de1b4615731874db0f86b26ce6b45e3ac7b5df6bd4b7a93e59b36a65bb090b576d46eea8b7f95df1e691e37741b029b445c87a7b5f13e3ebb8cdd59df20aa3705fbc715e6258471afb7f954c479286e984cffb29a9df0fdf16fcc0aed88aced7d01784f1ddb12f6921a31432105861980a08dd9e0eceed19aa6b745919c51f76ec7d1adef6890cfe7078295a1b8e5f1013a0cabc5b1ed147b71f34c3536f311981a301712b3e5b9e93e5a7eb104ca442b7e67ed952a774195ea78192a9b79ba7f56d05c435fe6595f15f0f16961fbe61c", 0xd9}, {&(0x7f0000000b80)="6982f90e193c9ad5efcc8058a048d943f20364086acb3cfed880a8242f0dd1faef5ed4860e8c8488f6b11441eca8868a5d2a1efee021ccf89b4cbd2e3646a6976a304739e7f93246b83e5faf7a94a4f62028b7fc97717400b7cdce1abc62f8431a92ab85a896f86c3b7d4aac5fa5fc0bc3f036cedc1a200a2d92f719234d41d29e90331558745d", 0x87}, {&(0x7f0000000c40)="f1b9dab5346c3cdc3b71a157523877e13b843a47a685d030fe1db6e1196dfd8cff270af9fec61dd0c217d6066bedcc1c8ce8754e2e1ae4c3e8d18f029e6433a36612d89c1f4d23743705f483699f6477bc5c17468c87c004b6d24b137e2d187e852036045f621d2bf8bd4b4d20da9cfa42b441ab15f76cb3b83aea209ae7d5edb417b020b4e1c69d779bfdfd6ff93f94b1c8b8fa161ad91c623234d8829668e013ea7deb8d2e72d91ae25ffef7f41da8501f174f13433e704eede2f0c511379078713df5540014e7865bccabeb57a5991fbc9b463a42acaac99b2a3e9877dd2c261b9bce744268fa552d3a2982f2d19f50fce9e3fcadfda5ca7ca3cdfab12bd2ed74fbd8ae980426dee40dc39b2c76c19b9e3537acf1b7b66f210dd8fdade90797b259a9323104660f1c87d5198e880028438391a0b4b85b0f7da3b4604b0e775491e33d64153f69349788885763dd5c12fe5ed74ebaeb13712975c18d572810643a5d9096aa63d3fa49ed7d56a0339f9706c0c3de404f0bfc93640393b277eef1b07b13590560fc83a0426cb53c9fbadfb551bccb7a92b3b1f30df149a43033a54ae2e91228cdbed64b718e57349a33243f69e4d92359e91bb0ccd718228f9763cf75e8ab56a324caad02d2e22e73337795220e7cbe820ef5a0986781da2425f2bf0575892d4611b23367673d71f7855156286dc864a13d8164babeb279a3e6e13ca5706e5ad81ca3aa9d70c595fee90023bba26f18c94b5fc5de400a546bd5711532d92dcc1a6fb2079281d8b57bb721541451ed4cc4b0ebb8b38041550cd2ac88e9809d64a5ee2aeb98c4be8ede059177df241002a5727e8d0be693d31bcf15ecb492448a9626851380c7f9043963959e82031666da61f0b12a06ea542d32c6a1ffbf8afb101223d39acff160cf03d667ffaa2d3ec948cd12a2e0d1e9e006cdb751710aefefcab9a6777791ae1bed8fbd906f70d32d8391215eefbc70b220535a44c846f64e51a766fdedb2b41cd14ba57b8bdf180a5c5fb4cd9dbab71c274b27b5d7ef425bfaa9f39d0760c16ed6edaaba1b8f634aa843e60ceafea5510b70ce42b59c3a3dbb1fe162b1b3d022f306f88bb9b3accb2709859b6382fd26765a3d1810a2830050a62b71c997afed8a920d5c6d1cda76e30add462bf9b5e2a1d2bd228993554719de26e2367213f45ccf966be52e9a0a6f6acdb89376ea60cb798c4f8dbd142883578c51a6120a95b66d4a246084fc40064792eb7e74e20bd016ee47b4351bcdea7e78864394725555754a32a07342571f8fc787fa1bffd72495b9a463bf6ca8fedf569bf944af46f2042b8fa02bf50260f32f6704ceb9be7f27ed4d2619d3a628cc7e9fb590ef0f4a26131e220996024ae50c6a90a02aa30d82c7b8d59140148dfca22183d95a72fbdd9ce4815281f60deeb6e5e7ac91f41420d093cd445d2221f3b575641f98d9764bd9b31bd9f524596becb97ad4426786c27ce1370f57d195d50b587d91f5319d0c7c4b95ce2592f5f13e92f3a3bbd4df4a9783e69b62eb28177244839cf13b33f8fa2bebed3492c97e98e595b015fad6987406da4007b6ad1a083d7e2874d360ef352ebea6875f874935cd5bfb7edf07cc9f23512c9f6bf30dda14c334ef9a2d242b3f3400f9cbb9a331f8c898a04501de5ecbcf051931810b288b4688f904689c74deb56665df278beb3d2fcc5f7e5bdfb8bed42ac21b887373f66108071d541ea9f1648df33597d9f684890abd21d6ec26d3a81e19a8251d7fdc5bf06f2d79758172e6135a88e2a09f82f36db9603fb32e0eee70414bb0b4652e7695c87e84d1b13f04a071e0b34252a531d4d2b92cd08fa2f9122747ccbf69d96b2ff013b32b3e07c14f1ab4304aa3a81334ae1d7cc5c1533bd82a203ce98f46f3b41291c28a05b21349e50a2f0f245c4229edfcab023ab0c7252bf0b2aae04a9865d20900ce242dba860b2ec033b66bbf7c4fea2d9e0845d142a6d706b3bbfe640ae8097114280d3f2ca38376d154050d7916916cea47b5d38a4813a9df85686bdc8dfc14984a44fa6a0f889b4ec4bb0131e8c47ef5eb029cc98ee936b3dc9150396215eba6031843d06bc8621a5ff26b4414d73342665d267f5adeb30f603a18fc5f1397211fc647eb753938eda47af75ac894c3331ae43252bb5867383b98c6a2b3ab646b42ce39e373a13fdf1b6afc2f5448a5711fd859d8479aad31e2083521e41ce040efb2ab9014712cd82afa7a96d2fe967ae413980164a7b0d26b26826da6a9fa18a942a5bcce380ef3ce76f284a926b2931ed3f7706b06fee484887bdb02644785b5558abc4a845b9e635b1fdbcd58cc7cb05c3d1157a003cc8c33fdb5adedf7aaea9d13f6d59cc94546aea220dfc75309970ea8a218cc9ae815d7a1feb54a89671532a3071c119142c51b1881d66395899e24840121bda3a48c43e4750549b3b324aaa8232916336c80388dce1969e28bc95545e33c5fd63c2e22265bde41fc5f829b5e204a1381e50829d2b94161f1f5ecefcc601cf7456178eb02f05f31303811cf4a9832e3e352756a6526200e8b1d2917f9fbfefb15b2d67d73044ca8664f6383664c0dde74a4b66b12f243ba08061398d0c4383a8facb486eae9c44c7317edca27f389464750555e943bcde65d292797b3e6087fec7421450bba032df863d3227369501f495189b65c4d942e35d727af67b1031644c578cf8a0fef81840a8471ac58c588eaa6759f68abd229b3b8fe25753e171186588b3963b5b2a15159bbaa588ead47dcbf4558018ffb604cc418dc58cef8cebc718d5e81eb8ad632b9b758aa8f2fe2f0590f4cbf346033e7bcf8f5ed4ffa2fc9ee6ae54275d78a7d0b980981e966b2302a413c9b3ced4b2c43145525a733f4f3074d74055fb656f93b3ae659dbe9b845091c7a1cebb4dd271c3aad99d9816896c0e4c5a4c83c0bb58e366de764c4611674a541c188dc80ebcdad8a02c02ac0eed5decf677105dadc28cd5a8346fe71273426abe0b37e877f8efc1f1de34bf17f83e81c0047e732519ff8607b2788475f08de1d746002a99f173c2cfbbb03fe502b59bed8406a756f2489d23f7c2330ef6fbff2655d0d85fc691e1d7310ff765b56cdf70d0f55cd425cfba4e24476250454ce7ebe0cdc6435702cb31bc395ab2c6047c13303f343e60219a299a253546c1fcdac394e435753e215f56a023033ae7d8c0c016d2157ddd2590cecc3ebc475109d0d06223d2a93151940ab99b5019b4502e33b508777b24276b75d41b9c437b92266f5dbc34be0975fbee77b988c5cd24d01f0223468914bc7e3d1c2f0b4d417f87294bd311e977ee37c5124c49a9d4597cb9da0cad8e06d680caa4dd4aca6f7feb188a9d2f6d0c81799ba9f3e43d2a01f299c40e5aec0915e47b74fc62f44f5ee4e42215672507bb6f25c79239efa35855121c10869f8039ba279099977a207976bb11bfb737b82bc5a9778b7b2dda4f5aadc29aa819de9334510fd5747c6b0b56133dbf5b2f769f4af8beac3639a269ada39c23ad4c80892a01c6be2defcb617a30ec832281a0db281549db99819e5ef58bc28cfc862d854c24d308b1ad9231cf5b8d496d510dbf7cf4b03d4711c004901c2b8c48f844fc071ce58e191c0e09e047237b1d43bcb1ece8655107536c518a35180b2f50597f00a4e175d89e56b1e0c3551551c248a41b532cbf2baa33ffd3be76b48af292f886465b7d6f4c5df8232088aebf61cf5c28db3de42c8b3f36b04113e00cb320aaf7075a357844dee1b3c14511d0ccbfa3ff72139b85cef29bb92167e2d0b0186e89e5720da39129f7747d9fd41f436a58d9e63a4ca884c81d6ffddb6f6d79b49dd3fa195e9dfe6044fd65d5ab129109a0850285ceed6cbafcdb6a91b0d4652f0ca6fd61332236b78430e3b3c6bd9ec05348e5b206a330a5675f0e4793ea24da3e0f2fe77cea807d8d754b5caaecb3180f6c7d24da7e671a71b2a040da2d9320c7fd913c229d9c6eb7f080e9e1df9ffb002db3564040df208a1d208667a98d6556db871daa97d95037252f295d706d81b8c5a0d7e4a0b067278207a57a932ee7e972d781e9067ca414c035d2496dcc5437033fe1ab97239c8c3bd8390019d3892ad1fce6ca37a82d65a61dfd48ae06392c997ec0e30b3569af00b5e49baaf5792de10ba11ee8d74e89b4f50489dc48ae40239c21bbb787ea96b14e7a4d622619eb137eb3850707f4b325ea9afadc7a0b2e397dfdfd9bc7f062eec16430971bb6ee2c0a0ee8b33cbb9fe0fd7ff8e5ec109e227e9f9b22c58f0ca65cf43a563dd87a7ad97f5970c3aa2c1260bdfecb92409fd776ab62aab4cfc82b37e604b4cb564c506c429956d9626084f05fabf9a4327bb0ac4d725c3ff60c5b8ca4872e60191501f47184200c30aabb09b3b8f94a588d7c2552b72c262845b2e7bc15d39df2cddda8b9899242f236730f5112cb90ee54de2314d90ac6814430fbb21b31a2b86b53f8cdfac7a52d8cc36f435643d6857613374dfe2da3f9a79abe192ca8f78539c17af4997151f75a7265cb365de39994811dcadcb92cc712483ba98f7c6f3124967f1990f815800dc749fd29af217232c65162e000364eb4f439da97bdfd24f23583b366327ab9a43433d344fd46cfa6604f9584b7a5d864c158e040b8fe4aaa73948c432c4ccd037a4631138dc086a250a52617de48e10a19edc02b6880302499e0d549510af9cd2e00e2f895ce6bdb5ed62b3ff601d63dcb16a1340118a0d97921ef6fa903c436f01f435225feb3520ac3fb14b4d5738fa8f29d9dddc38857bd53923d4799b39d911f8298d8ebad5f4af27327e0acb4b4d6c3d98ea5fc68ebf61a55a265797e71c51add91ab2ca2e61eaa390ec9f82f4aad59d6fcd3b92d610d30e1e5c77ddb1ec6b40b999a2aa05aeaa96fa559e889796227d06e6535dd0c6c0306c1496d3197482a85074bd0963464782ab0b494a1cbe6004a070d385c443fad1b9a882dabe4c2f18288adf719be610666beabac29ba6a18cf7e3a7674a0b2015e8e5bf63f9d69c5e2bc89574e7e46a54033db16e38e51f483a33997abaa21142a2d1fd30c06f4a4e8ac9563be69a287de6101417de89e82317a145cac87e56dbeee6cb1a1c73b3b1f871021a6c34808bd023538107a93f459a99ffe693e3b7a1d7be86ef185e066f169302e536fde58b63cf21761eed5871447542f37fdbb9d9bda01531d49a5266fd322d8681998339ca1e26b85d9fe79920bf1c441b4ea902e691b0a92ea445102c0373c3699865fe80e1befc39df672d9df378cf88df3a422f1e84c1efc78b33aabff439abb3f80dc0197daa162930a35c6aa043bfa2d2262f255e211752b39668ddd92be7f8b8d9b493e81d53692ec1e2b702330eb39559fe810a2f6ac10255f2d61c40af5ce7cde17ab231877c903555f2bca8bd4ed503648596b24bac84f1e32c4bbda61fb84043a635e87f040df4ca699ba65f3fd55fe10ebbaf5a21c61c73ec0d4030cc78ae26694452673102b8bc8855adc2a67c45be95ef24b9ac0c517d76a2690c9e35181fbb4c9791b73b08269f96042ed40a3a21747fbe48fffb87fba05c00a96c3e6cd91dbe790d860565a70fbc3b1d14b77a345a5b69275e941dbc7faa5165c78d5b4e33e8e8a4bdce1eed083bf93f3ed289d3fa7cf8d54bd891bb2cad4dc437076dc13aead00e5c05231e098682f80c58533418b064c667d609be0f35cfa5a9466313cea752cbecef2264a370af3bba06d6362b719909bfa9e85a856207", 0x1000}, {&(0x7f0000001c40)="8fae9c09a1c58c3f093b4534ed076f8c54e2774dcca60924e1a913fc1fee05d1810fadd0b271acb12561b6b20f00a1f171e8c680f335ae1c357eaadb378d6fa6414a9bd05755fcadbe", 0x49}], 0x4, &(0x7f0000001d00)=[@hopopts_2292={{0xf0, 0x29, 0x36, {0x0, 0x1a, '\x00', [@jumbo={0xc2, 0x4, 0x511}, @jumbo={0xc2, 0x4, 0x45}, @generic={0x0, 0x46, "8416f15c0c1ee1d8ea1cec0d06dc06c6d17dda7d9e5752f04b368c5d4731231229416a257fff482d53a538daedc137fed7a92a286f9ea0889d88dc621267a32eb6bc663e351c"}, @pad1, @calipso={0x7, 0x18, {0x1, 0x4, 0x1, 0x3f, [0x9, 0x943d]}}, @calipso={0x7, 0x38, {0x0, 0xc, 0x20, 0x7a4, [0x8, 0x9, 0x3, 0x2, 0x0, 0xfff]}}, @pad1, @generic={0x4, 0x27, "ab7971ed47dcd255eae71cfb79ae335df96951bfe9c8307fdfa1ff7d4c6d5f2164f6d6ad804b4a"}]}}}], 0xf0}}, {{&(0x7f0000001e00)={0xa, 0x4e21, 0x72, @remote}, 0x1c, &(0x7f0000001fc0)=[{&(0x7f0000001e40)="6470ffed81dde9ea23c8a4c354ca3b1858529f941d5b02b4331fc4da471854b9b839e6203cfaba8b67305f0618234fd48dc9d873d0d4987cc45e247e20056b1114d0d12f6d2339bc74b634ff07e5e67e0d4e96fe36819bf2f7ae6f9697", 0x5d}, {&(0x7f0000001ec0)="ef79f4872c56eccfece35f1e", 0xc}, {&(0x7f0000001f00)="0e1fb820a4582673dc6b358821666cb5b983b2538448f41d46005febaad8b2b99ae0b5b9bc63ffc99967e9ebe2cc4f794570c669121286ad1cd3f77a7dccc4f86d98cbbe76732db919aba9fb5fddac1c94c52fea2461d1a6181b2a8c8134ecfdf65102a9748a1f1922ef89bcb399046c556f75ddf34fb377ecf952b1651ec4e8cccce06c8f8119fb6508243fcf4ebf9ad4f446a7bd", 0x95}], 0x3, &(0x7f0000002000)=[@tclass={{0x14, 0x29, 0x43, 0x6ee}}, @dstopts={{0x38, 0x29, 0x37, {0x2e, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7, 0x4, [0x198da83]}}, @padn={0x1, 0x1, [0x0]}]}}}], 0x50}}, {{&(0x7f0000002080)={0xa, 0x4e20, 0x4, @local, 0x2}, 0x1c, &(0x7f0000002400)=[{&(0x7f00000020c0)="ebff143a1a2e494f7b0aa4b0a962b600cfd05e3be32ccc4eb1528ecdecd457435562d41fa39c1dfa468369e719ca6c65cf22b6b56d03663d3795b53291bd4320a50d747391c049", 0x47}, {&(0x7f0000002140)="c5927499f1ab213735faebbdf3defa27887ec8e2943c901ba73c3a7c6f9d123c3bf64bbc5c9502592fd75f11c7827addb262d58210c3d083dff4c6c1aae1da13d3c8cbe3518381f2cfd12bb46e09a793b7499633b397921e586fcd1872cb29", 0x5f}, {&(0x7f00000021c0)="f4321cc40c352cc996cec4a947e3d33749113419034824b6abd0106c7f254d33bd0d9547a6f922e35d814f299dd93971dc9cad61ab9fc760e287412abe64a8ac62f08df4615e8c0a950b5ee52d4fd81fa9eb5e8faedbbdd0b83e9fb66671bfe88eb5133c18ced3719f8a2d37d159f48ed3720779559a0b769435cc616b0d5443000b99328a6db68dd8dc823e37403ef54f4a29727ef2728a4237dcda0d0b2e31f7f0e2c140aa788587629179f1f49981072bcdf0b2071db4083953f1157cc27a7577512bd487bab32cb470f6ca6929", 0xcf}, {&(0x7f00000022c0)="1b7a22aeef3df618326cdba0508ecd0b0b322a3d38987779152e29ce311ac82bcefc5b34ac69b2e16d2b6ca65c51", 0x2e}, {&(0x7f0000002300)="9663e2989de0948185ddb03173a2ebac9a91d02e9961628c3a1d749cece3", 0x1e}, {&(0x7f0000002340)="f6af64b87bdbbb35ce51cc654ee89a177b92f61935602ac3b3bdf35c60665960faaf0b1ccf5865357971dc94a5b5a1f212264659d77577ee67464b3e27ce2b2edd6d7591c5ffe55d29508e14f61e67e5b383bb6779ec55b2865b1996c286e948464b2bd3cef6c3b12a7670c784880dd55a9e2c146b72bf7c5b9328fd52378a35484a876e10f5636b00ede0689f2d38cdc154e592", 0x94}], 0x6}}], 0x4, 0x44001)

[ 2440.784670]  ? __raw_spin_lock_init+0x36/0x110
[ 2440.785786]  v9fs_session_init+0x1dd/0x1680
[ 2440.786729]  ? lock_release+0x680/0x680
[ 2440.787660]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2440.788689]  ? v9fs_show_options+0x690/0x690
[ 2440.789635]  ? trace_hardirqs_on+0x5b/0x180
[ 2440.790575]  ? kasan_unpoison_shadow+0x33/0x50
[ 2440.791547]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2440.792634]  v9fs_mount+0x79/0x8f0
[ 2440.793395]  ? v9fs_write_inode+0x60/0x60
[ 2440.794301]  legacy_get_tree+0x105/0x220
[ 2440.795161]  vfs_get_tree+0x8e/0x300
[ 2440.795949]  path_mount+0x1429/0x2120
[ 2440.796738]  ? strncpy_from_user+0x9e/0x470
[ 2440.797693]  ? finish_automount+0xa90/0xa90
[ 2440.798609]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2440.799569]  ? _copy_from_user+0xfb/0x1b0
[ 2440.800429]  __x64_sys_mount+0x282/0x300
[ 2440.801259]  ? copy_mnt_ns+0xa00/0xa00
[ 2440.802089]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.803166]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.804231]  do_syscall_64+0x33/0x40
[ 2440.805001]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.806077] RIP: 0033:0x7fbbb0762b19
[ 2440.806852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.810727] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2440.812407] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2440.812418] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2440.812427] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2440.812481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2440.812499] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:04:48 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 32)

05:04:48 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 28)

[ 2440.855589] FAULT_INJECTION: forcing a failure.
[ 2440.855589] name failslab, interval 1, probability 0, space 0, times 0
[ 2440.856938] CPU: 0 PID: 11718 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2440.857712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.858656] Call Trace:
[ 2440.858960]  dump_stack+0x107/0x167
[ 2440.859375]  should_fail.cold+0x5/0xa
[ 2440.859809]  ? copy_mount_options+0x55/0x180
[ 2440.860315]  should_failslab+0x5/0x20
[ 2440.860757]  kmem_cache_alloc_trace+0x55/0x320
[ 2440.861325]  ? _copy_from_user+0xfb/0x1b0
[ 2440.861872]  copy_mount_options+0x55/0x180
[ 2440.862434]  __x64_sys_mount+0x1a8/0x300
[ 2440.862960]  ? copy_mnt_ns+0xa00/0xa00
[ 2440.863484]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.864199]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.864901]  do_syscall_64+0x33/0x40
[ 2440.865407]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.866116] RIP: 0033:0x7f8a7710204a
[ 2440.866602] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.869095] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2440.870136] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2440.871104] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2440.872079] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2440.873080] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2440.874074] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2440.933990] FAULT_INJECTION: forcing a failure.
[ 2440.933990] name failslab, interval 1, probability 0, space 0, times 0
[ 2440.935628] CPU: 0 PID: 11720 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2440.936604] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2440.937710] Call Trace:
[ 2440.938089]  dump_stack+0x107/0x167
[ 2440.938702]  should_fail.cold+0x5/0xa
[ 2440.939231]  ? create_object.isra.0+0x3a/0xa20
[ 2440.939847]  should_failslab+0x5/0x20
[ 2440.940399]  kmem_cache_alloc+0x5b/0x310
[ 2440.940984]  create_object.isra.0+0x3a/0xa20
[ 2440.941617]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2440.942367]  kmem_cache_alloc+0x159/0x310
[ 2440.942961]  jbd2_journal_add_journal_head+0x1a3/0x540
[ 2440.943716]  jbd2_journal_get_create_access+0x40/0x560
[ 2440.944478]  __ext4_journal_get_create_access+0x43/0x90
[ 2440.945262]  ext4_getblk+0x318/0x680
[ 2440.945890]  ? ext4_iomap_overwrite_begin+0xb0/0xb0
[ 2440.946566]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2440.947160]  ? __brelse+0x84/0xa0
[ 2440.947598]  ? __ext4_new_inode+0x148/0x5370
[ 2440.948095]  ext4_bread+0x29/0x1f0
[ 2440.948488]  ext4_append+0x228/0x4e0
[ 2440.948916]  ? ext4_move_extents+0x3050/0x3050
[ 2440.949427]  ? ext4_mark_inode_used+0x14b0/0x14b0
[ 2440.949969]  ext4_init_new_dir+0x25e/0x4d0
[ 2440.950455]  ? ext4_init_dot_dotdot+0x610/0x610
[ 2440.951029]  ext4_mkdir+0x3c1/0xb10
[ 2440.951535]  ? ext4_rmdir+0xf70/0xf70
[ 2440.952066]  vfs_mkdir+0x493/0x750
[ 2440.952569]  do_mkdirat+0x150/0x2b0
[ 2440.953091]  ? user_path_create+0xf0/0xf0
[ 2440.953677]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2440.954365]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2440.954952]  do_syscall_64+0x33/0x40
[ 2440.955375]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2440.955978] RIP: 0033:0x7fcabb3d4c27
[ 2440.956507] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2440.959105] RSP: 002b:00007fcab894afa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 2440.960188] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d4c27
[ 2440.961196] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[ 2440.962214] RBP: 00007fcab894b040 R08: 0000000000000000 R09: 0000000000000000
[ 2440.963228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080
[ 2440.964235] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2441.039365] tmpfs: Bad value for 'size'
05:05:04 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000b)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:05:04 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=<r1=>r0, @ANYBLOB="752af846000000002e2f66696c653000"])
ioctl$TCXONC(r1, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000180))
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000000))
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="df0832c107f62ec4eb72ed721311af265fce9b23a73026dcf623a26e242a58ffa1328658415fcf56d3e810aba0168b7207151455d1339072a7992f7af6f232662bd837713f72dbbf4c1b22526618f21ffcba6989947299eaf7c1ab378892cfbb7827ea2635a2a31bbcb71a663cac6cab623f1b6e84ecfe4f36145fdf2ae53d375d111dd711f3535b7b2761bf4cfcb4c62eafda97aa515c01c0888ddecc8e2d75e0d9bc6e"])
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000140)={0x9, 0x101, 0x8, 0x200, 0x2f, "e5a41739059e6fdd0f388eefe3ff3e7320ae52"})
r6 = ioctl$TIOCGPTPEER(r4, 0x5441, 0x9c)
ioctl$VT_OPENQRY(r6, 0x5600, &(0x7f00000001c0))
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x90400, 0x0)
r8 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x442, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0xa}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f00000000c0)={0x0, <r9=>0x0})
syz_open_procfs(r9, &(0x7f0000000000)='mounts\x00')
syz_open_procfs(r9, &(0x7f0000000380)='net/ipv6_route\x00')
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x541c, &(0x7f0000000240))
ioctl$TIOCSPTLCK(r7, 0x40045431, &(0x7f0000000080)=0x1)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000100)={0x800, 0x83, 0x9d3})

05:05:04 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 33)

05:05:04 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000b)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:04 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b49, 0x3)

05:05:04 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 21)

05:05:04 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 29)

05:05:04 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000b)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2456.816616] FAULT_INJECTION: forcing a failure.
[ 2456.816616] name failslab, interval 1, probability 0, space 0, times 0
[ 2456.819174] CPU: 0 PID: 11732 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2456.820715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2456.822396] Call Trace:
[ 2456.822935]  dump_stack+0x107/0x167
[ 2456.823668]  should_fail.cold+0x5/0xa
[ 2456.824443]  ? create_object.isra.0+0x3a/0xa20
[ 2456.825413]  should_failslab+0x5/0x20
[ 2456.826191]  kmem_cache_alloc+0x5b/0x310
[ 2456.827030]  create_object.isra.0+0x3a/0xa20
[ 2456.827908]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2456.828937]  kmem_cache_alloc_trace+0x151/0x320
[ 2456.829875]  copy_mount_options+0x55/0x180
[ 2456.830746]  __x64_sys_mount+0x1a8/0x300
[ 2456.831564]  ? copy_mnt_ns+0xa00/0xa00
[ 2456.832360]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2456.833428]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2456.834487]  do_syscall_64+0x33/0x40
[ 2456.835239]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2456.836272] RIP: 0033:0x7f8a7710204a
[ 2456.837017] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2456.840843] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2456.842400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2456.843836] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2456.845281] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2456.846730] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2456.848163] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2456.859468] tmpfs: Bad value for 'size'
[ 2456.866554] FAULT_INJECTION: forcing a failure.
[ 2456.866554] name failslab, interval 1, probability 0, space 0, times 0
[ 2456.869232] CPU: 0 PID: 11741 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2456.870660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2456.870667] Call Trace:
[ 2456.870685]  dump_stack+0x107/0x167
[ 2456.870704]  should_fail.cold+0x5/0xa
[ 2456.870721]  ? create_object.isra.0+0x3a/0xa20
[ 2456.870740]  should_failslab+0x5/0x20
[ 2456.870756]  kmem_cache_alloc+0x5b/0x310
[ 2456.870778]  create_object.isra.0+0x3a/0xa20
[ 2456.870792]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2456.870814]  __kmalloc_track_caller+0x177/0x370
[ 2456.870827]  ? strndup_user+0x74/0xe0
[ 2456.870847]  memdup_user+0x22/0xd0
[ 2456.870862]  strndup_user+0x74/0xe0
[ 2456.870879]  __x64_sys_mount+0x133/0x300
[ 2456.870894]  ? copy_mnt_ns+0xa00/0xa00
[ 2456.870916]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2456.870933]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2456.870952]  do_syscall_64+0x33/0x40
[ 2456.870968]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2456.870979] RIP: 0033:0x7fcabb3d704a
[ 2456.870995] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2456.871004] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2456.894187] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2456.894197] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2456.894264] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2456.894287] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2456.900218] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2456.911089] tmpfs: Bad value for 'size'
[ 2456.918037] FAULT_INJECTION: forcing a failure.
[ 2456.918037] name failslab, interval 1, probability 0, space 0, times 0
[ 2456.920629] CPU: 0 PID: 11740 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2456.922300] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2456.924043] Call Trace:
[ 2456.924597]  dump_stack+0x107/0x167
[ 2456.925362]  should_fail.cold+0x5/0xa
[ 2456.926161]  ? create_object.isra.0+0x3a/0xa20
[ 2456.927133]  should_failslab+0x5/0x20
[ 2456.927920]  kmem_cache_alloc+0x5b/0x310
[ 2456.928764]  ? kernel_text_address+0xf2/0x120
[ 2456.929704]  create_object.isra.0+0x3a/0xa20
[ 2456.930627]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2456.931686]  kmem_cache_alloc_trace+0x151/0x320
[ 2456.932646]  ? find_held_lock+0x2c/0x110
[ 2456.933497]  p9_client_create+0xaf/0x1230
[ 2456.934371]  ? lock_downgrade+0x6d0/0x6d0
[ 2456.935235]  ? p9_client_flush+0x430/0x430
[ 2456.936112]  ? trace_hardirqs_on+0x5b/0x180
[ 2456.937011]  ? lockdep_init_map_type+0x2c7/0x780
[ 2456.937999]  ? __raw_spin_lock_init+0x36/0x110
[ 2456.938968]  v9fs_session_init+0x1dd/0x1680
[ 2456.939877]  ? lock_release+0x680/0x680
[ 2456.940720]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2456.941723]  ? v9fs_show_options+0x690/0x690
[ 2456.942652]  ? trace_hardirqs_on+0x5b/0x180
[ 2456.943547]  ? kasan_unpoison_shadow+0x33/0x50
[ 2456.944505]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2456.945554]  v9fs_mount+0x79/0x8f0
[ 2456.946303]  ? v9fs_write_inode+0x60/0x60
[ 2456.947171]  legacy_get_tree+0x105/0x220
[ 2456.948026]  vfs_get_tree+0x8e/0x300
[ 2456.948796]  path_mount+0x1429/0x2120
[ 2456.949595]  ? strncpy_from_user+0x9e/0x470
[ 2456.950498]  ? finish_automount+0xa90/0xa90
[ 2456.951392]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2456.952363]  ? _copy_from_user+0xfb/0x1b0
[ 2456.953227]  __x64_sys_mount+0x282/0x300
[ 2456.954065]  ? copy_mnt_ns+0xa00/0xa00
[ 2456.954891]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2456.955979]  ? syscall_enter_from_user_mode+0x1d/0x50
05:05:04 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 34)

[ 2456.957153]  do_syscall_64+0x33/0x40
[ 2456.958234]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2456.959343] RIP: 0033:0x7fbbb0762b19
[ 2456.960155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2456.964044] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2456.965627] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2456.967161] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2456.968641] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2456.970139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2456.971637] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:05:04 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4a, 0x3)

[ 2457.037567] FAULT_INJECTION: forcing a failure.
[ 2457.037567] name failslab, interval 1, probability 0, space 0, times 0
[ 2457.039975] CPU: 0 PID: 11754 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2457.041410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2457.043151] Call Trace:
[ 2457.043706]  dump_stack+0x107/0x167
[ 2457.044460]  should_fail.cold+0x5/0xa
[ 2457.045257]  ? getname_flags.part.0+0x50/0x4f0
[ 2457.046216]  should_failslab+0x5/0x20
[ 2457.047002]  kmem_cache_alloc+0x5b/0x310
[ 2457.047841]  getname_flags.part.0+0x50/0x4f0
[ 2457.048758]  user_path_at_empty+0xa1/0x100
[ 2457.049650]  __x64_sys_mount+0x1e9/0x300
[ 2457.050500]  ? copy_mnt_ns+0xa00/0xa00
[ 2457.051310]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:05:04 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 30)

[ 2457.052401]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2457.053628]  do_syscall_64+0x33/0x40
[ 2457.054418]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2457.055479] RIP: 0033:0x7f8a7710204a
[ 2457.056254] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2457.060090] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2457.061664] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2457.063157] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2457.064637] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2457.066114] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2457.067612] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2457.084721] FAULT_INJECTION: forcing a failure.
[ 2457.084721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2457.087310] CPU: 1 PID: 11756 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2457.088737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2457.090451] Call Trace:
[ 2457.091208]  dump_stack+0x107/0x167
[ 2457.092131]  should_fail.cold+0x5/0xa
[ 2457.092932]  _copy_from_user+0x2e/0x1b0
[ 2457.093892]  memdup_user+0x65/0xd0
[ 2457.094636]  strndup_user+0x74/0xe0
[ 2457.095396]  __x64_sys_mount+0x133/0x300
[ 2457.096216]  ? copy_mnt_ns+0xa00/0xa00
[ 2457.097013]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2457.098079]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2457.099427]  do_syscall_64+0x33/0x40
[ 2457.100239]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2457.101286] RIP: 0033:0x7fcabb3d704a
[ 2457.102037] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2457.105803] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2457.107335] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2457.108770] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2457.110201] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2457.111635] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2457.113080] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
05:05:04 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x1)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000000))

05:05:04 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0x3)

05:05:04 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:05:04 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 31)

05:05:04 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4c, 0x3)

[ 2457.344252] FAULT_INJECTION: forcing a failure.
[ 2457.344252] name failslab, interval 1, probability 0, space 0, times 0
[ 2457.346407] CPU: 1 PID: 11766 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2457.347670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2457.349189] Call Trace:
[ 2457.349678]  dump_stack+0x107/0x167
[ 2457.350361]  should_fail.cold+0x5/0xa
[ 2457.351157]  ? copy_mount_options+0x55/0x180
[ 2457.352034]  should_failslab+0x5/0x20
[ 2457.352727]  kmem_cache_alloc_trace+0x55/0x320
[ 2457.353561]  ? _copy_from_user+0xfb/0x1b0
[ 2457.354347]  copy_mount_options+0x55/0x180
[ 2457.355133]  __x64_sys_mount+0x1a8/0x300
[ 2457.355877]  ? copy_mnt_ns+0xa00/0xa00
[ 2457.356595]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2457.357541]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2457.358506]  do_syscall_64+0x33/0x40
[ 2457.359187]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2457.360127] RIP: 0033:0x7fcabb3d704a
[ 2457.360806] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2457.364159] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2457.365541] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2457.366854] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2457.368162] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2457.369449] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2457.370754] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
05:05:21 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000004c0)=ANY=[@ANYBLOB="752eb08dd527af728ee7e169010000000100010018000000dbc5066b5dfacdebee20a7b10425e72e8d0462b2deab9df016643a101718addbb74894e1cbe29cba6d8095b09a877051b1096028bdf4ebef6c99171f02f1d4be27c764979bcea6c32fd68ff6021b7360c0296289b5285fcf93e361a1768987ea1ee8f88648917aad60b90ba6707cdbbd08632e54d5e5c5d317828b52d0762fac3d3a42eae1245ed29a8ee5309007c108c080b52eda205bc25253d457a2efc3b4bb3d0193477872df2ee316931c81b726138250ed1a98361eff943793bcc4d702fd328604d2231acc8209e6c2d99bfe3b17ff8f7d3e17a6", @ANYRES32=<r1=>r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
execve(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)=[&(0x7f0000000140)='\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='//-[]\x00', &(0x7f0000000240)='}\x02\\/\x00', &(0x7f0000000280)='[{]\x00', &(0x7f00000002c0)=',^\\*\x00', &(0x7f0000000300)='/'], &(0x7f0000000480)=[&(0x7f0000000380)=':$.\x00', &(0x7f00000003c0)=',,\x00', &(0x7f0000000400)='\\,\x00', &(0x7f0000000440)='\x00'])
ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000040))
ioctl$TCXONC(r0, 0x4b45, 0x3)
unshare(0x10000)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x1f, 0xfc, "87512d78fa091a1ac57cc48f6baff7425e3fae", 0x5, 0x5})
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x5, 0x3f, 0x4, 0xc6f, 0x7, "00ca35c63b40894706ecf34c5b125a5a5bea1b", 0x2})

05:05:21 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000c)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:21 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000c)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:21 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 22)

05:05:21 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4d, 0x3)

05:05:21 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 32)

[ 2474.470936] FAULT_INJECTION: forcing a failure.
05:05:21 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 35)

05:05:21 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000c)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2474.470936] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.473594] CPU: 0 PID: 11785 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2474.473607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.473613] Call Trace:
[ 2474.473640]  dump_stack+0x107/0x167
[ 2474.473663]  should_fail.cold+0x5/0xa
[ 2474.473686]  ? create_object.isra.0+0x3a/0xa20
[ 2474.473711]  should_failslab+0x5/0x20
[ 2474.473733]  kmem_cache_alloc+0x5b/0x310
[ 2474.473768]  create_object.isra.0+0x3a/0xa20
[ 2474.473786]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.473814]  kmem_cache_alloc_trace+0x151/0x320
[ 2474.473845]  copy_mount_options+0x55/0x180
[ 2474.473964]  __x64_sys_mount+0x1a8/0x300
[ 2474.473985]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.474013]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.474035]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.474059]  do_syscall_64+0x33/0x40
[ 2474.474081]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.474095] RIP: 0033:0x7fcabb3d704a
[ 2474.474116] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.474127] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2474.474150] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2474.474162] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2474.474175] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2474.474187] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2474.474199] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2474.480520] FAULT_INJECTION: forcing a failure.
05:05:21 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 23)

[ 2474.480520] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.480541] CPU: 1 PID: 11787 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2474.480550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.480556] Call Trace:
[ 2474.480578]  dump_stack+0x107/0x167
[ 2474.480597]  should_fail.cold+0x5/0xa
[ 2474.480623]  should_failslab+0x5/0x20
[ 2474.480642]  __kmalloc_track_caller+0x79/0x370
[ 2474.480660]  ? p9_client_create+0x41d/0x1230
[ 2474.480685]  kstrdup+0x36/0x70
[ 2474.480704]  p9_client_create+0x41d/0x1230
[ 2474.480723]  ? lock_downgrade+0x6d0/0x6d0
[ 2474.480746]  ? p9_client_flush+0x430/0x430
[ 2474.480774]  ? trace_hardirqs_on+0x5b/0x180
[ 2474.480794]  ? lockdep_init_map_type+0x2c7/0x780
[ 2474.480814]  ? __raw_spin_lock_init+0x36/0x110
[ 2474.480838]  v9fs_session_init+0x1dd/0x1680
[ 2474.480856]  ? lock_release+0x680/0x680
[ 2474.480881]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2474.480898]  ? v9fs_show_options+0x690/0x690
[ 2474.480923]  ? trace_hardirqs_on+0x5b/0x180
[ 2474.480941]  ? kasan_unpoison_shadow+0x33/0x50
[ 2474.480957]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.480976]  v9fs_mount+0x79/0x8f0
[ 2474.480993]  ? v9fs_write_inode+0x60/0x60
[ 2474.481013]  legacy_get_tree+0x105/0x220
[ 2474.481032]  vfs_get_tree+0x8e/0x300
[ 2474.481049]  path_mount+0x1429/0x2120
[ 2474.481071]  ? strncpy_from_user+0x9e/0x470
[ 2474.481088]  ? finish_automount+0xa90/0xa90
[ 2474.481105]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2474.481122]  ? _copy_from_user+0xfb/0x1b0
[ 2474.481215]  __x64_sys_mount+0x282/0x300
[ 2474.481232]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.481253]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.481272]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.481291]  do_syscall_64+0x33/0x40
[ 2474.481309]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.481321] RIP: 0033:0x7fbbb0762b19
[ 2474.481338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.481347] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2474.481366] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2474.481376] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2474.481386] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2474.481396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2474.481406] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2474.497146] tmpfs: Bad value for 'size'
[ 2474.502060] FAULT_INJECTION: forcing a failure.
[ 2474.502060] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.589633] FAULT_INJECTION: forcing a failure.
[ 2474.589633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2474.589946] CPU: 0 PID: 11792 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2474.597429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.597436] Call Trace:
[ 2474.597463]  dump_stack+0x107/0x167
[ 2474.597484]  should_fail.cold+0x5/0xa
[ 2474.597506]  ? create_object.isra.0+0x3a/0xa20
[ 2474.597528]  should_failslab+0x5/0x20
05:05:22 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 33)

[ 2474.597548]  kmem_cache_alloc+0x5b/0x310
[ 2474.597570]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.597593]  create_object.isra.0+0x3a/0xa20
[ 2474.597609]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.597634]  kmem_cache_alloc+0x159/0x310
05:05:22 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 34)

[ 2474.597659]  getname_flags.part.0+0x50/0x4f0
[ 2474.597747]  user_path_at_empty+0xa1/0x100
[ 2474.597772]  __x64_sys_mount+0x1e9/0x300
[ 2474.597789]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.597813]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.597834]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.597855]  do_syscall_64+0x33/0x40
[ 2474.597875]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.597888] RIP: 0033:0x7f8a7710204a
[ 2474.597908] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.597918] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2474.597939] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2474.597950] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2474.597961] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2474.597972] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2474.597983] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2474.598024] CPU: 1 PID: 11796 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2474.598035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.598097] Call Trace:
[ 2474.598120]  dump_stack+0x107/0x167
05:05:22 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 35)

[ 2474.598138]  should_fail.cold+0x5/0xa
[ 2474.598161]  _copy_from_user+0x2e/0x1b0
[ 2474.598183]  copy_mount_options+0x76/0x180
[ 2474.598200]  __x64_sys_mount+0x1a8/0x300
[ 2474.598215]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.598236]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.598255]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.598272]  do_syscall_64+0x33/0x40
[ 2474.598289]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.598300] RIP: 0033:0x7fcabb3d704a
[ 2474.598316] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
05:05:22 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24)

[ 2474.598325] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
05:05:22 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 36)

[ 2474.598343] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2474.598352] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2474.598371] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2474.598380] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
05:05:22 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 36)

[ 2474.598390] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2474.607655] tmpfs: Bad value for 'size'
[ 2474.633062] FAULT_INJECTION: forcing a failure.
[ 2474.633062] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.633082] CPU: 0 PID: 11798 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2474.633091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.633097] Call Trace:
[ 2474.633116]  dump_stack+0x107/0x167
[ 2474.633135]  should_fail.cold+0x5/0xa
[ 2474.633155]  ? create_object.isra.0+0x3a/0xa20
[ 2474.633175]  should_failslab+0x5/0x20
[ 2474.633193]  kmem_cache_alloc+0x5b/0x310
[ 2474.633211]  ? lock_downgrade+0x6d0/0x6d0
[ 2474.633234]  create_object.isra.0+0x3a/0xa20
[ 2474.633251]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.633276]  __kmalloc_track_caller+0x177/0x370
05:05:22 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 37)

[ 2474.633295]  ? p9_client_create+0x41d/0x1230
[ 2474.633320]  kstrdup+0x36/0x70
[ 2474.633340]  p9_client_create+0x41d/0x1230
[ 2474.633361]  ? lock_downgrade+0x6d0/0x6d0
[ 2474.633385]  ? p9_client_flush+0x430/0x430
[ 2474.633408]  ? trace_hardirqs_on+0x5b/0x180
[ 2474.633430]  ? lockdep_init_map_type+0x2c7/0x780
[ 2474.633453]  ? __raw_spin_lock_init+0x36/0x110
[ 2474.633479]  v9fs_session_init+0x1dd/0x1680
[ 2474.633499]  ? lock_release+0x680/0x680
[ 2474.633527]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2474.633545]  ? v9fs_show_options+0x690/0x690
[ 2474.633573]  ? trace_hardirqs_on+0x5b/0x180
[ 2474.633642]  ? kasan_unpoison_shadow+0x33/0x50
[ 2474.633666]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.633690]  v9fs_mount+0x79/0x8f0
[ 2474.633709]  ? v9fs_write_inode+0x60/0x60
[ 2474.633731]  legacy_get_tree+0x105/0x220
[ 2474.633750]  vfs_get_tree+0x8e/0x300
[ 2474.633767]  path_mount+0x1429/0x2120
[ 2474.633793]  ? strncpy_from_user+0x9e/0x470
[ 2474.633810]  ? finish_automount+0xa90/0xa90
[ 2474.633828]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2474.633847]  ? _copy_from_user+0xfb/0x1b0
[ 2474.633873]  __x64_sys_mount+0x282/0x300
[ 2474.633891]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.633914]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.633934]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.633958]  do_syscall_64+0x33/0x40
[ 2474.633977]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.633991] RIP: 0033:0x7fbbb0762b19
[ 2474.634012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.634022] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2474.634041] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2474.634052] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2474.634062] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2474.634072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2474.634083] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2474.721016] FAULT_INJECTION: forcing a failure.
[ 2474.721016] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.721045] CPU: 0 PID: 11804 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2474.721056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.721062] Call Trace:
[ 2474.721087]  dump_stack+0x107/0x167
[ 2474.721108]  should_fail.cold+0x5/0xa
[ 2474.721130]  ? getname_flags.part.0+0x50/0x4f0
[ 2474.721152]  should_failslab+0x5/0x20
[ 2474.721172]  kmem_cache_alloc+0x5b/0x310
[ 2474.721196]  getname_flags.part.0+0x50/0x4f0
[ 2474.721220]  user_path_at_empty+0xa1/0x100
[ 2474.721241]  __x64_sys_mount+0x1e9/0x300
[ 2474.721259]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.721284]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.721307]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.721331]  do_syscall_64+0x33/0x40
[ 2474.721351]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.721364] RIP: 0033:0x7fcabb3d704a
[ 2474.721385] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.721396] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2474.721419] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2474.721433] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2474.721507] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2474.721521] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2474.721535] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2474.881657] FAULT_INJECTION: forcing a failure.
[ 2474.881657] name failslab, interval 1, probability 0, space 0, times 0
[ 2474.881680] CPU: 0 PID: 11807 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2474.881690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2474.881695] Call Trace:
[ 2474.881720]  dump_stack+0x107/0x167
[ 2474.881741]  should_fail.cold+0x5/0xa
[ 2474.881770]  ? create_object.isra.0+0x3a/0xa20
[ 2474.881793]  should_failslab+0x5/0x20
[ 2474.881812]  kmem_cache_alloc+0x5b/0x310
[ 2474.881835]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.881857]  create_object.isra.0+0x3a/0xa20
[ 2474.881873]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2474.881897]  kmem_cache_alloc+0x159/0x310
[ 2474.881921]  getname_flags.part.0+0x50/0x4f0
[ 2474.881944]  user_path_at_empty+0xa1/0x100
[ 2474.881964]  __x64_sys_mount+0x1e9/0x300
[ 2474.881981]  ? copy_mnt_ns+0xa00/0xa00
[ 2474.882004]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2474.882025]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2474.882046]  do_syscall_64+0x33/0x40
[ 2474.882065]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2474.882078] RIP: 0033:0x7fcabb3d704a
[ 2474.882096] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2474.882106] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2474.882125] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2474.882136] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2474.882147] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2474.882158] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2474.882169] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2474.894851] tmpfs: Bad value for 'size'
[ 2474.923135] tmpfs: Bad value for 'size'
[ 2475.036470] FAULT_INJECTION: forcing a failure.
[ 2475.036470] name failslab, interval 1, probability 0, space 0, times 0
[ 2475.036492] CPU: 0 PID: 11811 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2475.036502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2475.036508] Call Trace:
[ 2475.036530]  dump_stack+0x107/0x167
[ 2475.036550]  should_fail.cold+0x5/0xa
[ 2475.036576]  should_failslab+0x5/0x20
[ 2475.036597]  __kmalloc_track_caller+0x79/0x370
[ 2475.036616]  ? p9_client_create+0x51e/0x1230
[ 2475.036642]  kmemdup_nul+0x2d/0xa0
[ 2475.036662]  p9_client_create+0x51e/0x1230
[ 2475.036690]  ? p9_client_flush+0x430/0x430
[ 2475.036779]  ? trace_hardirqs_on+0x5b/0x180
[ 2475.036803]  ? lockdep_init_map_type+0x2c7/0x780
[ 2475.036825]  ? __raw_spin_lock_init+0x36/0x110
[ 2475.036850]  v9fs_session_init+0x1dd/0x1680
[ 2475.036870]  ? lock_release+0x680/0x680
[ 2475.036897]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2475.036916]  ? v9fs_show_options+0x690/0x690
[ 2475.036942]  ? trace_hardirqs_on+0x5b/0x180
[ 2475.036961]  ? kasan_unpoison_shadow+0x33/0x50
[ 2475.036979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2475.036999]  v9fs_mount+0x79/0x8f0
[ 2475.037017]  ? v9fs_write_inode+0x60/0x60
[ 2475.037039]  legacy_get_tree+0x105/0x220
[ 2475.037059]  vfs_get_tree+0x8e/0x300
[ 2475.037076]  path_mount+0x1429/0x2120
[ 2475.037128]  ? strncpy_from_user+0x9e/0x470
[ 2475.037147]  ? finish_automount+0xa90/0xa90
[ 2475.037166]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2475.037185]  ? _copy_from_user+0xfb/0x1b0
[ 2475.037211]  __x64_sys_mount+0x282/0x300
[ 2475.037227]  ? copy_mnt_ns+0xa00/0xa00
[ 2475.037251]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2475.037271]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2475.037292]  do_syscall_64+0x33/0x40
[ 2475.037311]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2475.037324] RIP: 0033:0x7fbbb0762b19
[ 2475.037342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2475.037353] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2475.037373] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2475.037384] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2475.037395] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2475.037405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2475.037416] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2475.059556] FAULT_INJECTION: forcing a failure.
[ 2475.059556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2475.059573] CPU: 1 PID: 11814 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2475.059580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2475.059584] Call Trace:
[ 2475.059603]  dump_stack+0x107/0x167
[ 2475.059617]  should_fail.cold+0x5/0xa
[ 2475.059636]  strncpy_from_user+0x34/0x470
[ 2475.059655]  getname_flags.part.0+0x95/0x4f0
[ 2475.059670]  user_path_at_empty+0xa1/0x100
[ 2475.059683]  __x64_sys_mount+0x1e9/0x300
[ 2475.059694]  ? copy_mnt_ns+0xa00/0xa00
[ 2475.059711]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2475.059725]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2475.059739]  do_syscall_64+0x33/0x40
[ 2475.059813]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2475.059822] RIP: 0033:0x7fcabb3d704a
[ 2475.059835] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2475.059842] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2475.059855] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2475.059862] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2475.059870] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2475.059877] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2475.059884] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2475.101606] FAULT_INJECTION: forcing a failure.
[ 2475.101606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2475.101620] CPU: 1 PID: 11812 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2475.101626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2475.101630] Call Trace:
[ 2475.101645]  dump_stack+0x107/0x167
[ 2475.101658]  should_fail.cold+0x5/0xa
[ 2475.101675]  strncpy_from_user+0x34/0x470
[ 2475.101691]  getname_flags.part.0+0x95/0x4f0
[ 2475.101714]  user_path_at_empty+0xa1/0x100
[ 2475.101728]  __x64_sys_mount+0x1e9/0x300
[ 2475.101739]  ? copy_mnt_ns+0xa00/0xa00
[ 2475.101756]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2475.101770]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2475.101783]  do_syscall_64+0x33/0x40
[ 2475.101796]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2475.101804] RIP: 0033:0x7f8a7710204a
[ 2475.101816] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2475.101822] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2475.101836] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2475.101843] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2475.101850] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2475.101857] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2475.101864] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2475.168572] FAULT_INJECTION: forcing a failure.
[ 2475.168572] name failslab, interval 1, probability 0, space 0, times 0
[ 2475.295815] CPU: 1 PID: 11817 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2475.295821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2475.295824] Call Trace:
[ 2475.295839]  dump_stack+0x107/0x167
[ 2475.295849]  should_fail.cold+0x5/0xa
[ 2475.295860]  ? alloc_fs_context+0x57/0x840
[ 2475.295873]  should_failslab+0x5/0x20
[ 2475.295893]  kmem_cache_alloc_trace+0x55/0x320
[ 2475.300977]  alloc_fs_context+0x57/0x840
[ 2475.300992]  path_mount+0xaa3/0x2120
[ 2475.301007]  ? strncpy_from_user+0x9e/0x470
[ 2475.301016]  ? finish_automount+0xa90/0xa90
[ 2475.301026]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2475.301091]  __x64_sys_mount+0x282/0x300
[ 2475.301101]  ? copy_mnt_ns+0xa00/0xa00
[ 2475.301116]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2475.301138]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2475.306270]  do_syscall_64+0x33/0x40
[ 2475.306281]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2475.306287] RIP: 0033:0x7fcabb3d704a
[ 2475.306297] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2475.306303] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2475.306323] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2475.312011] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2475.312017] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2475.312023] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2475.312028] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2490.592210] FAULT_INJECTION: forcing a failure.
[ 2490.592210] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.594672] CPU: 1 PID: 11828 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2490.596104] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.597814] Call Trace:
[ 2490.598353]  dump_stack+0x107/0x167
[ 2490.599122]  should_fail.cold+0x5/0xa
[ 2490.599906]  ? create_object.isra.0+0x3a/0xa20
[ 2490.600852]  should_failslab+0x5/0x20
[ 2490.601622]  kmem_cache_alloc+0x5b/0x310
[ 2490.602459]  create_object.isra.0+0x3a/0xa20
05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 37)

05:05:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25)

05:05:38 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000d)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:38 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 38)

05:05:38 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000d)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:05:38 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4e, 0x3)

05:05:38 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x2)

05:05:38 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000d)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2490.603787]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2490.604930]  kmem_cache_alloc_trace+0x151/0x320
[ 2490.606065]  alloc_fs_context+0x57/0x840
[ 2490.607089]  path_mount+0xaa3/0x2120
[ 2490.607850]  ? strncpy_from_user+0x9e/0x470
[ 2490.608730]  ? finish_automount+0xa90/0xa90
[ 2490.609734]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.610784]  __x64_sys_mount+0x282/0x300
[ 2490.611610]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.612623]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.613873]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.613894]  do_syscall_64+0x33/0x40
[ 2490.613912]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.613930] RIP: 0033:0x7fcabb3d704a
[ 2490.616811] FAULT_INJECTION: forcing a failure.
[ 2490.616811] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.617168] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.617182] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2490.622223] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 38)

[ 2490.622233] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2490.622243] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2490.622253] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2490.622263] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2490.622294] CPU: 0 PID: 11833 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2490.622363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.622367] Call Trace:
[ 2490.622385]  dump_stack+0x107/0x167
[ 2490.622396]  should_fail.cold+0x5/0xa
[ 2490.622408]  ? alloc_fs_context+0x57/0x840
[ 2490.622421]  should_failslab+0x5/0x20
[ 2490.622433]  kmem_cache_alloc_trace+0x55/0x320
[ 2490.622445]  alloc_fs_context+0x57/0x840
[ 2490.622459]  path_mount+0xaa3/0x2120
[ 2490.622475]  ? strncpy_from_user+0x9e/0x470
[ 2490.622484]  ? finish_automount+0xa90/0xa90
[ 2490.622495]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.622518]  __x64_sys_mount+0x282/0x300
[ 2490.622527]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.622542]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.622554]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.622565]  do_syscall_64+0x33/0x40
[ 2490.622575]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.622582] RIP: 0033:0x7f8a7710204a
05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 39)

[ 2490.622592] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.622597] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2490.622608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
05:05:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26)

[ 2490.622614] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2490.622620] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2490.622625] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2490.622631] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2490.644520] FAULT_INJECTION: forcing a failure.
[ 2490.644520] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.644532] CPU: 0 PID: 11827 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2490.644536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.644539] Call Trace:
[ 2490.644549]  dump_stack+0x107/0x167
[ 2490.644560]  should_fail.cold+0x5/0xa
[ 2490.644571]  ? create_object.isra.0+0x3a/0xa20
[ 2490.644582]  should_failslab+0x5/0x20
05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 40)

[ 2490.644592]  kmem_cache_alloc+0x5b/0x310
[ 2490.644604]  create_object.isra.0+0x3a/0xa20
[ 2490.644613]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2490.644626]  __kmalloc_track_caller+0x177/0x370
[ 2490.644636]  ? p9_client_create+0x51e/0x1230
[ 2490.644652]  kmemdup_nul+0x2d/0xa0
[ 2490.644662]  p9_client_create+0x51e/0x1230
[ 2490.644677]  ? p9_client_flush+0x430/0x430
[ 2490.644688]  ? trace_hardirqs_on+0x5b/0x180
[ 2490.644699]  ? lockdep_init_map_type+0x2c7/0x780
05:05:38 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 39)

[ 2490.644711]  ? __raw_spin_lock_init+0x36/0x110
[ 2490.644763]  v9fs_session_init+0x1dd/0x1680
[ 2490.644774]  ? lock_release+0x680/0x680
[ 2490.644807]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2490.644818]  ? v9fs_show_options+0x690/0x690
[ 2490.644831]  ? trace_hardirqs_on+0x5b/0x180
[ 2490.644841]  ? kasan_unpoison_shadow+0x33/0x50
[ 2490.644850]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2490.644861]  v9fs_mount+0x79/0x8f0
05:05:38 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27)

[ 2490.644870]  ? v9fs_write_inode+0x60/0x60
[ 2490.644882]  legacy_get_tree+0x105/0x220
[ 2490.644894]  vfs_get_tree+0x8e/0x300
[ 2490.644903]  path_mount+0x1429/0x2120
[ 2490.644915]  ? strncpy_from_user+0x9e/0x470
[ 2490.644925]  ? finish_automount+0xa90/0xa90
05:05:38 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 40)

05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 41)

[ 2490.644935]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.644946]  ? _copy_from_user+0xfb/0x1b0
[ 2490.644959]  __x64_sys_mount+0x282/0x300
[ 2490.644968]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.644980]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.644990]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.645001]  do_syscall_64+0x33/0x40
[ 2490.645011]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.645017] RIP: 0033:0x7fbbb0762b19
[ 2490.645027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.645032] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2490.645042] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2490.645047] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
05:05:38 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 42)

[ 2490.645053] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2490.645059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2490.645065] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2490.688219] FAULT_INJECTION: forcing a failure.
[ 2490.688219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2490.688240] CPU: 1 PID: 11842 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2490.688250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.688255] Call Trace:
[ 2490.688277]  dump_stack+0x107/0x167
[ 2490.688296]  should_fail.cold+0x5/0xa
[ 2490.688322]  strncpy_from_user+0x34/0x470
[ 2490.688346]  getname_flags.part.0+0x95/0x4f0
[ 2490.688368]  user_path_at_empty+0xa1/0x100
[ 2490.688389]  __x64_sys_mount+0x1e9/0x300
[ 2490.688405]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.688428]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.688447]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.688467]  do_syscall_64+0x33/0x40
[ 2490.688489]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.688505] RIP: 0033:0x7f8a7710204a
[ 2490.688531] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.688544] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2490.688657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2490.688672] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2490.688685] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2490.688698] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2490.688714] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2490.816200] FAULT_INJECTION: forcing a failure.
[ 2490.816200] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.816224] CPU: 1 PID: 11850 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2490.816240] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.816246] Call Trace:
[ 2490.816279]  dump_stack+0x107/0x167
[ 2490.816301]  should_fail.cold+0x5/0xa
[ 2490.816325]  ? shmem_init_fs_context+0x41/0x280
[ 2490.816347]  should_failslab+0x5/0x20
[ 2490.816368]  kmem_cache_alloc_trace+0x55/0x320
[ 2490.816389]  ? lockdep_init_map_type+0x2c7/0x780
[ 2490.816408]  ? shmem_create+0x30/0x30
[ 2490.816430]  shmem_init_fs_context+0x41/0x280
[ 2490.816448]  ? shmem_create+0x30/0x30
[ 2490.816469]  alloc_fs_context+0x4fd/0x840
[ 2490.816495]  path_mount+0xaa3/0x2120
[ 2490.816525]  ? strncpy_from_user+0x9e/0x470
[ 2490.816550]  ? finish_automount+0xa90/0xa90
[ 2490.816575]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.816613]  __x64_sys_mount+0x282/0x300
[ 2490.816635]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.816663]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.816683]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.816705]  do_syscall_64+0x33/0x40
[ 2490.816724]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.816737] RIP: 0033:0x7f8a7710204a
[ 2490.816755] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.816765] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2490.816790] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2490.816801] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2490.816813] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2490.816824] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2490.816835] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2490.881855] tmpfs: Bad value for 'size'
[ 2490.953629] FAULT_INJECTION: forcing a failure.
[ 2490.953629] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.953654] CPU: 1 PID: 11853 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2490.953667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.953673] Call Trace:
[ 2490.953701]  dump_stack+0x107/0x167
[ 2490.953725]  should_fail.cold+0x5/0xa
[ 2490.953756]  should_failslab+0x5/0x20
[ 2490.953784]  __kmalloc_track_caller+0x79/0x370
[ 2490.953803]  ? parse_opts.part.0+0x8e/0x340
[ 2490.953906]  kstrdup+0x36/0x70
[ 2490.953928]  parse_opts.part.0+0x8e/0x340
[ 2490.953950]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2490.953976]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.953993]  ? quarantine_put+0x8b/0x1a0
[ 2490.954008]  ? trace_hardirqs_on+0x5b/0x180
[ 2490.954028]  ? kfree+0xd7/0x340
[ 2490.954054]  p9_fd_create+0x98/0x4a0
[ 2490.954073]  ? p9_conn_create+0x510/0x510
[ 2490.954089]  ? p9_client_create+0x798/0x1230
[ 2490.954106]  ? kfree+0xd7/0x340
[ 2490.954121]  ? do_raw_spin_unlock+0x4f/0x220
[ 2490.954146]  p9_client_create+0x7ff/0x1230
[ 2490.954172]  ? p9_client_flush+0x430/0x430
[ 2490.954191]  ? trace_hardirqs_on+0x5b/0x180
[ 2490.954210]  ? lockdep_init_map_type+0x2c7/0x780
[ 2490.954230]  ? __raw_spin_lock_init+0x36/0x110
[ 2490.954255]  v9fs_session_init+0x1dd/0x1680
[ 2490.954273]  ? lock_release+0x680/0x680
[ 2490.954299]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2490.954317]  ? v9fs_show_options+0x690/0x690
[ 2490.954342]  ? trace_hardirqs_on+0x5b/0x180
[ 2490.954360]  ? kasan_unpoison_shadow+0x33/0x50
[ 2490.954376]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2490.954396]  v9fs_mount+0x79/0x8f0
[ 2490.954413]  ? v9fs_write_inode+0x60/0x60
[ 2490.954433]  legacy_get_tree+0x105/0x220
[ 2490.954453]  vfs_get_tree+0x8e/0x300
[ 2490.954470]  path_mount+0x1429/0x2120
[ 2490.954496]  ? strncpy_from_user+0x9e/0x470
[ 2490.954530]  ? finish_automount+0xa90/0xa90
[ 2490.954552]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.954574]  ? _copy_from_user+0xfb/0x1b0
[ 2490.954603]  __x64_sys_mount+0x282/0x300
[ 2490.954622]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.954648]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.954671]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.954695]  do_syscall_64+0x33/0x40
[ 2490.954716]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.954731] RIP: 0033:0x7fbbb0762b19
[ 2490.954752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.954764] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2490.954787] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2490.954800] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2490.954815] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2490.954826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2490.954871] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2490.955033] 9pnet: Insufficient options for proto=fd
[ 2490.997611] FAULT_INJECTION: forcing a failure.
[ 2490.997611] name failslab, interval 1, probability 0, space 0, times 0
[ 2490.997631] CPU: 1 PID: 11855 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2490.997643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2490.997649] Call Trace:
[ 2490.997669]  dump_stack+0x107/0x167
[ 2490.997690]  should_fail.cold+0x5/0xa
[ 2490.997719]  ? create_object.isra.0+0x3a/0xa20
[ 2490.997741]  should_failslab+0x5/0x20
[ 2490.997759]  kmem_cache_alloc+0x5b/0x310
[ 2490.997784]  create_object.isra.0+0x3a/0xa20
[ 2490.997801]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2490.997826]  kmem_cache_alloc_trace+0x151/0x320
[ 2490.997845]  ? lockdep_init_map_type+0x2c7/0x780
[ 2490.997865]  ? shmem_create+0x30/0x30
[ 2490.997888]  shmem_init_fs_context+0x41/0x280
[ 2490.997905]  ? shmem_create+0x30/0x30
[ 2490.997922]  alloc_fs_context+0x4fd/0x840
[ 2490.997947]  path_mount+0xaa3/0x2120
[ 2490.997971]  ? strncpy_from_user+0x9e/0x470
[ 2490.997990]  ? finish_automount+0xa90/0xa90
[ 2490.998008]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2490.998037]  __x64_sys_mount+0x282/0x300
[ 2490.998054]  ? copy_mnt_ns+0xa00/0xa00
[ 2490.998078]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2490.998098]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2490.998119]  do_syscall_64+0x33/0x40
[ 2490.998138]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2490.998150] RIP: 0033:0x7f8a7710204a
[ 2490.998210] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2490.998222] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2490.998242] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2490.998253] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2490.998265] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2490.998275] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2490.998287] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2491.015557] tmpfs: Bad value for 'size'
[ 2491.083380] FAULT_INJECTION: forcing a failure.
[ 2491.083380] name failslab, interval 1, probability 0, space 0, times 0
[ 2491.083408] CPU: 0 PID: 11857 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2491.083419] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2491.083426] Call Trace:
[ 2491.083453]  dump_stack+0x107/0x167
[ 2491.083476]  should_fail.cold+0x5/0xa
[ 2491.083503]  ? shmem_init_fs_context+0x41/0x280
[ 2491.083527]  should_failslab+0x5/0x20
[ 2491.083549]  kmem_cache_alloc_trace+0x55/0x320
[ 2491.083652]  ? lockdep_init_map_type+0x2c7/0x780
[ 2491.083675]  ? shmem_create+0x30/0x30
[ 2491.083701]  shmem_init_fs_context+0x41/0x280
[ 2491.083721]  ? shmem_create+0x30/0x30
[ 2491.083739]  alloc_fs_context+0x4fd/0x840
[ 2491.083775]  path_mount+0xaa3/0x2120
[ 2491.083803]  ? strncpy_from_user+0x9e/0x470
[ 2491.083823]  ? finish_automount+0xa90/0xa90
[ 2491.083845]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2491.083877]  __x64_sys_mount+0x282/0x300
[ 2491.083896]  ? copy_mnt_ns+0xa00/0xa00
[ 2491.083923]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.083946]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2491.083970]  do_syscall_64+0x33/0x40
[ 2491.083991]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2491.084007] RIP: 0033:0x7fcabb3d704a
[ 2491.084028] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2491.084051] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2491.084075] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2491.084087] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2491.084100] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2491.084112] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2491.084125] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2491.162775] FAULT_INJECTION: forcing a failure.
[ 2491.162775] name failslab, interval 1, probability 0, space 0, times 0
[ 2491.162973] CPU: 0 PID: 11859 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2491.162983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2491.162989] Call Trace:
[ 2491.163013]  dump_stack+0x107/0x167
[ 2491.163032]  should_fail.cold+0x5/0xa
[ 2491.163053]  ? create_object.isra.0+0x3a/0xa20
[ 2491.163074]  should_failslab+0x5/0x20
[ 2491.163092]  kmem_cache_alloc+0x5b/0x310
[ 2491.163110]  ? legacy_get_tree+0x105/0x220
[ 2491.163124]  ? vfs_get_tree+0x8e/0x300
[ 2491.163145]  create_object.isra.0+0x3a/0xa20
[ 2491.163161]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2491.163184]  __kmalloc_track_caller+0x177/0x370
[ 2491.163202]  ? parse_opts.part.0+0x8e/0x340
[ 2491.163227]  kstrdup+0x36/0x70
[ 2491.163247]  parse_opts.part.0+0x8e/0x340
[ 2491.163269]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2491.163293]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.163309]  ? quarantine_put+0x8b/0x1a0
[ 2491.163324]  ? trace_hardirqs_on+0x5b/0x180
[ 2491.163343]  ? kfree+0xd7/0x340
[ 2491.163368]  p9_fd_create+0x98/0x4a0
[ 2491.163452]  ? p9_conn_create+0x510/0x510
[ 2491.163469]  ? p9_client_create+0x798/0x1230
[ 2491.163487]  ? kfree+0xd7/0x340
[ 2491.163501]  ? do_raw_spin_unlock+0x4f/0x220
[ 2491.163526]  p9_client_create+0x7ff/0x1230
[ 2491.163553]  ? p9_client_flush+0x430/0x430
[ 2491.163571]  ? trace_hardirqs_on+0x5b/0x180
[ 2491.163595]  ? lockdep_init_map_type+0x2c7/0x780
[ 2491.163615]  ? __raw_spin_lock_init+0x36/0x110
[ 2491.163638]  v9fs_session_init+0x1dd/0x1680
[ 2491.163657]  ? lock_release+0x680/0x680
[ 2491.163682]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2491.163700]  ? v9fs_show_options+0x690/0x690
[ 2491.163725]  ? trace_hardirqs_on+0x5b/0x180
[ 2491.163744]  ? kasan_unpoison_shadow+0x33/0x50
[ 2491.163766]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2491.163786]  v9fs_mount+0x79/0x8f0
[ 2491.163803]  ? v9fs_write_inode+0x60/0x60
[ 2491.163822]  legacy_get_tree+0x105/0x220
[ 2491.163840]  vfs_get_tree+0x8e/0x300
[ 2491.163857]  path_mount+0x1429/0x2120
[ 2491.163880]  ? strncpy_from_user+0x9e/0x470
[ 2491.163897]  ? finish_automount+0xa90/0xa90
[ 2491.163915]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2491.163933]  ? _copy_from_user+0xfb/0x1b0
[ 2491.163957]  __x64_sys_mount+0x282/0x300
[ 2491.163973]  ? copy_mnt_ns+0xa00/0xa00
[ 2491.163995]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.164014]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2491.164034]  do_syscall_64+0x33/0x40
[ 2491.164051]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2491.164063] RIP: 0033:0x7fbbb0762b19
[ 2491.164081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2491.164090] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2491.164110] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2491.164120] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2491.164131] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2491.164141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2491.164151] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2491.209660] FAULT_INJECTION: forcing a failure.
[ 2491.209660] name failslab, interval 1, probability 0, space 0, times 0
[ 2491.209682] CPU: 0 PID: 11861 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2491.209692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2491.209697] Call Trace:
[ 2491.209727]  dump_stack+0x107/0x167
[ 2491.209747]  should_fail.cold+0x5/0xa
[ 2491.209779]  should_failslab+0x5/0x20
[ 2491.209798]  __kmalloc_track_caller+0x79/0x370
[ 2491.209887]  ? vfs_parse_fs_string+0xc0/0x150
[ 2491.209913]  kmemdup_nul+0x2d/0xa0
[ 2491.209934]  vfs_parse_fs_string+0xc0/0x150
[ 2491.209954]  ? vfs_parse_fs_param+0x560/0x560
[ 2491.209989]  shmem_parse_options+0x160/0x250
[ 2491.210009]  path_mount+0x13e1/0x2120
[ 2491.210033]  ? strncpy_from_user+0x9e/0x470
[ 2491.210050]  ? finish_automount+0xa90/0xa90
[ 2491.210068]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2491.210095]  __x64_sys_mount+0x282/0x300
[ 2491.210111]  ? copy_mnt_ns+0xa00/0xa00
[ 2491.210135]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.210154]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2491.210174]  do_syscall_64+0x33/0x40
[ 2491.210192]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2491.210204] RIP: 0033:0x7f8a7710204a
[ 2491.210222] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2491.210232] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2491.210251] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2491.210262] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2491.210272] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2491.210283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2491.210293] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2491.248635] FAULT_INJECTION: forcing a failure.
[ 2491.248635] name failslab, interval 1, probability 0, space 0, times 0
[ 2491.248661] CPU: 1 PID: 11863 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2491.248673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2491.248679] Call Trace:
[ 2491.248707]  dump_stack+0x107/0x167
[ 2491.248730]  should_fail.cold+0x5/0xa
[ 2491.248755]  ? create_object.isra.0+0x3a/0xa20
[ 2491.248788]  should_failslab+0x5/0x20
[ 2491.248809]  kmem_cache_alloc+0x5b/0x310
[ 2491.248827]  ? create_object.isra.0+0x3ad/0xa20
[ 2491.248853]  create_object.isra.0+0x3a/0xa20
[ 2491.248871]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2491.248898]  __kmalloc_node+0x1ae/0x420
[ 2491.248926]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2491.248950]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 2491.248971]  ? trace_hardirqs_on+0x5b/0x180
[ 2491.248997]  kmem_cache_alloc_trace+0x169/0x320
[ 2491.249022]  alloc_fs_context+0x57/0x840
[ 2491.249049]  path_mount+0xaa3/0x2120
[ 2491.249076]  ? strncpy_from_user+0x9e/0x470
[ 2491.249096]  ? finish_automount+0xa90/0xa90
[ 2491.249117]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2491.249148]  __x64_sys_mount+0x282/0x300
[ 2491.249241]  ? copy_mnt_ns+0xa00/0xa00
[ 2491.249271]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.249293]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2491.249316]  do_syscall_64+0x33/0x40
[ 2491.249338]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2491.249351] RIP: 0033:0x7fcabb3d704a
[ 2491.249371] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2491.249383] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2491.249405] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2491.249418] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2491.249430] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2491.249443] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2491.249454] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2491.255279] tmpfs: Bad value for 'size'
[ 2491.361576] FAULT_INJECTION: forcing a failure.
[ 2491.361576] name failslab, interval 1, probability 0, space 0, times 0
[ 2491.361692] CPU: 1 PID: 11865 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2491.361705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2491.361711] Call Trace:
[ 2491.361740]  dump_stack+0x107/0x167
[ 2491.361761]  should_fail.cold+0x5/0xa
[ 2491.361783]  ? create_object.isra.0+0x3a/0xa20
[ 2491.361806]  should_failslab+0x5/0x20
[ 2491.361835]  kmem_cache_alloc+0x5b/0x310
[ 2491.361860]  create_object.isra.0+0x3a/0xa20
[ 2491.361877]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2491.361902]  __kmalloc_track_caller+0x177/0x370
[ 2491.361924]  ? vfs_parse_fs_string+0xc0/0x150
[ 2491.361951]  kmemdup_nul+0x2d/0xa0
[ 2491.361973]  vfs_parse_fs_string+0xc0/0x150
[ 2491.361995]  ? vfs_parse_fs_param+0x560/0x560
[ 2491.362035]  shmem_parse_options+0x160/0x250
[ 2491.362057]  path_mount+0x13e1/0x2120
[ 2491.362085]  ? strncpy_from_user+0x9e/0x470
[ 2491.362106]  ? finish_automount+0xa90/0xa90
[ 2491.362126]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2491.362155]  __x64_sys_mount+0x282/0x300
[ 2491.362172]  ? copy_mnt_ns+0xa00/0xa00
[ 2491.362199]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2491.362220]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2491.362244]  do_syscall_64+0x33/0x40
[ 2491.362265]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2491.362278] RIP: 0033:0x7f8a7710204a
[ 2491.362298] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2491.362309] RSP: 002b:00007f8a74675fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2491.362330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a7710204a
[ 2491.362341] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2491.362354] RBP: 00007f8a74676040 R08: 00007f8a74676040 R09: 0000000020000080
[ 2491.362402] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2491.362416] R13: 0000000020000100 R14: 00007f8a74676000 R15: 0000000020000240
[ 2491.362569] tmpfs: Bad value for 'size'
05:05:53 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

05:05:53 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b52, 0x3)

05:05:53 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000e)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:53 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000400)={0x3, 0x1, 0x10, 0xa, 0x1ba})
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="74729087616e733d66642c7271646e6f3d9c49cb15fd148901273e2cde7ca9569701473de6df85fa0e51f341905e613b54dcc325b933ce7a1d556340d1fc9cb53b01ac6bd1bfabcae3", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',\x00'])
ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f0000000580)={0x0, 0x8})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="04008644f264ad21dcce058b0000000000002e2f66696c659314"])

05:05:53 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 43)

05:05:53 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 41)

05:05:53 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000e)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:05:53 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000e)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2505.994621] tmpfs: Bad value for 'size'
[ 2505.997229] FAULT_INJECTION: forcing a failure.
[ 2505.997229] name failslab, interval 1, probability 0, space 0, times 0
[ 2505.998447] CPU: 0 PID: 11887 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2505.999250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2506.000198] Call Trace:
[ 2506.000501]  dump_stack+0x107/0x167
[ 2506.000923]  should_fail.cold+0x5/0xa
[ 2506.001358]  ? shmem_init_fs_context+0x41/0x280
[ 2506.001889]  should_failslab+0x5/0x20
[ 2506.002327]  kmem_cache_alloc_trace+0x55/0x320
[ 2506.002856]  ? lockdep_init_map_type+0x2c7/0x780
[ 2506.003396]  ? shmem_create+0x30/0x30
[ 2506.003878]  shmem_init_fs_context+0x41/0x280
[ 2506.004482]  ? shmem_create+0x30/0x30
[ 2506.004913]  alloc_fs_context+0x4fd/0x840
[ 2506.005386]  path_mount+0xaa3/0x2120
[ 2506.005811]  ? strncpy_from_user+0x9e/0x470
[ 2506.006301]  ? finish_automount+0xa90/0xa90
[ 2506.006800]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2506.007036] FAULT_INJECTION: forcing a failure.
[ 2506.007036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2506.007336]  __x64_sys_mount+0x282/0x300
[ 2506.010207]  ? copy_mnt_ns+0xa00/0xa00
[ 2506.010646]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.011249]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2506.011842]  do_syscall_64+0x33/0x40
[ 2506.012262]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2506.012835] RIP: 0033:0x7fcabb3d704a
[ 2506.013261] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2506.015359] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2506.016237] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2506.017045] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2506.017847] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2506.018663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2506.019472] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2506.020309] CPU: 1 PID: 11886 Comm: syz-executor.4 Not tainted 5.10.234 #1
[ 2506.021793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2506.023535] Call Trace:
[ 2506.024089]  dump_stack+0x107/0x167
[ 2506.024853]  should_fail.cold+0x5/0xa
[ 2506.025664]  _copy_to_user+0x2e/0x180
[ 2506.026477]  simple_read_from_buffer+0xcc/0x160
[ 2506.027475]  proc_fail_nth_read+0x198/0x230
[ 2506.028386]  ? proc_sessionid_read+0x230/0x230
[ 2506.029419]  ? security_file_permission+0xb1/0xe0
[ 2506.030448]  ? proc_sessionid_read+0x230/0x230
[ 2506.031422]  vfs_read+0x228/0x620
[ 2506.032159]  ksys_read+0x12d/0x260
[ 2506.032908]  ? vfs_write+0xb10/0xb10
[ 2506.033699]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.034811]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2506.035905]  do_syscall_64+0x33/0x40
[ 2506.036695]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2506.037773] RIP: 0033:0x7f8a770b369c
[ 2506.038558] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2506.042459] RSP: 002b:00007f8a74676170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2506.042487] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f8a770b369c
[ 2506.044860] RDX: 000000000000000f RSI: 00007f8a746761e0 RDI: 0000000000000003
[ 2506.044876] RBP: 00007f8a746761d0 R08: 0000000000000000 R09: 0000000020000080
[ 2506.047201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2506.047217] R13: 00007ffea53954df R14: 00007f8a74676300 R15: 0000000000022000
05:05:53 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000400)={0x1ce, 0x19})
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2506.061084] FAULT_INJECTION: forcing a failure.
[ 2506.061084] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.063494] CPU: 1 PID: 11882 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2506.064962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2506.066726] Call Trace:
05:05:53 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 42)

[ 2506.067291]  dump_stack+0x107/0x167
[ 2506.068161]  should_fail.cold+0x5/0xa
[ 2506.068969]  should_failslab+0x5/0x20
[ 2506.069772]  __kmalloc_track_caller+0x79/0x370
[ 2506.070750]  ? match_number+0xaf/0x1d0
[ 2506.071581]  kmemdup_nul+0x2d/0xa0
[ 2506.072333]  match_number+0xaf/0x1d0
[ 2506.073119]  ? match_u64+0x190/0x190
[ 2506.073893]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2506.074919]  ? memcpy+0x39/0x60
[ 2506.075783]  parse_opts.part.0+0x1f3/0x340
[ 2506.076690]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2506.077715]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.078958]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.079860]  ? kfree+0xd7/0x340
[ 2506.080561]  p9_fd_create+0x98/0x4a0
[ 2506.081334]  ? p9_conn_create+0x510/0x510
[ 2506.082213]  ? p9_client_create+0x798/0x1230
[ 2506.083257]  ? kfree+0xd7/0x340
[ 2506.083949]  ? do_raw_spin_unlock+0x4f/0x220
05:05:53 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b62, 0x3)

[ 2506.084862]  p9_client_create+0x7ff/0x1230
[ 2506.086036]  ? p9_client_flush+0x430/0x430
[ 2506.086936]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.087946]  ? lockdep_init_map_type+0x2c7/0x780
[ 2506.088951]  ? __raw_spin_lock_init+0x36/0x110
[ 2506.090009]  v9fs_session_init+0x1dd/0x1680
[ 2506.091234]  ? lock_release+0x680/0x680
[ 2506.092184]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2506.093303]  ? v9fs_show_options+0x690/0x690
[ 2506.094455]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.095378]  ? kasan_unpoison_shadow+0x33/0x50
[ 2506.096320]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2506.097531]  v9fs_mount+0x79/0x8f0
[ 2506.098267]  ? v9fs_write_inode+0x60/0x60
[ 2506.099149]  legacy_get_tree+0x105/0x220
[ 2506.100042]  vfs_get_tree+0x8e/0x300
[ 2506.100968]  path_mount+0x1429/0x2120
[ 2506.101909]  ? strncpy_from_user+0x9e/0x470
[ 2506.102942]  ? finish_automount+0xa90/0xa90
[ 2506.103848]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2506.104827]  ? _copy_from_user+0xfb/0x1b0
[ 2506.105806]  __x64_sys_mount+0x282/0x300
[ 2506.106668]  ? copy_mnt_ns+0xa00/0xa00
[ 2506.107504]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.108858]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2506.110068]  do_syscall_64+0x33/0x40
[ 2506.110910]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2506.112068] RIP: 0033:0x7fbbb0762b19
[ 2506.112854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2506.117321] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2506.119226] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2506.120737] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2506.122394] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2506.124192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2506.125840] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2506.163023] FAULT_INJECTION: forcing a failure.
[ 2506.163023] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.165435] CPU: 1 PID: 11896 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2506.166906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2506.168661] Call Trace:
[ 2506.169218]  dump_stack+0x107/0x167
[ 2506.169989]  should_fail.cold+0x5/0xa
[ 2506.170811]  ? create_object.isra.0+0x3a/0xa20
[ 2506.171783]  should_failslab+0x5/0x20
[ 2506.172589]  kmem_cache_alloc+0x5b/0x310
[ 2506.173455]  create_object.isra.0+0x3a/0xa20
[ 2506.174380]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2506.175463]  __kmalloc_track_caller+0x177/0x370
[ 2506.176447]  ? vfs_parse_fs_string+0xc0/0x150
[ 2506.177399]  kmemdup_nul+0x2d/0xa0
[ 2506.178154]  vfs_parse_fs_string+0xc0/0x150
[ 2506.179075]  ? vfs_parse_fs_param+0x560/0x560
[ 2506.180102]  shmem_parse_options+0x160/0x250
[ 2506.181037]  path_mount+0x13e1/0x2120
[ 2506.181878]  ? strncpy_from_user+0x9e/0x470
[ 2506.182807]  ? finish_automount+0xa90/0xa90
[ 2506.183725]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2506.184715]  __x64_sys_mount+0x282/0x300
[ 2506.185572]  ? copy_mnt_ns+0xa00/0xa00
[ 2506.186407]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.187527]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2506.188616]  do_syscall_64+0x33/0x40
[ 2506.189385]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2506.190472] RIP: 0033:0x7fcabb3d704a
[ 2506.191267] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2506.195165] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 2506.196771] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2506.198278] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
[ 2506.199792] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2506.201302] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2506.202829] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2506.205087] tmpfs: Bad value for 'size'
[ 2506.209826] 9pnet: Insufficient options for proto=fd
05:05:53 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:05:53 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b64, 0x3)

05:05:53 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x118100)
ioctl$TCFLSH(r1, 0x540b, 0x0)

05:05:53 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

[ 2506.439304] FAULT_INJECTION: forcing a failure.
[ 2506.439304] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.440634] CPU: 0 PID: 11912 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2506.441435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2506.442483] Call Trace:
[ 2506.442813]  dump_stack+0x107/0x167
[ 2506.443230]  should_fail.cold+0x5/0xa
[ 2506.443663]  ? create_object.isra.0+0x3a/0xa20
[ 2506.444192]  should_failslab+0x5/0x20
[ 2506.444627]  kmem_cache_alloc+0x5b/0x310
[ 2506.445067]  create_object.isra.0+0x3a/0xa20
[ 2506.445572]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2506.446125]  __kmalloc_track_caller+0x177/0x370
[ 2506.446664]  ? match_number+0xaf/0x1d0
[ 2506.447128]  kmemdup_nul+0x2d/0xa0
[ 2506.447527]  match_number+0xaf/0x1d0
[ 2506.447947]  ? match_u64+0x190/0x190
[ 2506.448384]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2506.448926]  ? memcpy+0x39/0x60
[ 2506.449310]  parse_opts.part.0+0x1f3/0x340
[ 2506.449764]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2506.450285]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.450857]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.451357]  ? kfree+0xd7/0x340
[ 2506.451715]  p9_fd_create+0x98/0x4a0
[ 2506.452141]  ? p9_conn_create+0x510/0x510
[ 2506.452606]  ? p9_client_create+0x798/0x1230
[ 2506.453102]  ? kfree+0xd7/0x340
[ 2506.453528]  ? do_raw_spin_unlock+0x4f/0x220
[ 2506.454047]  p9_client_create+0x7ff/0x1230
[ 2506.454536]  ? p9_client_flush+0x430/0x430
[ 2506.455025]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.455510]  ? lockdep_init_map_type+0x2c7/0x780
[ 2506.456048]  ? __raw_spin_lock_init+0x36/0x110
[ 2506.456575]  v9fs_session_init+0x1dd/0x1680
[ 2506.457069]  ? lock_release+0x680/0x680
[ 2506.457522]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2506.458037]  ? v9fs_show_options+0x690/0x690
[ 2506.458543]  ? trace_hardirqs_on+0x5b/0x180
[ 2506.459014]  ? kasan_unpoison_shadow+0x33/0x50
[ 2506.459530]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2506.460074]  v9fs_mount+0x79/0x8f0
[ 2506.460479]  ? v9fs_write_inode+0x60/0x60
[ 2506.460926]  legacy_get_tree+0x105/0x220
[ 2506.461392]  vfs_get_tree+0x8e/0x300
[ 2506.461796]  path_mount+0x1429/0x2120
[ 2506.462241]  ? strncpy_from_user+0x9e/0x470
[ 2506.462729]  ? finish_automount+0xa90/0xa90
[ 2506.463216]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2506.463744]  ? _copy_from_user+0xfb/0x1b0
[ 2506.464212]  __x64_sys_mount+0x282/0x300
[ 2506.464679]  ? copy_mnt_ns+0xa00/0xa00
[ 2506.465131]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2506.465726]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2506.465916] tmpfs: Bad value for 'size'
[ 2506.466322]  do_syscall_64+0x33/0x40
[ 2506.467553]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2506.468143] RIP: 0033:0x7fbbb0762b19
[ 2506.468564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2506.470681] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2506.471554] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2506.472371] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2506.473187] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2506.474000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2506.474829] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:06:07 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b65, 0x3)

[ 2519.991952] tmpfs: Bad value for 'size'
05:06:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:07 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x11)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$TIOCL_BLANKSCREEN(r3, 0x541c, &(0x7f0000000040))
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)

05:06:07 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 43)

05:06:07 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000f)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:06:07 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000f)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:07 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000000f)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:07 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

[ 2520.001400] tmpfs: Bad value for 'size'
[ 2520.011764] FAULT_INJECTION: forcing a failure.
[ 2520.011764] name failslab, interval 1, probability 0, space 0, times 0
[ 2520.014242] CPU: 0 PID: 11933 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2520.015774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2520.015783] Call Trace:
[ 2520.015816]  dump_stack+0x107/0x167
[ 2520.015842]  should_fail.cold+0x5/0xa
[ 2520.015870]  should_failslab+0x5/0x20
[ 2520.015891]  __kmalloc_track_caller+0x79/0x370
[ 2520.015978]  ? vfs_parse_fs_string+0xc0/0x150
[ 2520.016007]  kmemdup_nul+0x2d/0xa0
[ 2520.016028]  vfs_parse_fs_string+0xc0/0x150
[ 2520.016050]  ? vfs_parse_fs_param+0x560/0x560
[ 2520.016088]  shmem_parse_options+0x160/0x250
[ 2520.016110]  path_mount+0x13e1/0x2120
[ 2520.016135]  ? strncpy_from_user+0x9e/0x470
[ 2520.016153]  ? finish_automount+0xa90/0xa90
[ 2520.016173]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2520.016201]  __x64_sys_mount+0x282/0x300
[ 2520.016218]  ? copy_mnt_ns+0xa00/0xa00
[ 2520.016243]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:06:07 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b72, 0x3)

05:06:07 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

05:06:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2520.016263]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2520.016285]  do_syscall_64+0x33/0x40
05:06:07 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]}) (fail_nth: 44)

[ 2520.016304]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2520.016316] RIP: 0033:0x7fcabb3d704a
[ 2520.016335] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2520.016345] RSP: 002b:00007fcab894afa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
05:06:07 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2520.016366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabb3d704a
[ 2520.016377] RDX: 0000000020000080 RSI: 0000000020000100 RDI: 0000000000000000
05:06:07 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2520.016389] RBP: 00007fcab894b040 R08: 00007fcab894b040 R09: 0000000020000080
[ 2520.016400] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080
[ 2520.016411] R13: 0000000020000100 R14: 00007fcab894b000 R15: 0000000020000240
[ 2520.028239] FAULT_INJECTION: forcing a failure.
[ 2520.028239] name failslab, interval 1, probability 0, space 0, times 0
05:06:07 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2520.028263] CPU: 1 PID: 11932 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2520.028274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2520.028280] Call Trace:
[ 2520.028307]  dump_stack+0x107/0x167
[ 2520.028334]  should_fail.cold+0x5/0xa
[ 2520.028371]  should_failslab+0x5/0x20
[ 2520.028394]  __kmalloc_track_caller+0x79/0x370
[ 2520.028416]  ? match_number+0xaf/0x1d0
[ 2520.028435]  ? kfree+0xd7/0x340
[ 2520.028464]  kmemdup_nul+0x2d/0xa0
[ 2520.028486]  match_number+0xaf/0x1d0
[ 2520.028509]  ? match_u64+0x190/0x190
[ 2520.028530]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2520.028551]  ? memcpy+0x39/0x60
[ 2520.028579]  parse_opts.part.0+0x1f3/0x340
[ 2520.028606]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2520.028636]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2520.028656]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.028679]  ? kfree+0xd7/0x340
[ 2520.028710]  p9_fd_create+0x98/0x4a0
[ 2520.028732]  ? p9_conn_create+0x510/0x510
[ 2520.028752]  ? p9_client_create+0x798/0x1230
[ 2520.028855]  ? kfree+0xd7/0x340
[ 2520.028873]  ? do_raw_spin_unlock+0x4f/0x220
[ 2520.028904]  p9_client_create+0x7ff/0x1230
[ 2520.028936]  ? p9_client_flush+0x430/0x430
[ 2520.028958]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.028982]  ? lockdep_init_map_type+0x2c7/0x780
[ 2520.029006]  ? __raw_spin_lock_init+0x36/0x110
[ 2520.029033]  v9fs_session_init+0x1dd/0x1680
[ 2520.029056]  ? lock_release+0x680/0x680
[ 2520.029087]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2520.029108]  ? v9fs_show_options+0x690/0x690
[ 2520.029139]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.029161]  ? kasan_unpoison_shadow+0x33/0x50
[ 2520.029181]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2520.029204]  v9fs_mount+0x79/0x8f0
[ 2520.029226]  ? v9fs_write_inode+0x60/0x60
[ 2520.029249]  legacy_get_tree+0x105/0x220
[ 2520.029272]  vfs_get_tree+0x8e/0x300
[ 2520.029292]  path_mount+0x1429/0x2120
[ 2520.029319]  ? strncpy_from_user+0x9e/0x470
[ 2520.029340]  ? finish_automount+0xa90/0xa90
[ 2520.029361]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2520.029382]  ? _copy_from_user+0xfb/0x1b0
[ 2520.029412]  __x64_sys_mount+0x282/0x300
[ 2520.029431]  ? copy_mnt_ns+0xa00/0xa00
[ 2520.029457]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2520.029480]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2520.029504]  do_syscall_64+0x33/0x40
[ 2520.029526]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2520.029540] RIP: 0033:0x7fbbb0762b19
[ 2520.029594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2520.029607] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2520.029630] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2520.029642] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2520.029655] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2520.029666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2520.029679] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2520.029811] 9pnet: Insufficient options for proto=fd
[ 2520.192179] tmpfs: Bad value for 'size'
[ 2520.192371] tmpfs: Bad value for 'size'
[ 2520.192453] FAULT_INJECTION: forcing a failure.
[ 2520.192453] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2520.192473] CPU: 0 PID: 11947 Comm: syz-executor.6 Not tainted 5.10.234 #1
[ 2520.192494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2520.192500] Call Trace:
[ 2520.192523]  dump_stack+0x107/0x167
[ 2520.192543]  should_fail.cold+0x5/0xa
[ 2520.192569]  _copy_to_user+0x2e/0x180
[ 2520.192669]  simple_read_from_buffer+0xcc/0x160
[ 2520.192696]  proc_fail_nth_read+0x198/0x230
[ 2520.192719]  ? proc_sessionid_read+0x230/0x230
[ 2520.192737]  ? security_file_permission+0xb1/0xe0
[ 2520.192771]  ? proc_sessionid_read+0x230/0x230
[ 2520.192790]  vfs_read+0x228/0x620
[ 2520.192815]  ksys_read+0x12d/0x260
[ 2520.192835]  ? vfs_write+0xb10/0xb10
[ 2520.192859]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2520.192879]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2520.192900]  do_syscall_64+0x33/0x40
[ 2520.192919]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2520.192931] RIP: 0033:0x7fcabb38869c
[ 2520.192948] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2520.192957] RSP: 002b:00007fcab894b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2520.192977] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007fcabb38869c
[ 2520.192988] RDX: 000000000000000f RSI: 00007fcab894b1e0 RDI: 0000000000000003
[ 2520.192998] RBP: 00007fcab894b1d0 R08: 0000000000000000 R09: 0000000020000080
[ 2520.193008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2520.193018] R13: 00007ffec0517f1f R14: 00007fcab894b300 R15: 0000000000022000
[ 2520.197136] tmpfs: Bad value for 'size'
[ 2520.228863] FAULT_INJECTION: forcing a failure.
[ 2520.228863] name failslab, interval 1, probability 0, space 0, times 0
[ 2520.228895] CPU: 1 PID: 11951 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2520.228905] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2520.228910] Call Trace:
[ 2520.228934]  dump_stack+0x107/0x167
[ 2520.228953]  should_fail.cold+0x5/0xa
[ 2520.228974]  ? create_object.isra.0+0x3a/0xa20
[ 2520.228995]  should_failslab+0x5/0x20
[ 2520.229014]  kmem_cache_alloc+0x5b/0x310
[ 2520.229037]  create_object.isra.0+0x3a/0xa20
[ 2520.229053]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2520.229076]  __kmalloc_track_caller+0x177/0x370
[ 2520.229095]  ? match_number+0xaf/0x1d0
[ 2520.229120]  kmemdup_nul+0x2d/0xa0
[ 2520.229139]  match_number+0xaf/0x1d0
[ 2520.229158]  ? match_u64+0x190/0x190
[ 2520.229175]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2520.229193]  ? memcpy+0x39/0x60
[ 2520.229217]  parse_opts.part.0+0x1f3/0x340
[ 2520.229239]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2520.229264]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2520.229280]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.229300]  ? kfree+0xd7/0x340
[ 2520.229325]  p9_fd_create+0x98/0x4a0
[ 2520.229344]  ? p9_conn_create+0x510/0x510
[ 2520.229433]  ? p9_client_create+0x798/0x1230
[ 2520.229452]  ? kfree+0xd7/0x340
[ 2520.229466]  ? do_raw_spin_unlock+0x4f/0x220
[ 2520.229491]  p9_client_create+0x7ff/0x1230
[ 2520.229517]  ? p9_client_flush+0x430/0x430
[ 2520.229535]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.229554]  ? lockdep_init_map_type+0x2c7/0x780
[ 2520.229574]  ? __raw_spin_lock_init+0x36/0x110
[ 2520.229597]  v9fs_session_init+0x1dd/0x1680
[ 2520.229616]  ? lock_release+0x680/0x680
[ 2520.229641]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2520.229659]  ? v9fs_show_options+0x690/0x690
[ 2520.229684]  ? trace_hardirqs_on+0x5b/0x180
[ 2520.229702]  ? kasan_unpoison_shadow+0x33/0x50
[ 2520.229718]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2520.229737]  v9fs_mount+0x79/0x8f0
[ 2520.229754]  ? v9fs_write_inode+0x60/0x60
[ 2520.229774]  legacy_get_tree+0x105/0x220
[ 2520.229793]  vfs_get_tree+0x8e/0x300
[ 2520.229810]  path_mount+0x1429/0x2120
[ 2520.229833]  ? strncpy_from_user+0x9e/0x470
[ 2520.229850]  ? finish_automount+0xa90/0xa90
[ 2520.229868]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2520.229885]  ? _copy_from_user+0xfb/0x1b0
[ 2520.229910]  __x64_sys_mount+0x282/0x300
[ 2520.229926]  ? copy_mnt_ns+0xa00/0xa00
[ 2520.229948]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2520.229967]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2520.229987]  do_syscall_64+0x33/0x40
[ 2520.230005]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2520.230016] RIP: 0033:0x7fbbb0762b19
[ 2520.230034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2520.230043] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2520.230063] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2520.230073] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2520.230083] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2520.230093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2520.230103] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2520.286855] tmpfs: Bad value for 'size'
[ 2520.345603] tmpfs: Bad value for 'size'
[ 2520.347332] tmpfs: Bad value for 'size'
[ 2520.375272] tmpfs: Bad value for 'size'
[ 2520.529906] tmpfs: Bad value for 'size'
05:06:07 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2520.547175] tmpfs: Bad value for 'size'
05:06:08 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = memfd_create(&(0x7f0000000000)='{\x00', 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
fsetxattr(r2, &(0x7f0000000040)=@known='trusted.overlay.upper\x00', &(0x7f00000000c0)='{\x00', 0x2, 0x1)
fcntl$lock(r1, 0x24, &(0x7f0000000080)={0x2})
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2520.781210] tmpfs: Bad value for 'size'
05:06:24 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2536.820776] tmpfs: Bad value for 'size'
[ 2536.832366] tmpfs: Bad value for 'size'
[ 2536.844262] tmpfs: Bad value for 'size'
05:06:24 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000010)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:06:24 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

05:06:24 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:24 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4bfa, 0x3)

05:06:24 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000010)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:24 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000010)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:24 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000000)={0x4, 0x100, 0x7fffffff, 0x0, 0x9, "ccaa8eb9665c0578b4a95b1f64376a2e4665d7", 0x3, 0xc000})
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2536.853482] tmpfs: Bad value for 'size'
[ 2536.863201] FAULT_INJECTION: forcing a failure.
[ 2536.863201] name failslab, interval 1, probability 0, space 0, times 0
[ 2536.865608] CPU: 0 PID: 11985 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2536.867370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2536.869201] Call Trace:
[ 2536.869747]  dump_stack+0x107/0x167
[ 2536.870512]  should_fail.cold+0x5/0xa
[ 2536.871331]  ? p9_fd_create+0x161/0x4a0
[ 2536.872171]  should_failslab+0x5/0x20
[ 2536.872960]  kmem_cache_alloc_trace+0x55/0x320
[ 2536.873916]  p9_fd_create+0x161/0x4a0
[ 2536.874700]  ? p9_conn_create+0x510/0x510
[ 2536.875544]  ? p9_client_create+0x798/0x1230
[ 2536.876469]  ? kfree+0xd7/0x340
[ 2536.877148]  ? do_raw_spin_unlock+0x4f/0x220
[ 2536.878058]  p9_client_create+0x7ff/0x1230
[ 2536.878956]  ? p9_client_flush+0x430/0x430
[ 2536.879841]  ? trace_hardirqs_on+0x5b/0x180
[ 2536.880754]  ? lockdep_init_map_type+0x2c7/0x780
[ 2536.881733]  ? __raw_spin_lock_init+0x36/0x110
[ 2536.882682]  v9fs_session_init+0x1dd/0x1680
[ 2536.883589]  ? lock_release+0x680/0x680
[ 2536.884417]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2536.885410]  ? v9fs_show_options+0x690/0x690
[ 2536.886318]  ? trace_hardirqs_on+0x5b/0x180
[ 2536.887218]  ? kasan_unpoison_shadow+0x33/0x50
[ 2536.888159]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2536.889201]  v9fs_mount+0x79/0x8f0
[ 2536.889942]  ? v9fs_write_inode+0x60/0x60
[ 2536.890798]  legacy_get_tree+0x105/0x220
[ 2536.891647]  vfs_get_tree+0x8e/0x300
[ 2536.892412]  path_mount+0x1429/0x2120
[ 2536.893209]  ? strncpy_from_user+0x9e/0x470
[ 2536.894096]  ? finish_automount+0xa90/0xa90
[ 2536.894985]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2536.895945]  ? _copy_from_user+0xfb/0x1b0
[ 2536.896807]  __x64_sys_mount+0x282/0x300
[ 2536.897653]  ? copy_mnt_ns+0xa00/0xa00
[ 2536.898460]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2536.899535]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2536.900600]  do_syscall_64+0x33/0x40
[ 2536.901364]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2536.902423] RIP: 0033:0x7fbbb0762b19
[ 2536.903192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2536.906987] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2536.908619] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2536.910107] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2536.911588] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2536.913061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2536.914537] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:06:24 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:24 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2536.975960] tmpfs: Bad value for 'size'
[ 2537.000913] tmpfs: Bad value for 'size'
[ 2537.007510] tmpfs: Bad value for 'size'
05:06:24 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4bfb, 0x3)

[ 2537.012143] tmpfs: Bad value for 'size'
05:06:24 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x8)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:06:24 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

05:06:24 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2537.117705] FAULT_INJECTION: forcing a failure.
[ 2537.117705] name failslab, interval 1, probability 0, space 0, times 0
[ 2537.120212] CPU: 1 PID: 12003 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2537.121666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2537.123415] Call Trace:
[ 2537.123973]  dump_stack+0x107/0x167
[ 2537.124741]  should_fail.cold+0x5/0xa
[ 2537.125618]  ? create_object.isra.0+0x3a/0xa20
[ 2537.125642]  should_failslab+0x5/0x20
[ 2537.125660]  kmem_cache_alloc+0x5b/0x310
[ 2537.125679]  ? p9_fd_show_options+0x1c0/0x1c0
05:06:24 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2537.125699]  create_object.isra.0+0x3a/0xa20
[ 2537.125713]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2537.125736]  kmem_cache_alloc_trace+0x151/0x320
[ 2537.125759]  p9_fd_create+0x161/0x4a0
[ 2537.125777]  ? p9_conn_create+0x510/0x510
[ 2537.125793]  ? p9_client_create+0x798/0x1230
[ 2537.125810]  ? kfree+0xd7/0x340
[ 2537.125824]  ? do_raw_spin_unlock+0x4f/0x220
[ 2537.125847]  p9_client_create+0x7ff/0x1230
05:06:24 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5409, 0x3)

[ 2537.125873]  ? p9_client_flush+0x430/0x430
[ 2537.125891]  ? trace_hardirqs_on+0x5b/0x180
[ 2537.125910]  ? lockdep_init_map_type+0x2c7/0x780
[ 2537.125929]  ? __raw_spin_lock_init+0x36/0x110
[ 2537.125953]  v9fs_session_init+0x1dd/0x1680
[ 2537.125970]  ? lock_release+0x680/0x680
[ 2537.125995]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2537.126011]  ? v9fs_show_options+0x690/0x690
[ 2537.126036]  ? trace_hardirqs_on+0x5b/0x180
[ 2537.126053]  ? kasan_unpoison_shadow+0x33/0x50
[ 2537.126069]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2537.126087]  v9fs_mount+0x79/0x8f0
[ 2537.126104]  ? v9fs_write_inode+0x60/0x60
[ 2537.126122]  legacy_get_tree+0x105/0x220
05:06:24 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2537.126141]  vfs_get_tree+0x8e/0x300
[ 2537.126157]  path_mount+0x1429/0x2120
[ 2537.126179]  ? strncpy_from_user+0x9e/0x470
[ 2537.126195]  ? finish_automount+0xa90/0xa90
[ 2537.126212]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2537.126260]  ? _copy_from_user+0xfb/0x1b0
[ 2537.126285]  __x64_sys_mount+0x282/0x300
[ 2537.126300]  ? copy_mnt_ns+0xa00/0xa00
[ 2537.126322]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2537.126340]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2537.126359]  do_syscall_64+0x33/0x40
[ 2537.126377]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2537.126388] RIP: 0033:0x7fbbb0762b19
[ 2537.126406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2537.126416] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2537.126435] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2537.126445] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2537.126455] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2537.126465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2537.126474] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2537.194407] tmpfs: Bad value for 'size'
[ 2537.207409] tmpfs: Bad value for 'size'
[ 2537.218320] tmpfs: Bad value for 'size'
[ 2537.219005] tmpfs: Bad value for 'size'
[ 2537.401083] tmpfs: Bad value for 'size'
[ 2537.407401] tmpfs: Bad value for 'size'
05:06:39 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

05:06:39 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000011)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:39 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000011)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:06:39 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:39 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540b, 0x3)

05:06:39 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:39 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000000)={0x8, 0xff, 0x6, 0xc27, 0x3, [{0x5, 0x7, 0x1, '\x00', 0x2880}, {0x7fff, 0x5, 0xaa59, '\x00', 0x1}, {0x6, 0x3f6, 0x0, '\x00', 0x1700}]})
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="2c776600000000000047501e59c95f5a6d6e7f2e1285cabec280c0fdf07110008cb1d5e56f3d164df6911e1e7da106bf9191af4134f2dd063076b976e789cf0e5f1940a8dbb293e22dc586bb94b59170d9dc58f81d92af195b7a747f3825d566ed2ea768b1bf738c5afcaed98d3c106d7f383b08b0feae49431b3696c9ac6b2754cc38018eacdc095f67d09b1a221ea962f2c15f9213e7ba38b7f9ed86a7159e5120b59f", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000000200)={0x8, 0x7fff, 0x3, 0x1, 0x1f, "25346cb273ef88b85370f91b91a74690600b6b", 0x1, 0x3ff})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x18)
splice(r0, &(0x7f0000000180)=0xee9b, r0, &(0x7f00000001c0)=0x9, 0x0, 0x2)

05:06:39 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000011)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2552.474599] tmpfs: Bad value for 'size'
[ 2552.475708] tmpfs: Bad value for 'size'
[ 2552.479944] tmpfs: Bad value for 'size'
[ 2552.490818] tmpfs: Bad value for 'size'
[ 2552.495994] FAULT_INJECTION: forcing a failure.
[ 2552.495994] name failslab, interval 1, probability 0, space 0, times 0
[ 2552.498145] CPU: 1 PID: 12036 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2552.498156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2552.498162] Call Trace:
[ 2552.498185]  dump_stack+0x107/0x167
[ 2552.498205]  should_fail.cold+0x5/0xa
[ 2552.498227]  ? p9_client_prepare_req.part.0+0x3a/0xac0
[ 2552.498248]  should_failslab+0x5/0x20
[ 2552.498266]  kmem_cache_alloc+0x5b/0x310
[ 2552.498290]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2552.498315]  p9_client_rpc+0x220/0x1370
[ 2552.498336]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:06:40 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2552.498361]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2552.498383]  ? pipe_poll+0x21b/0x800
[ 2552.498399]  ? p9_fd_close+0x4a0/0x4a0
[ 2552.498415]  ? wait_for_partner+0x3c0/0x3c0
05:06:40 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2552.498435]  ? p9_fd_poll+0x1e0/0x2c0
05:06:40 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35)

[ 2552.498458]  ? p9_fd_create+0x357/0x4a0
[ 2552.498476]  ? p9_conn_create+0x510/0x510
[ 2552.498491]  ? p9_client_create+0x798/0x1230
[ 2552.498507]  ? kfree+0xd7/0x340
[ 2552.498597]  ? do_raw_spin_unlock+0x4f/0x220
[ 2552.498622]  p9_client_create+0xa76/0x1230
[ 2552.498665]  ? p9_client_flush+0x430/0x430
[ 2552.498683]  ? trace_hardirqs_on+0x5b/0x180
[ 2552.498702]  ? lockdep_init_map_type+0x2c7/0x780
[ 2552.498720]  ? __raw_spin_lock_init+0x36/0x110
[ 2552.498744]  v9fs_session_init+0x1dd/0x1680
[ 2552.498767]  ? lock_release+0x680/0x680
[ 2552.498792]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2552.498808]  ? v9fs_show_options+0x690/0x690
[ 2552.498832]  ? trace_hardirqs_on+0x5b/0x180
[ 2552.498849]  ? kasan_unpoison_shadow+0x33/0x50
[ 2552.498865]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2552.498884]  v9fs_mount+0x79/0x8f0
[ 2552.498900]  ? v9fs_write_inode+0x60/0x60
[ 2552.498919]  legacy_get_tree+0x105/0x220
[ 2552.498937]  vfs_get_tree+0x8e/0x300
[ 2552.498954]  path_mount+0x1429/0x2120
[ 2552.498976]  ? strncpy_from_user+0x9e/0x470
[ 2552.498992]  ? finish_automount+0xa90/0xa90
[ 2552.499009]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2552.499027]  ? _copy_from_user+0xfb/0x1b0
[ 2552.499050]  __x64_sys_mount+0x282/0x300
[ 2552.499065]  ? copy_mnt_ns+0xa00/0xa00
[ 2552.499104]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2552.499123]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2552.499142]  do_syscall_64+0x33/0x40
[ 2552.499159]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2552.499172] RIP: 0033:0x7fbbb0762b19
[ 2552.499189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2552.499199] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2552.499218] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2552.499228] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2552.499238] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2552.499248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2552.499258] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2552.706447] tmpfs: Bad value for 'size'
[ 2552.719339] tmpfs: Bad value for 'size'
[ 2552.834989] FAULT_INJECTION: forcing a failure.
[ 2552.834989] name failslab, interval 1, probability 0, space 0, times 0
[ 2552.835010] CPU: 0 PID: 12054 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2552.835019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2552.835025] Call Trace:
[ 2552.835044]  dump_stack+0x107/0x167
[ 2552.835064]  should_fail.cold+0x5/0xa
[ 2552.835102]  ? create_object.isra.0+0x3a/0xa20
[ 2552.835124]  should_failslab+0x5/0x20
[ 2552.835142]  kmem_cache_alloc+0x5b/0x310
[ 2552.835222]  create_object.isra.0+0x3a/0xa20
[ 2552.835238]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2552.835261]  kmem_cache_alloc+0x159/0x310
[ 2552.835286]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2552.835311]  p9_client_rpc+0x220/0x1370
[ 2552.835331]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2552.835357]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2552.835378]  ? pipe_poll+0x21b/0x800
[ 2552.835396]  ? p9_fd_close+0x4a0/0x4a0
[ 2552.835413]  ? wait_for_partner+0x3c0/0x3c0
[ 2552.835433]  ? p9_fd_poll+0x1e0/0x2c0
[ 2552.835459]  ? p9_fd_create+0x357/0x4a0
[ 2552.835477]  ? p9_conn_create+0x510/0x510
[ 2552.835494]  ? p9_client_create+0x798/0x1230
[ 2552.835511]  ? kfree+0xd7/0x340
[ 2552.835524]  ? do_raw_spin_unlock+0x4f/0x220
[ 2552.835556]  p9_client_create+0xa76/0x1230
[ 2552.835583]  ? p9_client_flush+0x430/0x430
[ 2552.835601]  ? trace_hardirqs_on+0x5b/0x180
[ 2552.835620]  ? lockdep_init_map_type+0x2c7/0x780
[ 2552.835640]  ? __raw_spin_lock_init+0x36/0x110
[ 2552.835663]  v9fs_session_init+0x1dd/0x1680
[ 2552.835681]  ? lock_release+0x680/0x680
[ 2552.835707]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2552.835725]  ? v9fs_show_options+0x690/0x690
[ 2552.835750]  ? trace_hardirqs_on+0x5b/0x180
[ 2552.835768]  ? kasan_unpoison_shadow+0x33/0x50
[ 2552.835784]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2552.835802]  v9fs_mount+0x79/0x8f0
[ 2552.835820]  ? v9fs_write_inode+0x60/0x60
[ 2552.835838]  legacy_get_tree+0x105/0x220
[ 2552.835857]  vfs_get_tree+0x8e/0x300
[ 2552.835873]  path_mount+0x1429/0x2120
[ 2552.835888] tmpfs: Bad value for 'size'
[ 2552.835905]  ? strncpy_from_user+0x9e/0x470
[ 2552.835922]  ? finish_automount+0xa90/0xa90
[ 2552.835939]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2552.835957]  ? _copy_from_user+0xfb/0x1b0
[ 2552.835985]  __x64_sys_mount+0x282/0x300
[ 2552.836001]  ? copy_mnt_ns+0xa00/0xa00
[ 2552.836023]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2552.836042]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2552.836061]  do_syscall_64+0x33/0x40
[ 2552.836078]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2552.836090] RIP: 0033:0x7fbbb0762b19
[ 2552.836135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2552.836146] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2552.836188] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2552.836199] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2552.836210] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2552.836220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2552.836230] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2552.838612] tmpfs: Bad value for 'size'
05:06:40 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2552.950289] tmpfs: Bad value for 'size'
[ 2552.961309] tmpfs: Bad value for 'size'
05:06:40 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:06:40 executing program 3:
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0xffffffffffff0000, 0xcea, 0x8, 0x32db, 0x4, [{0x5, 0x33, 0x40000000000000, '\x00', 0x8}, {0x6, 0x3, 0x27, '\x00', 0x1}, {0x8, 0x7fff, 0x8000, '\x00', 0x2000}, {0x80, 0x1ff, 0x28887e4b, '\x00', 0x200}]})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2553.027585] tmpfs: Bad value for 'size'
[ 2553.031126] tmpfs: Bad value for 'size'
05:06:40 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540c, 0x3)

05:07:02 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000023)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:02 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000023)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:07:02 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:02 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36)

05:07:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:02 executing program 3:
r0 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0)
fallocate(r2, 0x10, 0x0, 0x20fdef)
creat(&(0x7f00000001c0)='./file0\x00', 0x41)
fallocate(r1, 0x3, 0x0, 0x8000)
add_key$user(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000100)="d5cb579591c5128108604b02547d4ac4948183d6d8e373e9f205974396895490921614741a2b38d694680e8d2a24660a543a08b936ade9abe309ac8ac2aa7149b55d9238f4acfe2485a958443e2376c7825d92ada09fa08e825a007cd6338241df8778e48b597ef4c3c45daa", 0x6c, r0)
keyctl$revoke(0x3, r0)
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0)

05:07:02 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540d, 0x3)

05:07:02 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000023)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2575.053314] tmpfs: Bad value for 'size'
[ 2575.055142] tmpfs: Bad value for 'size'
[ 2575.057039] tmpfs: Bad value for 'size'
[ 2575.057681] FAULT_INJECTION: forcing a failure.
[ 2575.057681] name failslab, interval 1, probability 0, space 0, times 0
[ 2575.060285] CPU: 0 PID: 12082 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2575.061699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2575.063390] Call Trace:
[ 2575.063932]  dump_stack+0x107/0x167
[ 2575.064681]  should_fail.cold+0x5/0xa
[ 2575.065458]  ? p9_fcall_init+0x97/0x290
[ 2575.066264]  should_failslab+0x5/0x20
[ 2575.067026]  __kmalloc+0x72/0x390
[ 2575.067749]  p9_fcall_init+0x97/0x290
[ 2575.068359] tmpfs: Bad value for 'size'
[ 2575.068539]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2575.070425]  p9_client_rpc+0x220/0x1370
[ 2575.071238]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2575.072181]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2575.072958]  ? pipe_poll+0x21b/0x800
[ 2575.073486]  ? p9_fd_close+0x4a0/0x4a0
[ 2575.074215]  ? wait_for_partner+0x3c0/0x3c0
[ 2575.074826]  ? p9_fd_poll+0x1e0/0x2c0
[ 2575.075404]  ? p9_fd_create+0x357/0x4a0
[ 2575.075966]  ? p9_conn_create+0x510/0x510
[ 2575.076551]  ? p9_client_create+0x798/0x1230
[ 2575.077188]  ? kfree+0xd7/0x340
[ 2575.077656]  ? do_raw_spin_unlock+0x4f/0x220
[ 2575.078301]  p9_client_create+0xa76/0x1230
[ 2575.078920]  ? p9_client_flush+0x430/0x430
[ 2575.079542]  ? trace_hardirqs_on+0x5b/0x180
[ 2575.080171]  ? lockdep_init_map_type+0x2c7/0x780
[ 2575.080839]  ? __raw_spin_lock_init+0x36/0x110
[ 2575.081488]  v9fs_session_init+0x1dd/0x1680
[ 2575.082111]  ? lock_release+0x680/0x680
[ 2575.082677]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2575.083372]  ? v9fs_show_options+0x690/0x690
[ 2575.084066]  ? trace_hardirqs_on+0x5b/0x180
[ 2575.084685]  ? kasan_unpoison_shadow+0x33/0x50
[ 2575.085333]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2575.086052]  v9fs_mount+0x79/0x8f0
[ 2575.086564]  ? v9fs_write_inode+0x60/0x60
[ 2575.087152]  legacy_get_tree+0x105/0x220
[ 2575.087745]  vfs_get_tree+0x8e/0x300
[ 2575.088273]  path_mount+0x1429/0x2120
[ 2575.088817]  ? strncpy_from_user+0x9e/0x470
[ 2575.089432]  ? finish_automount+0xa90/0xa90
[ 2575.090049]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2575.090711]  ? _copy_from_user+0xfb/0x1b0
[ 2575.091324]  __x64_sys_mount+0x282/0x300
[ 2575.091899]  ? copy_mnt_ns+0xa00/0xa00
[ 2575.092459]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2575.093205]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2575.093930]  do_syscall_64+0x33/0x40
[ 2575.094458]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2575.095182] RIP: 0033:0x7fbbb0762b19
[ 2575.095726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2575.098321] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2575.099410] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2575.100421] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2575.101437] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2575.102453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2575.103477] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:07:02 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540e, 0x3)

05:07:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:02 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x88000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x52}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x804)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCFLSH(r2, 0x540b, 0x1)
ioctl$TCXONC(r2, 0x4b45, 0x3)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
pread64(r3, &(0x7f0000000000)=""/216, 0xd8, 0x4)

05:07:02 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37)

05:07:02 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2575.225265] tmpfs: Bad value for 'size'
[ 2575.227008] tmpfs: Bad value for 'size'
[ 2575.261623] FAULT_INJECTION: forcing a failure.
[ 2575.261623] name failslab, interval 1, probability 0, space 0, times 0
[ 2575.264331] CPU: 1 PID: 12097 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2575.266026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2575.268036] Call Trace:
[ 2575.268738]  dump_stack+0x107/0x167
[ 2575.269502]  should_fail.cold+0x5/0xa
[ 2575.270509]  ? create_object.isra.0+0x3a/0xa20
[ 2575.271615]  should_failslab+0x5/0x20
[ 2575.272675]  kmem_cache_alloc+0x5b/0x310
[ 2575.273526]  create_object.isra.0+0x3a/0xa20
[ 2575.274592]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2575.275924]  __kmalloc+0x16e/0x390
[ 2575.276747]  p9_fcall_init+0x97/0x290
[ 2575.277551]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2575.278810]  p9_client_rpc+0x220/0x1370
[ 2575.279848]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2575.281089]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2575.282311]  ? pipe_poll+0x21b/0x800
[ 2575.283230]  ? p9_fd_close+0x4a0/0x4a0
[ 2575.284248]  ? wait_for_partner+0x3c0/0x3c0
[ 2575.285265]  ? p9_fd_poll+0x1e0/0x2c0
[ 2575.286205]  ? p9_fd_create+0x357/0x4a0
[ 2575.287188]  ? p9_conn_create+0x510/0x510
[ 2575.288166]  ? p9_client_create+0x798/0x1230
[ 2575.289079]  ? kfree+0xd7/0x340
[ 2575.289852]  ? do_raw_spin_unlock+0x4f/0x220
[ 2575.290966]  p9_client_create+0xa76/0x1230
[ 2575.291912]  ? p9_client_flush+0x430/0x430
[ 2575.292857]  ? trace_hardirqs_on+0x5b/0x180
[ 2575.293962]  ? lockdep_init_map_type+0x2c7/0x780
[ 2575.295059]  ? __raw_spin_lock_init+0x36/0x110
[ 2575.296165]  v9fs_session_init+0x1dd/0x1680
[ 2575.297176]  ? lock_release+0x680/0x680
[ 2575.298210]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2575.299350]  ? v9fs_show_options+0x690/0x690
[ 2575.300277]  ? trace_hardirqs_on+0x5b/0x180
[ 2575.301363]  ? kasan_unpoison_shadow+0x33/0x50
[ 2575.302382]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2575.303532]  v9fs_mount+0x79/0x8f0
[ 2575.304292]  ? v9fs_write_inode+0x60/0x60
[ 2575.305426]  legacy_get_tree+0x105/0x220
[ 2575.306279]  vfs_get_tree+0x8e/0x300
[ 2575.307164]  path_mount+0x1429/0x2120
[ 2575.308054]  ? strncpy_from_user+0x9e/0x470
[ 2575.309124]  ? finish_automount+0xa90/0xa90
[ 2575.310137]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2575.311215]  ? _copy_from_user+0xfb/0x1b0
[ 2575.312316]  __x64_sys_mount+0x282/0x300
[ 2575.313281]  ? copy_mnt_ns+0xa00/0xa00
[ 2575.314219]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2575.315486]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2575.316662]  do_syscall_64+0x33/0x40
[ 2575.317437]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2575.318509] RIP: 0033:0x7fbbb0762b19
[ 2575.319300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2575.323873] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2575.325686] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2575.327432] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2575.329231] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2575.330882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2575.332626] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2575.363656] tmpfs: Bad value for 'size'
05:07:02 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540f, 0x3)

[ 2575.384409] tmpfs: Bad value for 'size'
05:07:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2575.531108] tmpfs: Bad value for 'size'
[ 2575.536087] tmpfs: Bad value for 'size'
05:07:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:18 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1000001da)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:18 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2590.570456] tmpfs: Bad value for 'size'
05:07:18 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1000001da)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:07:18 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2590.588474] tmpfs: Bad value for 'size'
[ 2590.590083] tmpfs: Bad value for 'size'
[ 2590.592064] tmpfs: Bad value for 'size'
05:07:18 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5410, 0x3)

05:07:18 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38)

05:07:18 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1000001da)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2590.626753] FAULT_INJECTION: forcing a failure.
[ 2590.626753] name failslab, interval 1, probability 0, space 0, times 0
[ 2590.629429] CPU: 0 PID: 12123 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2590.630916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2590.632680] Call Trace:
[ 2590.633251]  dump_stack+0x107/0x167
[ 2590.634037]  should_fail.cold+0x5/0xa
[ 2590.634877]  ? p9_fcall_init+0x97/0x290
[ 2590.635738]  should_failslab+0x5/0x20
[ 2590.636688]  __kmalloc+0x72/0x390
[ 2590.637441]  p9_fcall_init+0x97/0x290
[ 2590.638264]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2590.639360]  p9_client_rpc+0x220/0x1370
[ 2590.640238]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2590.641372]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2590.642669]  ? pipe_poll+0x21b/0x800
[ 2590.643494]  ? p9_fd_close+0x4a0/0x4a0
[ 2590.644319]  ? wait_for_partner+0x3c0/0x3c0
[ 2590.645237]  ? p9_fd_poll+0x1e0/0x2c0
[ 2590.646056]  ? p9_fd_create+0x357/0x4a0
[ 2590.646916]  ? p9_conn_create+0x510/0x510
[ 2590.647813]  ? p9_client_create+0x798/0x1230
[ 2590.648752]  ? kfree+0xd7/0x340
[ 2590.649454]  ? do_raw_spin_unlock+0x4f/0x220
[ 2590.650393]  p9_client_create+0xa76/0x1230
[ 2590.651316]  ? p9_client_flush+0x430/0x430
[ 2590.652221]  ? trace_hardirqs_on+0x5b/0x180
[ 2590.653211]  ? lockdep_init_map_type+0x2c7/0x780
[ 2590.654228]  ? __raw_spin_lock_init+0x36/0x110
[ 2590.655212]  v9fs_session_init+0x1dd/0x1680
[ 2590.656137]  ? lock_release+0x680/0x680
[ 2590.656992]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2590.658021]  ? v9fs_show_options+0x690/0x690
[ 2590.658970]  ? trace_hardirqs_on+0x5b/0x180
[ 2590.659901]  ? kasan_unpoison_shadow+0x33/0x50
[ 2590.660872]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2590.661948]  v9fs_mount+0x79/0x8f0
[ 2590.662693]  ? v9fs_write_inode+0x60/0x60
[ 2590.663597]  legacy_get_tree+0x105/0x220
[ 2590.664463]  vfs_get_tree+0x8e/0x300
[ 2590.665261]  path_mount+0x1429/0x2120
[ 2590.666082]  ? strncpy_from_user+0x9e/0x470
[ 2590.667008]  ? finish_automount+0xa90/0xa90
[ 2590.667936]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2590.668970]  ? _copy_from_user+0xfb/0x1b0
[ 2590.669867]  __x64_sys_mount+0x282/0x300
[ 2590.670718]  ? copy_mnt_ns+0xa00/0xa00
[ 2590.671568]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2590.672688]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2590.673805]  do_syscall_64+0x33/0x40
[ 2590.674590]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2590.675698] RIP: 0033:0x7fbbb0762b19
[ 2590.676502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2590.680442] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2590.682067] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2590.683764] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2590.685640] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2590.687371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2590.688914] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:07:18 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:18 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = dup(r0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

[ 2590.755367] tmpfs: Bad value for 'size'
05:07:18 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5412, 0x3)

[ 2590.767766] tmpfs: Bad value for 'size'
[ 2590.770172] tmpfs: Bad value for 'size'
[ 2590.776243] tmpfs: Bad value for 'size'
05:07:18 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x7e7, 0x0, 0x5, 0x401}, {0x9, 0x9, 0x6}, {0x1, 0x7f, 0x9, 0x2}, {0x101, 0x0, 0xc2, 0x9}, {0x0, 0x0, 0x8, 0x9}]})
fdatasync(r1)

05:07:18 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:18 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:18 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39)

[ 2590.967474] tmpfs: Bad value for 'size'
[ 2590.973293] tmpfs: Bad value for 'size'
[ 2590.978587] tmpfs: Bad value for 'size'
[ 2590.980531] tmpfs: Bad value for 'size'
[ 2591.020431] FAULT_INJECTION: forcing a failure.
[ 2591.020431] name failslab, interval 1, probability 0, space 0, times 0
[ 2591.023376] CPU: 1 PID: 12150 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2591.024844] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2591.026595] Call Trace:
[ 2591.027153]  dump_stack+0x107/0x167
[ 2591.027926]  should_fail.cold+0x5/0xa
[ 2591.028735]  ? p9_fcall_init+0x97/0x290
[ 2591.029574]  should_failslab+0x5/0x20
[ 2591.030356]  __kmalloc+0x72/0x390
[ 2591.031085]  p9_fcall_init+0x97/0x290
[ 2591.031902]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2591.032975]  p9_client_rpc+0x220/0x1370
[ 2591.033813]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2591.034928]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2591.036068]  ? pipe_poll+0x21b/0x800
[ 2591.036852]  ? p9_fd_close+0x4a0/0x4a0
[ 2591.037670]  ? wait_for_partner+0x3c0/0x3c0
[ 2591.038587]  ? p9_fd_poll+0x1e0/0x2c0
[ 2591.039393]  ? p9_fd_create+0x357/0x4a0
[ 2591.040236]  ? p9_conn_create+0x510/0x510
[ 2591.041108]  ? p9_client_create+0x798/0x1230
[ 2591.042033]  ? kfree+0xd7/0x340
[ 2591.042722]  ? do_raw_spin_unlock+0x4f/0x220
[ 2591.043737]  p9_client_create+0xa76/0x1230
[ 2591.044646]  ? p9_client_flush+0x430/0x430
[ 2591.045544]  ? trace_hardirqs_on+0x5b/0x180
[ 2591.046455]  ? lockdep_init_map_type+0x2c7/0x780
[ 2591.047466]  ? __raw_spin_lock_init+0x36/0x110
[ 2591.048441]  v9fs_session_init+0x1dd/0x1680
[ 2591.049351]  ? lock_release+0x680/0x680
[ 2591.050197]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2591.051208]  ? v9fs_show_options+0x690/0x690
[ 2591.052141]  ? trace_hardirqs_on+0x5b/0x180
[ 2591.053049]  ? kasan_unpoison_shadow+0x33/0x50
[ 2591.054004]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2591.055059]  v9fs_mount+0x79/0x8f0
[ 2591.055813]  ? v9fs_write_inode+0x60/0x60
[ 2591.056682]  legacy_get_tree+0x105/0x220
[ 2591.057528]  vfs_get_tree+0x8e/0x300
[ 2591.058308]  path_mount+0x1429/0x2120
[ 2591.059116]  ? strncpy_from_user+0x9e/0x470
[ 2591.060024]  ? finish_automount+0xa90/0xa90
[ 2591.060929]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2591.061900]  ? _copy_from_user+0xfb/0x1b0
[ 2591.062778]  __x64_sys_mount+0x282/0x300
[ 2591.063631]  ? copy_mnt_ns+0xa00/0xa00
[ 2591.064452]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2591.065550]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2591.066631]  do_syscall_64+0x33/0x40
[ 2591.067410]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2591.068491] RIP: 0033:0x7fbbb0762b19
[ 2591.069273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2591.073133] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2591.074731] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2591.076439] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2591.078095] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2591.079931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2591.081426] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:07:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2606.007295] tmpfs: Bad value for 'size'
[ 2606.047101] tmpfs: Bad value for 'size'
05:07:33 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1000001fe)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:07:33 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000300)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:33 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40)

05:07:33 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000300)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5413, 0x3)

05:07:33 executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x42000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0)
dup3(0xffffffffffffffff, r1, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x2074, 0x0)
openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0xf, 0x13, r2, 0x8000000)
syz_io_uring_submit(r5, r4, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
r8 = openat$sr(0xffffffffffffff9c, &(0x7f0000000180), 0x141000, 0x0)
ioctl$TCSETSW2(r8, 0x402c542c, &(0x7f0000000240)={0x0, 0x0, 0xfffff9c5, 0x1f, 0x2, "32484dc2f76f4fbb6da1d5b827fda84b61c1ac", 0x8, 0x7})
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000080)=0x9)
fsetxattr$trusted_overlay_origin(r6, &(0x7f0000000000), &(0x7f0000000040), 0x2, 0x3)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2606.065618] tmpfs: Bad value for 'size'
[ 2606.075218] tmpfs: Bad value for 'size'
[ 2606.078481] FAULT_INJECTION: forcing a failure.
[ 2606.078481] name failslab, interval 1, probability 0, space 0, times 0
[ 2606.081368] CPU: 0 PID: 12171 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2606.082822] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2606.084580] Call Trace:
[ 2606.085143]  dump_stack+0x107/0x167
[ 2606.085910]  should_fail.cold+0x5/0xa
[ 2606.086714]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2606.087933]  should_failslab+0x5/0x20
[ 2606.088784]  kmem_cache_alloc+0x5b/0x310
[ 2606.089668]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2606.090839]  idr_get_free+0x4b5/0x8f0
[ 2606.091674]  idr_alloc_u32+0x170/0x2d0
[ 2606.092491]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2606.093509]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2606.094634]  ? lock_release+0x680/0x680
[ 2606.095472]  idr_alloc+0xc2/0x130
[ 2606.096231]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2606.097096]  ? rwlock_bug.part.0+0x90/0x90
[ 2606.097998]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2606.099116]  p9_client_rpc+0x220/0x1370
[ 2606.099974]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2606.101116]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2606.102250]  ? pipe_poll+0x21b/0x800
[ 2606.103031]  ? p9_fd_close+0x4a0/0x4a0
[ 2606.103861]  ? wait_for_partner+0x3c0/0x3c0
[ 2606.104766]  ? p9_fd_poll+0x1e0/0x2c0
[ 2606.105581]  ? p9_fd_create+0x357/0x4a0
[ 2606.106421]  ? p9_conn_create+0x510/0x510
[ 2606.107292]  ? p9_client_create+0x798/0x1230
[ 2606.108223]  ? kfree+0xd7/0x340
[ 2606.108933]  ? do_raw_spin_unlock+0x4f/0x220
[ 2606.109882]  p9_client_create+0xa76/0x1230
[ 2606.110802]  ? p9_client_flush+0x430/0x430
[ 2606.111711]  ? trace_hardirqs_on+0x5b/0x180
[ 2606.112621]  ? lockdep_init_map_type+0x2c7/0x780
[ 2606.113629]  ? __raw_spin_lock_init+0x36/0x110
[ 2606.114612]  v9fs_session_init+0x1dd/0x1680
[ 2606.115539]  ? lock_release+0x680/0x680
[ 2606.116403]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2606.117425]  ? v9fs_show_options+0x690/0x690
[ 2606.118364]  ? trace_hardirqs_on+0x5b/0x180
[ 2606.119290]  ? kasan_unpoison_shadow+0x33/0x50
[ 2606.120272]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2606.121373]  v9fs_mount+0x79/0x8f0
[ 2606.122121]  ? v9fs_write_inode+0x60/0x60
[ 2606.123001]  legacy_get_tree+0x105/0x220
[ 2606.123877]  vfs_get_tree+0x8e/0x300
[ 2606.124657]  path_mount+0x1429/0x2120
[ 2606.125464]  ? strncpy_from_user+0x9e/0x470
[ 2606.126375]  ? finish_automount+0xa90/0xa90
[ 2606.127283]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2606.128269]  ? _copy_from_user+0xfb/0x1b0
[ 2606.129148]  __x64_sys_mount+0x282/0x300
[ 2606.130007]  ? copy_mnt_ns+0xa00/0xa00
[ 2606.130876]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2606.131998]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2606.133104]  do_syscall_64+0x33/0x40
[ 2606.133901]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2606.135014] RIP: 0033:0x7fbbb0762b19
[ 2606.135842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2606.139718] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2606.141342] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2606.142832] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2606.144337] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2606.145857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2606.147367] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:07:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5414, 0x3)

05:07:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5415, 0x3)

[ 2606.356183] tmpfs: Bad value for 'size'
[ 2606.373954] tmpfs: Bad value for 'size'
[ 2606.375395] tmpfs: Bad value for 'size'
[ 2606.385559] tmpfs: Bad value for 'size'
05:07:33 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5416, 0x3)

05:07:33 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:33 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:33 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41)

[ 2606.606521] tmpfs: Bad value for 'size'
[ 2606.620562] tmpfs: Bad value for 'size'
[ 2606.627243] FAULT_INJECTION: forcing a failure.
[ 2606.627243] name failslab, interval 1, probability 0, space 0, times 0
[ 2606.629732] CPU: 0 PID: 12199 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2606.631164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2606.632872] Call Trace:
[ 2606.633420]  dump_stack+0x107/0x167
[ 2606.634165]  should_fail.cold+0x5/0xa
[ 2606.634940]  ? create_object.isra.0+0x3a/0xa20
[ 2606.635879]  should_failslab+0x5/0x20
[ 2606.636651]  kmem_cache_alloc+0x5b/0x310
[ 2606.637126] tmpfs: Bad value for 'size'
[ 2606.637480]  create_object.isra.0+0x3a/0xa20
[ 2606.639103]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2606.640164]  __kmalloc+0x16e/0x390
[ 2606.640899]  p9_fcall_init+0x97/0x290
[ 2606.641666]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2606.642706]  p9_client_rpc+0x220/0x1370
[ 2606.643523]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2606.644616]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2606.645702]  ? pipe_poll+0x21b/0x800
[ 2606.646455]  ? p9_fd_close+0x4a0/0x4a0
[ 2606.647252]  ? wait_for_partner+0x3c0/0x3c0
[ 2606.648138]  ? p9_fd_poll+0x1e0/0x2c0
[ 2606.648915]  ? p9_fd_create+0x357/0x4a0
[ 2606.649719]  ? p9_conn_create+0x510/0x510
[ 2606.650557]  ? p9_client_create+0x798/0x1230
[ 2606.651452]  ? kfree+0xd7/0x340
[ 2606.652117]  ? do_raw_spin_unlock+0x4f/0x220
[ 2606.653011]  p9_client_create+0xa76/0x1230
[ 2606.653881]  ? p9_client_flush+0x430/0x430
[ 2606.654810]  ? trace_hardirqs_on+0x5b/0x180
[ 2606.655713]  ? lockdep_init_map_type+0x2c7/0x780
[ 2606.656685]  ? __raw_spin_lock_init+0x36/0x110
[ 2606.657613]  v9fs_session_init+0x1dd/0x1680
[ 2606.658490]  ? lock_release+0x680/0x680
[ 2606.659301]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2606.660290]  ? v9fs_show_options+0x690/0x690
[ 2606.661190]  ? trace_hardirqs_on+0x5b/0x180
[ 2606.662073]  ? kasan_unpoison_shadow+0x33/0x50
[ 2606.662996]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2606.664024]  v9fs_mount+0x79/0x8f0
[ 2606.664738]  ? v9fs_write_inode+0x60/0x60
[ 2606.665577]  legacy_get_tree+0x105/0x220
[ 2606.666391]  vfs_get_tree+0x8e/0x300
[ 2606.667137]  path_mount+0x1429/0x2120
[ 2606.667923]  ? strncpy_from_user+0x9e/0x470
[ 2606.668795]  ? finish_automount+0xa90/0xa90
[ 2606.669660]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2606.670599]  ? _copy_from_user+0xfb/0x1b0
[ 2606.671444]  __x64_sys_mount+0x282/0x300
[ 2606.672264]  ? copy_mnt_ns+0xa00/0xa00
[ 2606.673053]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2606.674098]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2606.675148]  do_syscall_64+0x33/0x40
[ 2606.675902]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2606.676943] RIP: 0033:0x7fbbb0762b19
[ 2606.677691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2606.681461] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2606.683032] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2606.684521] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2606.685998] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2606.687481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2606.688961] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2606.695500] tmpfs: Bad value for 'size'
05:07:47 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:47 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:47 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000300)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

[ 2620.419017] tmpfs: Bad value for 'size'
05:07:47 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000500)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:47 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42)

05:07:47 executing program 3:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000001c0), 0x20004, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x4040011)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r3, 0x4b45, 0x3)

05:07:47 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000500)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:07:47 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5418, 0x3)

[ 2620.446104] tmpfs: Bad value for 'size'
[ 2620.454374] FAULT_INJECTION: forcing a failure.
[ 2620.454374] name failslab, interval 1, probability 0, space 0, times 0
[ 2620.455724] CPU: 0 PID: 12221 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2620.456575] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2620.457601] Call Trace:
[ 2620.457938]  dump_stack+0x107/0x167
[ 2620.458392]  should_fail.cold+0x5/0xa
[ 2620.458872]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2620.459582]  should_failslab+0x5/0x20
[ 2620.460065]  kmem_cache_alloc+0x5b/0x310
[ 2620.460574]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2620.461323]  idr_get_free+0x4b5/0x8f0
[ 2620.461809]  idr_alloc_u32+0x170/0x2d0
[ 2620.462294]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2620.462894]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2620.463565]  ? lock_release+0x680/0x680
[ 2620.464081]  idr_alloc+0xc2/0x130
[ 2620.464515]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2620.465022]  ? rwlock_bug.part.0+0x90/0x90
[ 2620.465555]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2620.466203]  p9_client_rpc+0x220/0x1370
[ 2620.466528] tmpfs: Bad value for 'size'
[ 2620.466694]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2620.468252]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2620.468914]  ? pipe_poll+0x21b/0x800
[ 2620.469369]  ? p9_fd_close+0x4a0/0x4a0
[ 2620.469844]  ? wait_for_partner+0x3c0/0x3c0
[ 2620.470378]  ? p9_fd_poll+0x1e0/0x2c0
[ 2620.470854]  ? p9_fd_create+0x357/0x4a0
[ 2620.471353]  ? p9_conn_create+0x510/0x510
[ 2620.471988]  ? p9_client_create+0x798/0x1230
[ 2620.472608]  ? kfree+0xd7/0x340
[ 2620.473003]  ? do_raw_spin_unlock+0x4f/0x220
[ 2620.473527]  p9_client_create+0xa76/0x1230
[ 2620.474036]  ? p9_client_flush+0x430/0x430
[ 2620.474535]  ? trace_hardirqs_on+0x5b/0x180
[ 2620.475044]  ? lockdep_init_map_type+0x2c7/0x780
[ 2620.475602]  ? __raw_spin_lock_init+0x36/0x110
[ 2620.476159]  v9fs_session_init+0x1dd/0x1680
[ 2620.476254] tmpfs: Bad value for 'size'
[ 2620.476684]  ? lock_release+0x680/0x680
[ 2620.477985]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2620.478556]  ? v9fs_show_options+0x690/0x690
[ 2620.479085]  ? trace_hardirqs_on+0x5b/0x180
[ 2620.479605]  ? kasan_unpoison_shadow+0x33/0x50
[ 2620.480161]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2620.480762]  v9fs_mount+0x79/0x8f0
[ 2620.481196]  ? v9fs_write_inode+0x60/0x60
[ 2620.481701]  legacy_get_tree+0x105/0x220
[ 2620.482187]  vfs_get_tree+0x8e/0x300
[ 2620.482634]  path_mount+0x1429/0x2120
[ 2620.483101]  ? strncpy_from_user+0x9e/0x470
[ 2620.483620]  ? finish_automount+0xa90/0xa90
[ 2620.484140]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2620.484703]  ? _copy_from_user+0xfb/0x1b0
[ 2620.485208]  __x64_sys_mount+0x282/0x300
[ 2620.485690]  ? copy_mnt_ns+0xa00/0xa00
[ 2620.486147]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2620.486799]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2620.487436]  do_syscall_64+0x33/0x40
[ 2620.487898]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2620.488520] RIP: 0033:0x7fbbb0762b19
[ 2620.488967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2620.491215] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2620.492150] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2620.493012] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2620.493874] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2620.494739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2620.495603] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:07:47 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x541b, 0x3)

05:07:47 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:07:48 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2620.576562] tmpfs: Bad value for 'size'
[ 2620.593684] tmpfs: Bad value for 'size'
05:07:48 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x541d, 0x3)

05:07:48 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSERIAL(r0, 0x541e, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/77})
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000500)={0x1ed, 0x1f, &(0x7f0000000100)})

[ 2620.630264] tmpfs: Bad value for 'size'
[ 2620.631126] tmpfs: Bad value for 'size'
05:07:48 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2620.713550] tmpfs: Bad value for 'size'
05:07:48 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2620.724418] tmpfs: Bad value for 'size'
05:07:48 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x541e, 0x3)

05:07:48 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000000)={0x4, 0x0, 0xa, 0x7, 0x9, "fea36f9cbb0125aa2f81323afb76b42b37e700", 0x7, 0x3})
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2620.756728] tmpfs: Bad value for 'size'
[ 2620.757605] tmpfs: Bad value for 'size'
05:08:06 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:06 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000500)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:08:06 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000600)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:08:06 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x541e, 0x3)

05:08:06 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:06 executing program 3:
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0xda}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x800}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x10000}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x840}, 0x40)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2638.914099] tmpfs: Bad value for 'size'
05:08:06 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43)

05:08:06 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000600)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2638.936185] tmpfs: Bad value for 'size'
[ 2638.940430] tmpfs: Bad value for 'size'
[ 2638.946643] tmpfs: Bad value for 'size'
[ 2638.957103] FAULT_INJECTION: forcing a failure.
[ 2638.957103] name failslab, interval 1, probability 0, space 0, times 0
[ 2638.959532] CPU: 0 PID: 12279 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2638.960959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2638.962642] Call Trace:
[ 2638.963193]  dump_stack+0x107/0x167
[ 2638.963961]  should_fail.cold+0x5/0xa
[ 2638.964744]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2638.965914]  should_failslab+0x5/0x20
[ 2638.966686]  kmem_cache_alloc+0x5b/0x310
[ 2638.967525]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2638.968971]  idr_get_free+0x4b5/0x8f0
[ 2638.969844]  idr_alloc_u32+0x170/0x2d0
05:08:06 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x81, 0x40000)
signalfd(r1, &(0x7f0000000040)={[0xff]}, 0x8)

[ 2638.970847]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2638.972057]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2638.973441]  ? lock_release+0x680/0x680
[ 2638.974295]  idr_alloc+0xc2/0x130
[ 2638.975030]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2638.975897]  ? rwlock_bug.part.0+0x90/0x90
[ 2638.976816]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2638.977911]  p9_client_rpc+0x220/0x1370
[ 2638.978748]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2638.979864]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2638.981073]  ? pipe_poll+0x21b/0x800
[ 2638.981867]  ? p9_fd_close+0x4a0/0x4a0
[ 2638.982720]  ? wait_for_partner+0x3c0/0x3c0
[ 2638.983647]  ? p9_fd_poll+0x1e0/0x2c0
[ 2638.984472]  ? p9_fd_create+0x357/0x4a0
[ 2638.985314]  ? p9_conn_create+0x510/0x510
[ 2638.986186]  ? p9_client_create+0x798/0x1230
[ 2638.987115]  ? kfree+0xd7/0x340
[ 2638.987817]  ? do_raw_spin_unlock+0x4f/0x220
[ 2638.988768]  p9_client_create+0xa76/0x1230
[ 2638.989680]  ? p9_client_flush+0x430/0x430
[ 2638.990575]  ? trace_hardirqs_on+0x5b/0x180
[ 2638.991486]  ? lockdep_init_map_type+0x2c7/0x780
[ 2638.992505]  ? __raw_spin_lock_init+0x36/0x110
[ 2638.993476]  v9fs_session_init+0x1dd/0x1680
[ 2638.994388]  ? lock_release+0x680/0x680
[ 2638.995247]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2638.996273]  ? v9fs_show_options+0x690/0x690
[ 2638.997214]  ? trace_hardirqs_on+0x5b/0x180
[ 2638.998129]  ? kasan_unpoison_shadow+0x33/0x50
05:08:06 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:06 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2638.999098]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2639.000311]  v9fs_mount+0x79/0x8f0
[ 2639.001057]  ? v9fs_write_inode+0x60/0x60
[ 2639.001929]  legacy_get_tree+0x105/0x220
[ 2639.002777]  vfs_get_tree+0x8e/0x300
[ 2639.003554]  path_mount+0x1429/0x2120
[ 2639.004374]  ? strncpy_from_user+0x9e/0x470
[ 2639.005284]  ? finish_automount+0xa90/0xa90
[ 2639.006293]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2639.007436]  ? _copy_from_user+0xfb/0x1b0
[ 2639.008472]  __x64_sys_mount+0x282/0x300
[ 2639.009431]  ? copy_mnt_ns+0xa00/0xa00
[ 2639.010372]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2639.011650]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2639.012898]  do_syscall_64+0x33/0x40
[ 2639.013771]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2639.015032] RIP: 0033:0x7fbbb0762b19
[ 2639.015827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2639.019654] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2639.021240] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2639.022706] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2639.024196] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2639.025681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2639.027118] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:08:06 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5421, 0x3)

[ 2639.134155] tmpfs: Bad value for 'size'
[ 2639.156019] tmpfs: Bad value for 'size'
[ 2639.189130] tmpfs: Bad value for 'size'
[ 2639.207654] tmpfs: Bad value for 'size'
05:08:06 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000000))

05:08:06 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5422, 0x3)

05:08:06 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:06 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2639.406140] tmpfs: Bad value for 'size'
[ 2639.415242] tmpfs: Bad value for 'size'
[ 2639.438450] tmpfs: Bad value for 'size'
[ 2639.443503] tmpfs: Bad value for 'size'
05:08:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5423, 0x3)

05:08:25 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',w&dno=', @ANYRESHEX=r2, @ANYBLOB=',\x00'])
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x3, 0x0, 0xdc7f, 0x1, 0x1a, "febb03b6a8e4c34e3a4c7e753546445c08a983"})

05:08:25 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44)

05:08:25 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000600)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:08:25 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000700)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:08:25 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:25 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:25 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000700)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2658.180823] tmpfs: Bad value for 'size'
[ 2658.184639] FAULT_INJECTION: forcing a failure.
[ 2658.184639] name failslab, interval 1, probability 0, space 0, times 0
[ 2658.186943] CPU: 0 PID: 12314 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2658.188380] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2658.190092] Call Trace:
[ 2658.190649]  dump_stack+0x107/0x167
[ 2658.191406]  should_fail.cold+0x5/0xa
[ 2658.192202]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2658.193394]  should_failslab+0x5/0x20
[ 2658.194195]  kmem_cache_alloc+0x5b/0x310
[ 2658.195035]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2658.196192]  idr_get_free+0x4b5/0x8f0
[ 2658.197017]  idr_alloc_u32+0x170/0x2d0
[ 2658.197839]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2658.198866]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2658.199962]  ? lock_release+0x680/0x680
[ 2658.200825]  idr_alloc+0xc2/0x130
[ 2658.201568]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2658.202433]  ? rwlock_bug.part.0+0x90/0x90
[ 2658.203348]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2658.204465]  p9_client_rpc+0x220/0x1370
[ 2658.205315]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2658.206441]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2658.207787]  ? pipe_poll+0x21b/0x800
[ 2658.208571]  ? p9_fd_close+0x4a0/0x4a0
[ 2658.209396]  ? wait_for_partner+0x3c0/0x3c0
[ 2658.210311]  ? p9_fd_poll+0x1e0/0x2c0
[ 2658.211095]  ? p9_fd_create+0x357/0x4a0
[ 2658.211904]  ? p9_conn_create+0x510/0x510
[ 2658.212752]  ? p9_client_create+0x798/0x1230
[ 2658.213647]  ? kfree+0xd7/0x340
[ 2658.214321]  ? do_raw_spin_unlock+0x4f/0x220
[ 2658.215238]  p9_client_create+0xa76/0x1230
[ 2658.216126]  ? p9_client_flush+0x430/0x430
[ 2658.217000]  ? trace_hardirqs_on+0x5b/0x180
[ 2658.217886]  ? lockdep_init_map_type+0x2c7/0x780
[ 2658.218846]  ? __raw_spin_lock_init+0x36/0x110
[ 2658.219820]  v9fs_session_init+0x1dd/0x1680
[ 2658.220729]  ? lock_release+0x680/0x680
[ 2658.221544]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2658.222583]  ? v9fs_show_options+0x690/0x690
[ 2658.223500]  ? trace_hardirqs_on+0x5b/0x180
[ 2658.224417]  ? kasan_unpoison_shadow+0x33/0x50
[ 2658.225460]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2658.226541]  v9fs_mount+0x79/0x8f0
[ 2658.227284]  ? v9fs_write_inode+0x60/0x60
[ 2658.228172]  legacy_get_tree+0x105/0x220
[ 2658.229060]  vfs_get_tree+0x8e/0x300
[ 2658.229852]  path_mount+0x1429/0x2120
[ 2658.230664]  ? strncpy_from_user+0x9e/0x470
[ 2658.231570]  ? finish_automount+0xa90/0xa90
[ 2658.232481]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2658.233475]  ? _copy_from_user+0xfb/0x1b0
[ 2658.234358]  __x64_sys_mount+0x282/0x300
[ 2658.235218]  ? copy_mnt_ns+0xa00/0xa00
[ 2658.236054]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2658.237170]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2658.238277]  do_syscall_64+0x33/0x40
[ 2658.239056]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2658.240165] RIP: 0033:0x7fbbb0762b19
[ 2658.240968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2658.244858] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2658.246469] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2658.247987] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2658.249504] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2658.251036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2658.252545] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2658.261416] tmpfs: Bad value for 'size'
[ 2658.268337] tmpfs: Bad value for 'size'
[ 2658.287029] tmpfs: Bad value for 'size'
05:08:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5424, 0x3)

05:08:25 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000000))
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$VT_DISALLOCATE(r0, 0x5608)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000008, 0x10, 0xffffffffffffffff, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r0, {0xffffffc1}}, './file0\x00'})
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd=r3, 0x0, 0x0, 0x2, 0x9, 0x1, {0x0, r4, r0}}, 0x1)

05:08:25 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:25 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5425, 0x3)

[ 2658.486214] tmpfs: Bad value for 'size'
[ 2658.492648] tmpfs: Bad value for 'size'
[ 2658.494035] tmpfs: Bad value for 'size'
[ 2658.500294] tmpfs: Bad value for 'size'
[ 2675.704411] tmpfs: Bad value for 'size'
[ 2675.707318] tmpfs: Bad value for 'size'
[ 2675.714459] FAULT_INJECTION: forcing a failure.
[ 2675.714459] name failslab, interval 1, probability 0, space 0, times 0
[ 2675.716777] CPU: 0 PID: 12364 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2675.718200] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2675.719388] tmpfs: Bad value for 'size'
[ 2675.719896] Call Trace:
[ 2675.719921]  dump_stack+0x107/0x167
[ 2675.719943]  should_fail.cold+0x5/0xa
[ 2675.722823]  ? create_object.isra.0+0x3a/0xa20
[ 2675.723771]  should_failslab+0x5/0x20
[ 2675.724581]  kmem_cache_alloc+0x5b/0x310
[ 2675.725647]  create_object.isra.0+0x3a/0xa20
[ 2675.725662]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2675.725685]  kmem_cache_alloc+0x159/0x310
05:08:43 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5427, 0x3)

05:08:43 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000700)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:08:43 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000900)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:08:43 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45)

05:08:43 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:43 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:43 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB='\x00\x00'])
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00')
ioctl$FIONREAD(r6, 0x6801, 0x0)
r7 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x80, 0x0)
preadv(r7, 0x0, 0x0, 0x401, 0x0)
getresuid(&(0x7f00000015c0), &(0x7f0000001800), &(0x7f0000001840)=<r8=>0x0)
stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x300020, &(0x7f0000001880)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@msize={'msize', 0x3d, 0x7e}}, {@access_any}], [{@uid_eq={'uid', 0x3d, r8}}, {@dont_hash}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, r9}}, {@audit}]}})
mount$9p_fd(0x0, &(0x7f0000000600)='./file0\x00', &(0x7f00000006c0), 0x1020000, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache}, {@access_client}, {@access_uid={'access', 0x3d, r8}}, {@msize={'msize', 0x3d, 0x7}}, {@access_user}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}, {@fscache}, {@dfltuid}], [{@fsmagic={'fsmagic', 0x3d, 0xb84}}]}})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x544000, &(0x7f0000000640)=ANY=[@ANYBLOB='tr\t\x00s=fdfnm=\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYRESHEX=r0])
ioctl$TCXONC(r2, 0x4b45, 0x3)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x3ff, 0x5, &(0x7f0000000500)=[{&(0x7f0000000180)="39619776e7ebdaa86b073b647265473809bc49ac4cba0290adb52636f958a4543b968878048dffaf60843e04950896ce4083b82fd6ff2dc634510346de2f097c374793070188ff49f26603a228faff5fa926776058e517cf20f89a4aedcb3e8c41c95eff5df7216a7a69002b10a20a65ad26", 0x72, 0x6}, {&(0x7f0000000200)="e720767ce8d61b8cce64a3fa65b5197ed427f7f2439ad3fd7088b6f4c65927e1bf59603314756fbf1d3bf4b7d6d63b656532a00c28e53a9f36552f2272746219433e308789cd2f9f78600fbbfc2edc198235973c92be29bcf09b59559dc310401232", 0x62, 0x5}, {&(0x7f0000000280)="9fea3dcc9947a56b0046c18607c1e3e6d00dff6fea69a89828ae678fc58928d4d576a438631861d877a595c6af5287d5b66487a7fa42f8f87a998a8c46ccaa4ebb08a4dfec65d3ae9b9ef77ec61ffa7e7cbf7001db736c635b2e9d943536a65b163c574149bb5bf7dc6321464e8963acfb6db5fe", 0x74, 0x4}, {&(0x7f0000000400)="01c395b4aa3ffa6df96f612f2a6d67fc1c17c1fc4f361af4deb52fa14ea6485cf0971b105e56b0ddd33eca23b5963507a034472b0f3ed1b8edd127cb3fa652c7392f5e0ea36d45805fb1dcc4ba830bb4c33e708be85b56f549b0483d58132256650654cab6bcba6d5987cbd9110b91de75f460e95c7de9c797aa1d18bf83e89baee27941947d0f82f537326ac9755e6e386a71873d494990a5b983dd054c205148b8660c4b0db6898504ec8a2c4576d6aa3f3c4cfc2962aec162d4caa43df5ae8a64601c59ab4f737021cabaf2b23d6a45c893dee1f4f7f81ebe84bf7c858a88b41baf4d85901a6dca3bf731af82aacc62728dc9a66e2d846f", 0xf9, 0xffff}, {&(0x7f0000000300)="87ebfa23e35890a7015cb125433f403acc52fe578bb56f891c17566166c0a071535885c83aa7f38d16b4df523c51f3bed89ec98e2daf0a9a721b26fb7564101d6b8ebe174059b737c38dcfe1cf4dc698d8858603c62a982ed2d55e0471d6f3507f3aeae8b94d16b42ab23d8323c561cbb47b04d82a002f41e9b2fa88887ab590802e4d00774e7cb028f140b7762b3581e0e9c94a71d6db1d18f2c429a872e3a8298ec232012066e01fe90fa658483782579d627b3028fee81d", 0xb9, 0x40}], 0x890420, &(0x7f0000000580)={[{@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x32, 0x70, 0x6f]}}, {@huge_always}, {@huge_always}, {@size={'size', 0x3d, [0x30]}}, {@huge_advise}], [{@audit}]})

05:08:43 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000900)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2675.725774]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2675.725802]  idr_get_free+0x4b5/0x8f0
[ 2675.725836]  idr_alloc_u32+0x170/0x2d0
[ 2675.725861]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2675.725889]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2675.725917]  ? lock_release+0x680/0x680
[ 2675.725942]  idr_alloc+0xc2/0x130
[ 2675.725962]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2675.725978]  ? rwlock_bug.part.0+0x90/0x90
[ 2675.726017]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2675.726051]  p9_client_rpc+0x220/0x1370
05:08:43 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:43 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2675.726071]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2675.726104]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2675.726134]  ? pipe_poll+0x21b/0x800
05:08:43 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5428, 0x3)

[ 2675.726152]  ? p9_fd_close+0x4a0/0x4a0
[ 2675.726168]  ? wait_for_partner+0x3c0/0x3c0
[ 2675.726189]  ? p9_fd_poll+0x1e0/0x2c0
[ 2675.726215]  ? p9_fd_create+0x357/0x4a0
[ 2675.726233]  ? p9_conn_create+0x510/0x510
[ 2675.726249]  ? p9_client_create+0x798/0x1230
[ 2675.726265]  ? kfree+0xd7/0x340
[ 2675.726278]  ? do_raw_spin_unlock+0x4f/0x220
[ 2675.726304]  p9_client_create+0xa76/0x1230
[ 2675.726332]  ? p9_client_flush+0x430/0x430
[ 2675.726351]  ? trace_hardirqs_on+0x5b/0x180
[ 2675.726370]  ? lockdep_init_map_type+0x2c7/0x780
[ 2675.726389]  ? __raw_spin_lock_init+0x36/0x110
[ 2675.726413]  v9fs_session_init+0x1dd/0x1680
[ 2675.726431]  ? lock_release+0x680/0x680
[ 2675.726457]  ? kmem_cache_alloc_trace+0x151/0x320
05:08:43 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2675.726504]  ? v9fs_show_options+0x690/0x690
[ 2675.726531]  ? trace_hardirqs_on+0x5b/0x180
[ 2675.726549]  ? kasan_unpoison_shadow+0x33/0x50
[ 2675.726564]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2675.726583]  v9fs_mount+0x79/0x8f0
[ 2675.726601]  ? v9fs_write_inode+0x60/0x60
[ 2675.726619]  legacy_get_tree+0x105/0x220
05:08:43 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2675.726638]  vfs_get_tree+0x8e/0x300
[ 2675.726654]  path_mount+0x1429/0x2120
[ 2675.726677]  ? strncpy_from_user+0x9e/0x470
[ 2675.726693]  ? finish_automount+0xa90/0xa90
[ 2675.726711]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2675.726728]  ? _copy_from_user+0xfb/0x1b0
[ 2675.726753]  __x64_sys_mount+0x282/0x300
05:08:43 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46)

[ 2675.726768]  ? copy_mnt_ns+0xa00/0xa00
[ 2675.726790]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:08:43 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2675.726808]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2675.726855]  do_syscall_64+0x33/0x40
[ 2675.726876]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2675.726891] RIP: 0033:0x7fbbb0762b19
[ 2675.726915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2675.726924] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2675.726943] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2675.726953] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2675.726963] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2675.726973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2675.726983] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2675.739172] tmpfs: Bad value for 'size'
[ 2675.939362] tmpfs: Bad value for 'size'
[ 2675.940262] tmpfs: Bad value for 'size'
[ 2675.947521] tmpfs: Bad value for 'size'
[ 2675.951653] tmpfs: Bad value for 'size'
[ 2675.996148] loop3: detected capacity change from 0 to 130560
05:08:43 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2676.070941] tmpfs: Bad value for 'size'
[ 2676.072874] tmpfs: Bad value for 'size'
[ 2676.195814] tmpfs: Bad value for 'size'
[ 2676.200532] tmpfs: Bad value for 'size'
[ 2676.200889] tmpfs: Bad value for 'size'
[ 2676.208549] tmpfs: Bad value for 'size'
[ 2676.247039] FAULT_INJECTION: forcing a failure.
[ 2676.247039] name failslab, interval 1, probability 0, space 0, times 0
[ 2676.247065] CPU: 0 PID: 12394 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2676.247076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2676.247082] Call Trace:
[ 2676.247106]  dump_stack+0x107/0x167
[ 2676.247127]  should_fail.cold+0x5/0xa
[ 2676.247150]  ? p9pdu_readf+0xadb/0x1d40
[ 2676.247173]  should_failslab+0x5/0x20
[ 2676.247191]  __kmalloc+0x72/0x390
[ 2676.247217]  p9pdu_readf+0xadb/0x1d40
[ 2676.247243]  ? pipe_poll+0x21b/0x800
[ 2676.247263]  ? p9pdu_writef+0x100/0x100
[ 2676.247283]  ? p9_fd_poll+0x1e0/0x2c0
[ 2676.247308]  ? p9_fd_create+0x357/0x4a0
[ 2676.247327]  ? p9_conn_create+0x510/0x510
[ 2676.247344]  ? p9_client_create+0x798/0x1230
[ 2676.247362]  ? kfree+0xd7/0x340
[ 2676.247379]  ? do_raw_spin_unlock+0x4f/0x220
[ 2676.247405]  p9_client_create+0xaee/0x1230
[ 2676.247434]  ? p9_client_flush+0x430/0x430
[ 2676.247453]  ? trace_hardirqs_on+0x5b/0x180
[ 2676.247475]  ? lockdep_init_map_type+0x2c7/0x780
[ 2676.247493]  ? __raw_spin_lock_init+0x36/0x110
[ 2676.247516]  v9fs_session_init+0x1dd/0x1680
[ 2676.247612]  ? lock_release+0x680/0x680
[ 2676.247637]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2676.247654]  ? v9fs_show_options+0x690/0x690
[ 2676.247675]  ? trace_hardirqs_on+0x5b/0x180
[ 2676.247689]  ? kasan_unpoison_shadow+0x33/0x50
[ 2676.247702]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2676.247716]  v9fs_mount+0x79/0x8f0
[ 2676.247729]  ? v9fs_write_inode+0x60/0x60
[ 2676.247744]  legacy_get_tree+0x105/0x220
[ 2676.247765]  vfs_get_tree+0x8e/0x300
[ 2676.247777]  path_mount+0x1429/0x2120
[ 2676.247795]  ? strncpy_from_user+0x9e/0x470
[ 2676.247808]  ? finish_automount+0xa90/0xa90
[ 2676.247821]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2676.247835]  ? _copy_from_user+0xfb/0x1b0
[ 2676.247853]  __x64_sys_mount+0x282/0x300
[ 2676.247864]  ? copy_mnt_ns+0xa00/0xa00
[ 2676.247881]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2676.247895]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2676.247910]  do_syscall_64+0x33/0x40
[ 2676.247924]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2676.247933] RIP: 0033:0x7fbbb0762b19
[ 2676.247947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2676.247954] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2676.247968] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2676.247976] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2676.247983] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2676.247991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2676.247998] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2676.378589] tmpfs: Bad value for 'size'
[ 2676.382394] tmpfs: Bad value for 'size'
[ 2676.602313] loop3: detected capacity change from 0 to 130560
05:08:58 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:58 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000900)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:08:58 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:58 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000a00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:08:58 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47)

05:08:58 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000000))

05:08:58 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5429, 0x3)

05:08:58 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000a00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2690.589549] tmpfs: Bad value for 'size'
[ 2690.601264] tmpfs: Bad value for 'size'
05:08:58 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5437, 0x3)

[ 2690.611353] tmpfs: Bad value for 'size'
[ 2690.629145] tmpfs: Bad value for 'size'
[ 2690.631373] FAULT_INJECTION: forcing a failure.
[ 2690.631373] name failslab, interval 1, probability 0, space 0, times 0
[ 2690.633771] CPU: 0 PID: 12418 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2690.635204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2690.637044] Call Trace:
[ 2690.637598]  dump_stack+0x107/0x167
[ 2690.638357]  should_fail.cold+0x5/0xa
[ 2690.639154]  ? create_object.isra.0+0x3a/0xa20
[ 2690.640105]  should_failslab+0x5/0x20
[ 2690.640908]  kmem_cache_alloc+0x5b/0x310
[ 2690.641757]  create_object.isra.0+0x3a/0xa20
[ 2690.642664]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2690.643795]  __kmalloc+0x16e/0x390
[ 2690.644552]  p9pdu_readf+0xadb/0x1d40
[ 2690.645347]  ? pipe_poll+0x21b/0x800
[ 2690.646119]  ? p9pdu_writef+0x100/0x100
[ 2690.646944]  ? p9_fd_poll+0x1e0/0x2c0
[ 2690.647739]  ? p9_fd_create+0x357/0x4a0
[ 2690.648575]  ? p9_conn_create+0x510/0x510
[ 2690.649431]  ? p9_client_create+0x798/0x1230
[ 2690.650341]  ? kfree+0xd7/0x340
[ 2690.651022]  ? do_raw_spin_unlock+0x4f/0x220
[ 2690.651939]  p9_client_create+0xaee/0x1230
[ 2690.652830]  ? p9_client_flush+0x430/0x430
[ 2690.653708]  ? trace_hardirqs_on+0x5b/0x180
[ 2690.654614]  ? lockdep_init_map_type+0x2c7/0x780
[ 2690.655594]  ? __raw_spin_lock_init+0x36/0x110
[ 2690.656555]  v9fs_session_init+0x1dd/0x1680
[ 2690.657454]  ? lock_release+0x680/0x680
[ 2690.658284]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2690.659282]  ? v9fs_show_options+0x690/0x690
[ 2690.660200]  ? trace_hardirqs_on+0x5b/0x180
[ 2690.661104]  ? kasan_unpoison_shadow+0x33/0x50
[ 2690.662045]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2690.663095]  v9fs_mount+0x79/0x8f0
[ 2690.663828]  ? v9fs_write_inode+0x60/0x60
[ 2690.664707]  legacy_get_tree+0x105/0x220
[ 2690.665555]  vfs_get_tree+0x8e/0x300
[ 2690.666331]  path_mount+0x1429/0x2120
[ 2690.667128]  ? strncpy_from_user+0x9e/0x470
[ 2690.668019]  ? finish_automount+0xa90/0xa90
[ 2690.668918]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2690.669882]  ? _copy_from_user+0xfb/0x1b0
[ 2690.670749]  __x64_sys_mount+0x282/0x300
[ 2690.671586]  ? copy_mnt_ns+0xa00/0xa00
[ 2690.672402]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2690.673490]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2690.674558]  do_syscall_64+0x33/0x40
[ 2690.675335]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2690.676403] RIP: 0033:0x7fbbb0762b19
[ 2690.677175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2690.681001] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2690.682585] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2690.684065] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2690.685557] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2690.687034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2690.688526] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:08:58 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:58 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, @out_args}, './file0\x00'})
mq_open(&(0x7f0000000080)='\x00', 0x80, 0x20, &(0x7f00000000c0)={0x17f4, 0x2, 0x4, 0x100})
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000040)={0x9bd, 0x6, 0x3f})
pipe(&(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x3)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2690.759892] tmpfs: Bad value for 'size'
[ 2690.760980] tmpfs: Bad value for 'size'
05:08:58 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:58 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:08:58 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5441, 0x3)

05:08:58 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48)

[ 2690.871718] tmpfs: Bad value for 'size'
[ 2690.872802] tmpfs: Bad value for 'size'
[ 2690.879558] tmpfs: Bad value for 'size'
[ 2690.892337] tmpfs: Bad value for 'size'
05:08:58 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
write$binfmt_elf64(r2, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x81, 0x7, 0x0, 0x6, 0x2, 0x6, 0x401, 0x9b, 0x40, 0x1ce, 0x1, 0x1, 0x38, 0x2, 0x3, 0x6, 0x17}, [{0x7, 0x47, 0x5, 0x4, 0x9, 0xffffffffffff673f, 0x9, 0xad8}, {0x7, 0xab59, 0x3f, 0x2, 0x8, 0x0, 0xfffffffffffffffc, 0x100}], "7c69a3b32470d627eef7d0bfa5d56095ebe79315a1708353646979330deb205e424f4275e0fef655733fbc1aeee79c2f150ea3b707bc7f9ae08446f6406e946a1bd6d1b5eff80325ea361ac917d41c828bd445bfd1f9bce493f06ea5dffd7750549e685ea74e993fb20da1b0c1b0418301d139df0a7eb7c032e481a66d4bf264e5e9b805cbf26533ab86432afbbf84b86a8808e6ca573458c75bdcbf7d5ebfc95e6938fe5402daae750b2992005c45cece3413f8fecd65db8adb2d3ac85677369702e67a5648817c80e5c2a136f460ce12271c88462dc7d691fb4ec4496547fea351ebd763d81fc8f208447e2e8393996afbf74feb86a80b82b4792c80de2440635b5586b9c057e7f7673c79ec23f35264bf0f05bc1b404d1c44a57203d0d54707ff3bb37cf2e84e76825c4bf980b9bc63b23a2b792118f96bce714377ff31b7fce9cfea5f5533cbfde3916ffce440097ae2f9195f3b6808e763cc77c9a3398571f1b38c8391d6e88f6b0a4cd589482df2a5e6ba8474189edc26e9ff6fd5bebc124b3967b803a27787a9d3d8d81d0c0156581949663b1c949acb87a235e7109bf9ad20d1efc388c5f84208ff55a61696978c8dd93720a8e5a16fddf481eeab664e4fde4daa646ad83db738bc7b8e992cdadcbd43f9a3c3523fa2573783cf40efe00425e9904ee0f4c9c01d167c8d693340aefac297e79f811e2455b3ff801e841b3e3bc9e08a000867b9da187a2626de1258fea6bec371ce042ac807db8b815b8ca20bbc3d3b06f5aa2eeb0973f19a810517a42036aea31ca9eefa885cd7e85b3c1820457e0b4c0758620ac592bc7327b1ed73111072d5365ef9acf5b2dfccbd721d961d8a356357ffb823714c2a39246d050754fc06e43a52099e1738f6e78b7c351bc7b97bc98bde9841d7e60b04d4cab6024123379e83fbcda014476c8828d8270e0942696006cbb5959e7751699c703f6cf1caaca71cb667e8e8fccdf76b3400ea3528d0605af243209fa5c272ac38872ee8cc61259cbcbf5ea6086df27f1592e288365fd66ed882cd52f60887ab77e8eaef41c5a6a850a57f9b743b56c79d79ad4ec47195148c48b75510454fecb92e373a9745658be394f4a36ef25cbde0f9d355ee3f40f2b4c7ccfefc3b5a9382a92a52ea051297f0f9f2356ebbf03ed2f0ee08f855769624ee6d290cef71535733680ccb2616cebcd28e8aa4b6fdd78207732dd26859cd9d9b729918a631317d82235239ca82809ba42a264222714024a8b88347e5545abdae549798f2b24a3db76094e9d175355a4fdcb8d718c301bd9aa1619657029b678d3d9df88875020bd2416d45ab71486a972c5f41b0d7db8e23cbef82a0953787c0b4bd7145faea101bba6fa9406f3c81db428f74637f85f771efe7ec6fd9ad46909736c4156f49d72fdc48c452f4713a5f25023a07a3815897badab3c98b9eea58a4d4428bd2ee532b53e46e6d5737836a3d3844bbab9d3b977be19e011ea3431c516f31081e369a9e3dcdf8b2927f950bfe50ce3d2b3a97a892bba0caf9dc580e0f6ec2d7ef31ecccb386ef97d694ba79a16daa2a748c9192fd4896cc2f7d8796ea08b1ca94103081ad32f044365df866a34d249a02bed3893e608e3fc02dae86ae9e17dda37757c9c9ef31eb01fe49b737b06f814def635efddf9f35d9cd9764156e754b3f75ee31acb1d36c8d61951383f07cc546e720a1efcba3a80270008d0978897bd544e09678c8f667dbe74026d8ecb359d077202ce373ea73cc4dd5c2b3289b79374a3cfab2131e8af2d57be7a4dfa34d3e4770e6391fb22459bf26d0fe9c54a4a413c0c58984875be64106d340a1a23af706ee3d607bb5cfc8497aa409e2fbb768e3256a804743c49edb62a1c25adc238734c97c26742cce206b02635ef55956e8a2238298d38047724981d7aa84aa199f8daa9a1a78f885ac63dd71cfb2b2f9172dbac8cc958efc5813127c3959fa0d88750904d69c713036eb24c5659f897e2d8567fddb2865a1d7b027a0bc1c5a081b766746d1c144a88126ecb6e143a0e0d4a422cb6ac906b604959f25efb9257222c27c615e7e1a2d392bfd07ad9b97adf6c46943f4299526299e152bb44c9bfbbbfaed9919bfad4bc1989694be71df66a40e2e81c0cc455fa8269db27b8a405f7af5e4dd5c486a21255963b8849d67184f4919b2547eca246dc457522f404d2b7f32378cb40c251c926d02ba90b2e79c250822a8ad09bc240c4925bd347e467a3c605514516cb61d71e56bfad886704c6c5f64a6c5eac720405bcb286598fdfcd7413add5d4b9d0be55da226acec107c07f3b8fd7f89e54fbc30cd1aaa136d5e9753c536aa6b97ac9f9b3064eb6b611944221447d1ce4e04b0ccf6231534dcb4b8c52df9b97cf35f7d2fbf360e7ff4493908421accc1591b3d3ca08e248b6e146c66372013019536348c2c892ea184ba8253432a934fc2518a3291a055d136996cc94da8a483685654d725c3c9cc293f7213c3b6894babaf490a50cd452df22c55076c2c6060021e2d408bb221f1d680d46826908f30b4f883bb6de6a80062ad0070eb097df727cd956e5260cbb9bb226f60c8b055ab740104d394daa7440bb8134534051c987d8872e20cd8e6cff87dc4795a072770f6a9f2edcc10d97cd3af94dd469dc5780f21e0662bc9c5b93ca1109806c462e4a7834dec30e3c84e270782f63118793559ad9937d4d6fca5cad542bcbe457dee303588013df2bfc88fe94d0e9f3abbfd9d6f70b22f55186e8ac557db48c5cd3ac365a9ff0669bab89893d6e4a25d92c446057e1aad6f40d7848542272e04b5a1fded4a460866e329ae0c308c571ac70580f93caff7f73fdf50641ed3c729d00a2440067b78e1e023d444b5da599578cdf42cd536c13111e60dc7d178d2d6f5671606b4cc667a6c4664f94250ca850fa95dee2380c31a823fae59716ab4e032131e516bab9906ad67b5761c5dfae27003f635999a68524c86abafc642c6f4d161f726ae10948863262e7273a956b65092921c0355a550ae409423f9ae8f9a1c8f9d7ce537b85b0912e5bcd44825bbd1870139f14fa7c195afea4c0fa59ede22355965f6bef408554220073598d010b1340ba21af4fb16793014fc49b1b46525831eddcb3bda95ee156b620691b9a5116b46a9c34b25b356cb34a0878fe222e7781403354c345883ae361bd8075dd9704c4e9c897aabf3d14542f32f44d328e8160a30c533d20d2b1c9308294ccd80a6c469a16fc6b18660d46d0e4cf7f52556d2e9316875c4e6bc7ffb792d0998e6d78b9d4b92e156941bf000e64c867a5ed4d1fae820b52019ecb8d91a23bf1358639b697228916f62d2d6a62789e014832e1bb23f40e968ad7f3fb300b7336e2755d48025663ac2b57939a703db9a3ae6e6058a15d7703c4e5111ee9594e4b80d92445d32ea38988414c535551d9cf87a664589050d852a4e06a067fd9143aaba769fbecc470397dad74dc0e580909ff880a7ddfe8fe704d4924ddfa9d98f4f79dd34a4fe44f705a04f2bb67cfb0d561b89b8ee9395f42eed017ed2b796b8a75b574025ad3a0a2331fe4e8478d8974ddac8a182d69ec66c6abb602e9001ce7e8f2686857ae3f588eb7bb6e2eae472129aba692912a176306c3ff96744f2ef5588ea9dd8684b16e505bd41053da05c0e4e88d579e7919a473abecafc3073a3a0416455ca379717ad60f83c1cf8eeeae8e46287db70eda1724f86a71b5b02e3758d5122488876011b79938c068479890a648f6cda34f2cdb42ffbdd33ea53a61f499044f3ae969a8bbe8eff6a5f0049c4eb20b095c9de843e45ebc93c52b2177f687d5c7a22a075d776d5b2502e4058387c1c6ec66ddcdc8bfb0106c0348ed746f08a13c4e0543538b3152771d85769296b097bb18a35fc530fb234e88ac420c827a38bf2e0e23db6c49deccae25c3596ca91b1a61c6b2e1278741e56b910a9a7fe0fd4439dca99dce69ad05c7742b534a312446451b5be8a7701e719e97c9e1724050113ed5ec62a86377499eed3d4113c00fea10db47f6f69b3f35dde45fe367e9bd77102623d8e187f01be2c7446cb89586e85906a6a24d97d8b454545bb6b8ea8cc294b369f28d223f3b56853f809cc5f3a53b1fe3ae7d8f98f06338e1270e2ef2cb76d164961d01ffcc47f70ce05f41a8b2c1464b7b37776671a8d1e13a228868922be5a4de6111c91f1c532c79aad83309cba0c092357b588b20761ae7f8e509c932da79f910435a8099bcec8be2df515299b51908389c403bc06bc0f76bbb066ad9cc3ce8168d4e8890527bc9a2e6c2c9000660c8bbc6404ea5c2607f00d6a4f7ded1f0309eac53403d74ab0a127a6edd3d284cf6e6e347a793606912f12d8b743a849bb5ed9a2b76314f6d3b9a1dcf494a9e18db42b040a2c30a77b30697c26abdb18d7b16db7376c357592d9fe201dad0fc9cfa74a79ad91c0faf3d6f20fdde86985f356a08f5f762ab8575626f8d1dfcbc2660c67cc8b37a857a980f36a37a39ec7e340a519ffcca78f9c60f8b7691449085d83209b1c2d37221010694ae5c2c42c1217acb49260087807f704b062f9105fcc9c6db837edf4a9a854ebd0ccb812bc2883b6e3bc0d2c916b130efa2bd186fa5cce8de168925d42ee124e71e9c4bf36dc4e11892f63bd4f81fb976c452f8b2001136c32103a3c1ca725188be74f31753e83616eb5332ab45f830c7b30bc5ac9abfe0af1856992ae90a12c3a6acd2708bd838495a552d1a030fc388d8a4279a59cca100e8a422835befa5d2ccfd576e697515218cfed88663e45c11a2342170a2a50258c0df17dde1c91e8d263bb78a9a6b5421ad625d3762f97e937742f9e270f6a5788a849f3c8cf7c5c270bbf3d92eced44dc65790b7c69e581f20b45581e374cf39976dd12a5c51bfbcf286b7786967602215948a17eee9a68d7cf752c2f51eb9538fad8a5c4e3969fd1daae30af879fbf606e9f41ecb275b326247db64da4007d45eaef9b3e014d023bb198e7cf5c2cee8aa6e7032c47e32cd99dfd2876ea54c579a4bd81d1f1a982218e048ad807132ffe23d66c03b655a84828a25c3a989539e921bc94d934edd4a90f5d63f95baf33b3fb21375b6dbe974164061fb88b47488752ac0fe117ecac9e3a26054726049ef9988f6ae5d0ed6789bdcf3b837254b657032b1390564baf109810621b1315155990e53b2e804437d5a6363f481815e9bc940c2c64a54170a07a1c785985e90d0fecbd3fc681705951bbb4a0cb4617f14e08962186acd362a79ee75d2fcfa4042b05ac53a47ec43b197d3835462de0efb0b219439554e0aa46c038fb2085f17af5ae2490fd1a0a8e71b0a57096bbef6b4a9816f7ea6ca6dfeac9c3459a8d4a197c12917f389efa046c50fba045527cc80ab7dd09143cb02d129c622a3a8e960957daad3589c8f65ae41a9e64567574cc67ec187f1557a22574003b5f84be4f79f5f64e4d00ec43e8ff7a9557c0c8e9919b465863266dbb308106233dfc079dd077ea10fb91dcae58f2cec647075a9336af33d5ac120ae8784ed9ee447a07d3c36b8a2de0721463c7dfcdf2da0e191e069bc22293cccfac7fa2a3cd3efdcc9dab8f0f65ac5c61ddcefae3f3c1152396f8975214f2fec1de9c2826329b381d9830c13b90fc5fcc6eed85eab6f18880f430121d838b703667979fd4f6e2dbfb70fbc5d68690722d3d171e765e600b8add7a233ea2ec607976319a31ee375c84ffcbd1c4a49361d0ee98ea2f21e17ce781e3905a25374454", ['\x00', '\x00', '\x00']}, 0x13b0)

05:08:58 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2691.015416] tmpfs: Bad value for 'size'
[ 2691.020627] tmpfs: Bad value for 'size'
[ 2691.077133] FAULT_INJECTION: forcing a failure.
[ 2691.077133] name failslab, interval 1, probability 0, space 0, times 0
[ 2691.079686] CPU: 0 PID: 12448 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2691.081211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2691.082947] Call Trace:
[ 2691.083499]  dump_stack+0x107/0x167
[ 2691.084257]  should_fail.cold+0x5/0xa
[ 2691.085068]  should_failslab+0x5/0x20
[ 2691.085866]  __kmalloc_track_caller+0x79/0x370
[ 2691.086883]  ? kasprintf+0xbb/0xf0
[ 2691.087623]  ? __delete_object+0xb3/0x100
[ 2691.088498]  kvasprintf+0xb5/0x150
[ 2691.089239]  ? bust_spinlocks+0xe0/0xe0
[ 2691.090072]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2691.091169]  kasprintf+0xbb/0xf0
[ 2691.091878]  ? kvasprintf_const+0x1a0/0x1a0
[ 2691.092793]  ? kmem_cache_free+0x249/0x2d0
[ 2691.093678]  ? p9_client_create+0xbfa/0x1230
[ 2691.094592]  p9_client_create+0xc1b/0x1230
[ 2691.095475]  ? p9_client_flush+0x430/0x430
[ 2691.096355]  ? trace_hardirqs_on+0x5b/0x180
[ 2691.097262]  ? lockdep_init_map_type+0x2c7/0x780
[ 2691.098242]  ? __raw_spin_lock_init+0x36/0x110
[ 2691.099193]  v9fs_session_init+0x1dd/0x1680
[ 2691.100092]  ? lock_release+0x680/0x680
[ 2691.100934]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2691.101934]  ? v9fs_show_options+0x690/0x690
[ 2691.102860]  ? trace_hardirqs_on+0x5b/0x180
[ 2691.103752]  ? kasan_unpoison_shadow+0x33/0x50
[ 2691.104705]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2691.105757]  v9fs_mount+0x79/0x8f0
[ 2691.106503]  ? v9fs_write_inode+0x60/0x60
[ 2691.107362]  legacy_get_tree+0x105/0x220
[ 2691.108206]  vfs_get_tree+0x8e/0x300
[ 2691.108986]  path_mount+0x1429/0x2120
[ 2691.109786]  ? strncpy_from_user+0x9e/0x470
[ 2691.110688]  ? finish_automount+0xa90/0xa90
[ 2691.111584]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2691.112558]  ? _copy_from_user+0xfb/0x1b0
[ 2691.113423]  __x64_sys_mount+0x282/0x300
[ 2691.114261]  ? copy_mnt_ns+0xa00/0xa00
[ 2691.115107]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2691.116206]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2691.117287]  do_syscall_64+0x33/0x40
[ 2691.118061]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2691.119124] RIP: 0033:0x7fbbb0762b19
[ 2691.119903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2691.123755] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2691.125342] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2691.126825] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2691.128311] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2691.129808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2691.131290] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:09:12 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5450, 0x3)

05:09:12 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x8)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:09:12 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:12 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:12 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49)

05:09:12 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000a00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:09:12 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000b00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:09:12 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000b00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2705.252107] tmpfs: Bad value for 'size'
[ 2705.272628] tmpfs: Bad value for 'size'
[ 2705.274300] tmpfs: Bad value for 'size'
[ 2705.282677] tmpfs: Bad value for 'size'
[ 2705.292623] FAULT_INJECTION: forcing a failure.
[ 2705.292623] name failslab, interval 1, probability 0, space 0, times 0
[ 2705.296556] CPU: 1 PID: 12465 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2705.298370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2705.300494] Call Trace:
[ 2705.301195]  dump_stack+0x107/0x167
[ 2705.302134]  should_fail.cold+0x5/0xa
[ 2705.303117]  ? create_object.isra.0+0x3a/0xa20
[ 2705.304264]  should_failslab+0x5/0x20
[ 2705.305236]  kmem_cache_alloc+0x5b/0x310
[ 2705.306269]  create_object.isra.0+0x3a/0xa20
[ 2705.307321]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2705.308599]  __kmalloc+0x16e/0x390
[ 2705.309512]  p9pdu_readf+0xadb/0x1d40
[ 2705.310457]  ? pipe_poll+0x21b/0x800
[ 2705.311380]  ? p9pdu_writef+0x100/0x100
[ 2705.312363]  ? p9_fd_poll+0x1e0/0x2c0
[ 2705.313331]  ? p9_fd_create+0x357/0x4a0
[ 2705.314316]  ? p9_conn_create+0x510/0x510
[ 2705.315337]  ? p9_client_create+0x798/0x1230
[ 2705.316429]  ? kfree+0xd7/0x340
[ 2705.317263]  ? do_raw_spin_unlock+0x4f/0x220
[ 2705.318378]  p9_client_create+0xaee/0x1230
[ 2705.319464]  ? p9_client_flush+0x430/0x430
[ 2705.320545]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.321632]  ? lockdep_init_map_type+0x2c7/0x780
[ 2705.322831]  ? __raw_spin_lock_init+0x36/0x110
[ 2705.323973]  v9fs_session_init+0x1dd/0x1680
[ 2705.325051]  ? lock_release+0x680/0x680
[ 2705.326233]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2705.327421]  ? v9fs_show_options+0x690/0x690
[ 2705.328593]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.329668]  ? kasan_unpoison_shadow+0x33/0x50
[ 2705.330797]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2705.332048]  v9fs_mount+0x79/0x8f0
[ 2705.333030]  ? v9fs_write_inode+0x60/0x60
[ 2705.334056]  legacy_get_tree+0x105/0x220
[ 2705.335063]  vfs_get_tree+0x8e/0x300
[ 2705.335980]  path_mount+0x1429/0x2120
[ 2705.336942]  ? strncpy_from_user+0x9e/0x470
[ 2705.338004]  ? finish_automount+0xa90/0xa90
[ 2705.339071]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2705.340212]  ? _copy_from_user+0xfb/0x1b0
[ 2705.341256]  __x64_sys_mount+0x282/0x300
[ 2705.342254]  ? copy_mnt_ns+0xa00/0xa00
[ 2705.343219]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2705.344517]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2705.345792]  do_syscall_64+0x33/0x40
[ 2705.346712]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2705.347968] RIP: 0033:0x7fbbb0762b19
[ 2705.348899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2705.353416] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2705.355292] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2705.356985] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2705.358446] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2705.359907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2705.361369] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:09:12 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:12 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0x49, 0x1, 0x7fffffff, 0x400, 0x96, "63247e61862b045155c02840a03c68946e85fb", 0x9})
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:09:12 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5451, 0x3)

05:09:12 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7ffffffe, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2705.500367] tmpfs: Bad value for 'size'
05:09:12 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5452, 0x3)

[ 2705.511212] tmpfs: Bad value for 'size'
[ 2705.518811] tmpfs: Bad value for 'size'
[ 2705.520535] tmpfs: Bad value for 'size'
05:09:13 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x0)

05:09:13 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2705.641641] tmpfs: Bad value for 'size'
05:09:13 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2705.647401] tmpfs: Bad value for 'size'
05:09:13 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50)

[ 2705.761890] tmpfs: Bad value for 'size'
[ 2705.767639] tmpfs: Bad value for 'size'
[ 2705.811042] FAULT_INJECTION: forcing a failure.
[ 2705.811042] name failslab, interval 1, probability 0, space 0, times 0
[ 2705.814106] CPU: 0 PID: 12498 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2705.815721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2705.817585] Call Trace:
[ 2705.818193]  dump_stack+0x107/0x167
[ 2705.819065]  should_fail.cold+0x5/0xa
[ 2705.819996]  should_failslab+0x5/0x20
[ 2705.820876]  __kmalloc_track_caller+0x79/0x370
[ 2705.821925]  ? kstrdup_const+0x53/0x80
[ 2705.822851]  ? kasprintf+0xbb/0xf0
[ 2705.823703]  kstrdup+0x36/0x70
[ 2705.824437]  kstrdup_const+0x53/0x80
[ 2705.825307]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2705.826510]  p9_client_create+0xc6a/0x1230
[ 2705.827523]  ? p9_client_flush+0x430/0x430
[ 2705.828496]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.829520]  ? lockdep_init_map_type+0x2c7/0x780
[ 2705.830606]  ? __raw_spin_lock_init+0x36/0x110
[ 2705.831728]  v9fs_session_init+0x1dd/0x1680
[ 2705.832723]  ? lock_release+0x680/0x680
[ 2705.833642]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2705.834750]  ? v9fs_show_options+0x690/0x690
[ 2705.835969]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.836948]  ? kasan_unpoison_shadow+0x33/0x50
[ 2705.837979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2705.839113]  v9fs_mount+0x79/0x8f0
[ 2705.839969]  ? v9fs_write_inode+0x60/0x60
[ 2705.840956]  legacy_get_tree+0x105/0x220
[ 2705.841883]  vfs_get_tree+0x8e/0x300
[ 2705.842772]  path_mount+0x1429/0x2120
[ 2705.843649]  ? strncpy_from_user+0x9e/0x470
[ 2705.844672]  ? finish_automount+0xa90/0xa90
[ 2705.845638]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2705.846727]  ? _copy_from_user+0xfb/0x1b0
[ 2705.847704]  __x64_sys_mount+0x282/0x300
[ 2705.848681]  ? copy_mnt_ns+0xa00/0xa00
[ 2705.849591]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2705.850833]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2705.852047]  do_syscall_64+0x33/0x40
[ 2705.852908]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2705.854055] RIP: 0033:0x7fbbb0762b19
[ 2705.854954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2705.859520] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2705.861300] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2705.862970] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2705.864650] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2705.866295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2705.867998] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2705.869731] kmem_cache_create(9p-fcall-cache-383) failed with error -12
[ 2705.871340] CPU: 0 PID: 12498 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2705.872978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2705.874864] Call Trace:
[ 2705.875479]  dump_stack+0x107/0x167
[ 2705.876318]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2705.877535]  p9_client_create+0xc6a/0x1230
[ 2705.878509]  ? p9_client_flush+0x430/0x430
[ 2705.879508]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.880554]  ? lockdep_init_map_type+0x2c7/0x780
[ 2705.881674]  ? __raw_spin_lock_init+0x36/0x110
[ 2705.882725]  v9fs_session_init+0x1dd/0x1680
[ 2705.883745]  ? lock_release+0x680/0x680
[ 2705.884683]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2705.885777]  ? v9fs_show_options+0x690/0x690
[ 2705.886800]  ? trace_hardirqs_on+0x5b/0x180
[ 2705.887788]  ? kasan_unpoison_shadow+0x33/0x50
[ 2705.888840]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2705.890005]  v9fs_mount+0x79/0x8f0
[ 2705.890833]  ? v9fs_write_inode+0x60/0x60
[ 2705.891792]  legacy_get_tree+0x105/0x220
[ 2705.892734]  vfs_get_tree+0x8e/0x300
[ 2705.893578]  path_mount+0x1429/0x2120
[ 2705.894456]  ? strncpy_from_user+0x9e/0x470
[ 2705.895436]  ? finish_automount+0xa90/0xa90
[ 2705.896426]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2705.897508]  ? _copy_from_user+0xfb/0x1b0
[ 2705.898468]  __x64_sys_mount+0x282/0x300
[ 2705.899389]  ? copy_mnt_ns+0xa00/0xa00
[ 2705.900326]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2705.901570]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2705.902742]  do_syscall_64+0x33/0x40
[ 2705.903622]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2705.904865] RIP: 0033:0x7fbbb0762b19
[ 2705.905694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2705.909912] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2705.911634] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2705.913278] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2705.914899] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2705.916560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2705.918195] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:09:29 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x1)

05:09:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:29 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000b00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:09:29 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000c00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:09:29 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:29 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51)

05:09:29 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000c00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:09:29 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x545d, 0x3)

[ 2721.651529] tmpfs: Bad value for 'size'
[ 2721.654406] tmpfs: Bad value for 'size'
[ 2721.658570] tmpfs: Bad value for 'size'
[ 2721.661441] tmpfs: Bad value for 'size'
[ 2721.663443] FAULT_INJECTION: forcing a failure.
[ 2721.663443] name failslab, interval 1, probability 0, space 0, times 0
[ 2721.665922] CPU: 1 PID: 12518 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2721.667404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2721.669188] Call Trace:
[ 2721.669760]  dump_stack+0x107/0x167
[ 2721.670549]  should_fail.cold+0x5/0xa
[ 2721.671367]  ? create_object.isra.0+0x3a/0xa20
[ 2721.672342]  should_failslab+0x5/0x20
[ 2721.673175]  kmem_cache_alloc+0x5b/0x310
[ 2721.674037]  ? lock_acquire+0x197/0x470
[ 2721.674906]  create_object.isra.0+0x3a/0xa20
[ 2721.675840]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2721.676950]  __kmalloc_track_caller+0x177/0x370
[ 2721.678013]  ? kstrdup_const+0x53/0x80
[ 2721.678850]  ? kasprintf+0xbb/0xf0
[ 2721.679601]  kstrdup+0x36/0x70
[ 2721.680296]  kstrdup_const+0x53/0x80
[ 2721.681139]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2721.682213]  p9_client_create+0xc6a/0x1230
[ 2721.683125]  ? p9_client_flush+0x430/0x430
[ 2721.684045]  ? trace_hardirqs_on+0x5b/0x180
[ 2721.684975]  ? lockdep_init_map_type+0x2c7/0x780
[ 2721.686003]  ? __raw_spin_lock_init+0x36/0x110
[ 2721.686983]  v9fs_session_init+0x1dd/0x1680
[ 2721.687918]  ? lock_release+0x680/0x680
[ 2721.688789]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2721.689821]  ? v9fs_show_options+0x690/0x690
[ 2721.690772]  ? trace_hardirqs_on+0x5b/0x180
[ 2721.691690]  ? kasan_unpoison_shadow+0x33/0x50
[ 2721.692683]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2721.693784]  v9fs_mount+0x79/0x8f0
[ 2721.694557]  ? v9fs_write_inode+0x60/0x60
[ 2721.695456]  legacy_get_tree+0x105/0x220
[ 2721.696332]  vfs_get_tree+0x8e/0x300
[ 2721.697147]  path_mount+0x1429/0x2120
05:09:29 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7ffffffe, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2721.697978]  ? strncpy_from_user+0x9e/0x470
[ 2721.699030]  ? finish_automount+0xa90/0xa90
05:09:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2721.699983]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2721.701161]  ? _copy_from_user+0xfb/0x1b0
[ 2721.702073]  __x64_sys_mount+0x282/0x300
[ 2721.703060]  ? copy_mnt_ns+0xa00/0xa00
[ 2721.704074]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2721.705251]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2721.706392]  do_syscall_64+0x33/0x40
[ 2721.707224]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2721.708354] RIP: 0033:0x7fbbb0762b19
[ 2721.709209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2721.713299] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2721.714984] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2721.716522] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2721.718091] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2721.719616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2721.721155] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:09:29 executing program 3:
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000000))
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:09:29 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5460, 0x3)

[ 2721.847560] tmpfs: Bad value for 'size'
[ 2721.848676] tmpfs: Bad value for 'size'
[ 2721.862081] tmpfs: Bad value for 'size'
[ 2721.870493] tmpfs: Bad value for 'size'
05:09:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xfeffff7f, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:29 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3)
ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000040))
pipe(&(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, &(0x7f0000000080)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

05:09:29 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:29 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x40049409, 0x3)

[ 2722.050363] tmpfs: Bad value for 'size'
[ 2722.064377] tmpfs: Bad value for 'size'
05:09:29 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52)

[ 2722.104861] tmpfs: Bad value for 'size'
[ 2722.113187] tmpfs: Bad value for 'size'
05:09:29 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xffffff8c, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2722.316516] tmpfs: Bad value for 'size'
[ 2722.320770] FAULT_INJECTION: forcing a failure.
[ 2722.320770] name failslab, interval 1, probability 0, space 0, times 0
[ 2722.323736] CPU: 0 PID: 12548 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2722.325395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2722.327254] Call Trace:
[ 2722.327868]  dump_stack+0x107/0x167
[ 2722.328700]  should_fail.cold+0x5/0xa
[ 2722.329563]  ? create_object.isra.0+0x3a/0xa20
[ 2722.330590]  should_failslab+0x5/0x20
[ 2722.331437]  kmem_cache_alloc+0x5b/0x310
[ 2722.332353]  create_object.isra.0+0x3a/0xa20
[ 2722.333342]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2722.334495]  kmem_cache_alloc+0x159/0x310
[ 2722.335425]  kmem_cache_create_usercopy+0x190/0x2f0
[ 2722.336551]  p9_client_create+0xc6a/0x1230
[ 2722.337521]  ? p9_client_flush+0x430/0x430
[ 2722.338468]  ? trace_hardirqs_on+0x5b/0x180
[ 2722.339435]  ? lockdep_init_map_type+0x2c7/0x780
[ 2722.340496]  ? __raw_spin_lock_init+0x36/0x110
[ 2722.341517]  v9fs_session_init+0x1dd/0x1680
[ 2722.342481]  ? lock_release+0x680/0x680
[ 2722.343371]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2722.344435]  ? v9fs_show_options+0x690/0x690
[ 2722.345422]  ? trace_hardirqs_on+0x5b/0x180
[ 2722.346385]  ? kasan_unpoison_shadow+0x33/0x50
[ 2722.347401]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2722.348527]  v9fs_mount+0x79/0x8f0
[ 2722.349330]  ? v9fs_write_inode+0x60/0x60
[ 2722.350248]  legacy_get_tree+0x105/0x220
[ 2722.351159]  vfs_get_tree+0x8e/0x300
[ 2722.351984]  path_mount+0x1429/0x2120
[ 2722.352846]  ? strncpy_from_user+0x9e/0x470
[ 2722.353794]  ? finish_automount+0xa90/0xa90
[ 2722.354748]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2722.355775]  ? _copy_from_user+0xfb/0x1b0
[ 2722.356710]  __x64_sys_mount+0x282/0x300
[ 2722.357614]  ? copy_mnt_ns+0xa00/0xa00
[ 2722.358484]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2722.359650]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2722.360850]  do_syscall_64+0x33/0x40
[ 2722.361854]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2722.363032] RIP: 0033:0x7fbbb0762b19
[ 2722.363899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2722.368154] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2722.369945] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2722.371693] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2722.373372] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2722.375031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2722.376706] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2722.385980] tmpfs: Bad value for 'size'
[ 2738.459621] tmpfs: Bad value for 'size'
[ 2738.467803] tmpfs: Bad value for 'size'
05:09:45 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53)

05:09:45 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = getpgid(0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x3, r1})
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:09:45 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000d00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:09:45 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:45 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xfffffff6, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:09:45 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x40086602, 0x3)

05:09:45 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000c00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:09:45 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000d00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2738.486333] tmpfs: Bad value for 'size'
05:09:45 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xedc000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2738.505425] FAULT_INJECTION: forcing a failure.
[ 2738.505425] name failslab, interval 1, probability 0, space 0, times 0
[ 2738.509068] CPU: 1 PID: 12561 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2738.510787] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2738.512807] Call Trace:
[ 2738.513490]  dump_stack+0x107/0x167
[ 2738.514576]  should_fail.cold+0x5/0xa
[ 2738.515579]  ? __kmem_cache_create+0x10e/0x520
[ 2738.516715]  should_failslab+0x5/0x20
05:09:45 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x40087602, 0x3)

[ 2738.517608]  kmem_cache_alloc_node+0x55/0x330
[ 2738.518665]  __kmem_cache_create+0x10e/0x520
[ 2738.519630]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2738.520722]  p9_client_create+0xc6a/0x1230
[ 2738.521693]  ? p9_client_flush+0x430/0x430
[ 2738.522628]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.523574]  ? lockdep_init_map_type+0x2c7/0x780
[ 2738.524600]  ? __raw_spin_lock_init+0x36/0x110
[ 2738.525775]  v9fs_session_init+0x1dd/0x1680
[ 2738.526924]  ? lock_release+0x680/0x680
[ 2738.527991]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2738.529235]  ? v9fs_show_options+0x690/0x690
[ 2738.530373]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.531486]  ? kasan_unpoison_shadow+0x33/0x50
[ 2738.532742]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2738.534071]  v9fs_mount+0x79/0x8f0
[ 2738.534989]  ? v9fs_write_inode+0x60/0x60
[ 2738.536161]  legacy_get_tree+0x105/0x220
[ 2738.537385]  vfs_get_tree+0x8e/0x300
[ 2738.538348]  path_mount+0x1429/0x2120
[ 2738.539332]  ? strncpy_from_user+0x9e/0x470
[ 2738.540451]  ? finish_automount+0xa90/0xa90
[ 2738.541584]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2738.542783]  ? _copy_from_user+0xfb/0x1b0
[ 2738.543790]  __x64_sys_mount+0x282/0x300
[ 2738.544702]  ? copy_mnt_ns+0xa00/0xa00
[ 2738.545597]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2738.546776]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2738.547947]  do_syscall_64+0x33/0x40
[ 2738.548781]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2738.549937] RIP: 0033:0x7fbbb0762b19
[ 2738.550812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2738.551300] tmpfs: Bad value for 'size'
[ 2738.554954] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2738.557225] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2738.558837] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2738.560445] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2738.562069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2738.563681] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2738.565640] kmem_cache_create(9p-fcall-cache-386) failed with error -22
[ 2738.567187] CPU: 1 PID: 12561 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2738.568741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2738.570619] Call Trace:
[ 2738.571211]  dump_stack+0x107/0x167
[ 2738.572042]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2738.573253]  p9_client_create+0xc6a/0x1230
[ 2738.574212]  ? p9_client_flush+0x430/0x430
[ 2738.575170]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.575191]  ? lockdep_init_map_type+0x2c7/0x780
[ 2738.575213]  ? __raw_spin_lock_init+0x36/0x110
05:09:46 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000040)={0x0, 0x500, [0x9, 0x8000, 0x9, 0x5, 0x800, 0x400]})

[ 2738.575239]  v9fs_session_init+0x1dd/0x1680
[ 2738.575258]  ? lock_release+0x680/0x680
[ 2738.575283]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2738.575299]  ? v9fs_show_options+0x690/0x690
[ 2738.575324]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.575341]  ? kasan_unpoison_shadow+0x33/0x50
[ 2738.575357]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2738.575375]  v9fs_mount+0x79/0x8f0
[ 2738.575392]  ? v9fs_write_inode+0x60/0x60
[ 2738.575415]  legacy_get_tree+0x105/0x220
[ 2738.575433]  vfs_get_tree+0x8e/0x300
[ 2738.575448]  path_mount+0x1429/0x2120
[ 2738.575469]  ? strncpy_from_user+0x9e/0x470
[ 2738.575485]  ? finish_automount+0xa90/0xa90
[ 2738.575502]  ? getname_flags.part.0+0x1dd/0x4f0
05:09:46 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2738.575520]  ? _copy_from_user+0xfb/0x1b0
[ 2738.575544]  __x64_sys_mount+0x282/0x300
[ 2738.575559]  ? copy_mnt_ns+0xa00/0xa00
[ 2738.575581]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
05:09:46 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2738.575603]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2738.575622]  do_syscall_64+0x33/0x40
[ 2738.575638]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2738.575649] RIP: 0033:0x7fbbb0762b19
[ 2738.575665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2738.575674] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2738.575691] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2738.575701] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2738.575746] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2738.575757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2738.575767] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2738.578174] tmpfs: Bad value for 'size'
05:09:46 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54)

[ 2738.591842] tmpfs: Bad value for 'size'
[ 2738.753474] tmpfs: Bad value for 'size'
[ 2738.755735] tmpfs: Bad value for 'size'
[ 2738.763291] tmpfs: Bad value for 'size'
[ 2738.763633] tmpfs: Bad value for 'size'
[ 2738.860672] FAULT_INJECTION: forcing a failure.
[ 2738.860672] name failslab, interval 1, probability 0, space 0, times 0
[ 2738.863507] CPU: 1 PID: 12593 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2738.865129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2738.867330] Call Trace:
[ 2738.868049]  dump_stack+0x107/0x167
[ 2738.869049]  should_fail.cold+0x5/0xa
[ 2738.870210]  ? create_object.isra.0+0x3a/0xa20
[ 2738.871516]  should_failslab+0x5/0x20
[ 2738.872613]  kmem_cache_alloc+0x5b/0x310
[ 2738.873786]  create_object.isra.0+0x3a/0xa20
[ 2738.875033]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2738.876554]  kmem_cache_alloc+0x159/0x310
[ 2738.877845]  kmem_cache_create_usercopy+0x190/0x2f0
[ 2738.879276]  p9_client_create+0xc6a/0x1230
[ 2738.880485]  ? p9_client_flush+0x430/0x430
[ 2738.881725]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.882941]  ? lockdep_init_map_type+0x2c7/0x780
[ 2738.884208]  ? __raw_spin_lock_init+0x36/0x110
[ 2738.885472]  v9fs_session_init+0x1dd/0x1680
[ 2738.886702]  ? lock_release+0x680/0x680
[ 2738.887834]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2738.889180]  ? v9fs_show_options+0x690/0x690
[ 2738.890400]  ? trace_hardirqs_on+0x5b/0x180
[ 2738.891597]  ? kasan_unpoison_shadow+0x33/0x50
[ 2738.892866]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2738.894270]  v9fs_mount+0x79/0x8f0
[ 2738.895250]  ? v9fs_write_inode+0x60/0x60
[ 2738.896518]  legacy_get_tree+0x105/0x220
[ 2738.897699]  vfs_get_tree+0x8e/0x300
[ 2738.898618]  path_mount+0x1429/0x2120
[ 2738.899563]  ? strncpy_from_user+0x9e/0x470
[ 2738.900626]  ? finish_automount+0xa90/0xa90
[ 2738.901716]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2738.902862]  ? _copy_from_user+0xfb/0x1b0
[ 2738.903900]  __x64_sys_mount+0x282/0x300
[ 2738.904911]  ? copy_mnt_ns+0xa00/0xa00
[ 2738.905867]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2738.907159]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2738.908512]  do_syscall_64+0x33/0x40
[ 2738.909396]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2738.910580] RIP: 0033:0x7fbbb0762b19
[ 2738.911442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2738.915685] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2738.917453] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2738.919145] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2738.920787] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2738.922440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2738.924078] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:10:01 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xfeffff7f, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:01 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:01 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000d00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:10:01 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000e00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:10:01 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4020940d, 0x3)

05:10:01 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55)

05:10:01 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000e00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:10:01 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x3)

[ 2754.205280] FAULT_INJECTION: forcing a failure.
[ 2754.205280] name failslab, interval 1, probability 0, space 0, times 0
[ 2754.208228] CPU: 1 PID: 12600 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2754.210022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2754.212161] Call Trace:
[ 2754.212844]  dump_stack+0x107/0x167
[ 2754.213799]  should_fail.cold+0x5/0xa
[ 2754.214786]  ? create_object.isra.0+0x3a/0xa20
[ 2754.215964]  should_failslab+0x5/0x20
[ 2754.216763]  kmem_cache_alloc+0x5b/0x310
[ 2754.217833]  create_object.isra.0+0x3a/0xa20
[ 2754.218792]  kmemleak_alloc_percpu+0xa0/0x100
[ 2754.219951]  pcpu_alloc+0x4e2/0x1240
[ 2754.220782]  __kmem_cache_create+0x35a/0x520
[ 2754.221735]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2754.222812]  p9_client_create+0xc6a/0x1230
[ 2754.223908]  ? p9_client_flush+0x430/0x430
[ 2754.224819]  ? trace_hardirqs_on+0x5b/0x180
[ 2754.225947]  ? lockdep_init_map_type+0x2c7/0x780
[ 2754.226960]  ? __raw_spin_lock_init+0x36/0x110
[ 2754.227954]  v9fs_session_init+0x1dd/0x1680
[ 2754.228864]  ? lock_release+0x680/0x680
[ 2754.229729]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2754.230805]  ? v9fs_show_options+0x690/0x690
[ 2754.231754]  ? trace_hardirqs_on+0x5b/0x180
[ 2754.232663]  ? kasan_unpoison_shadow+0x33/0x50
[ 2754.233630]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2754.234701]  v9fs_mount+0x79/0x8f0
[ 2754.235463]  ? v9fs_write_inode+0x60/0x60
[ 2754.236339]  legacy_get_tree+0x105/0x220
[ 2754.237390]  vfs_get_tree+0x8e/0x300
[ 2754.238186]  path_mount+0x1429/0x2120
[ 2754.239002]  ? strncpy_from_user+0x9e/0x470
[ 2754.239912]  ? finish_automount+0xa90/0xa90
[ 2754.240819]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2754.241825]  ? _copy_from_user+0xfb/0x1b0
[ 2754.242556] tmpfs: Bad value for 'size'
[ 2754.242774]  __x64_sys_mount+0x282/0x300
[ 2754.244553]  ? copy_mnt_ns+0xa00/0xa00
[ 2754.245393]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2754.246495]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2754.247606]  do_syscall_64+0x33/0x40
[ 2754.248393]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2754.249472] RIP: 0033:0x7fbbb0762b19
[ 2754.250275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2754.254707] tmpfs: Bad value for 'size'
[ 2754.254728] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2754.257746] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2754.257759] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2754.257771] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2754.257783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2754.257795] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2754.262428] tmpfs: Bad value for 'size'
[ 2754.272373] tmpfs: Bad value for 'size'
05:10:01 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x2)

05:10:01 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:01 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xffffff8c, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2754.482667] tmpfs: Bad value for 'size'
05:10:01 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x80045432, 0x3)

[ 2754.508355] tmpfs: Bad value for 'size'
[ 2754.539239] tmpfs: Bad value for 'size'
[ 2754.547679] tmpfs: Bad value for 'size'
05:10:02 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56)

05:10:02 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:02 executing program 3:
semget(0x3, 0x1, 0x1)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = semget(0x1, 0x2, 0x441)
semctl$IPC_RMID(r1, 0x0, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x1)

05:10:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xfffffff6, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2754.734267] tmpfs: Bad value for 'size'
[ 2754.747199] tmpfs: Bad value for 'size'
[ 2754.753095] FAULT_INJECTION: forcing a failure.
[ 2754.753095] name failslab, interval 1, probability 0, space 0, times 0
[ 2754.755495] CPU: 1 PID: 12632 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2754.756957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2754.758729] Call Trace:
[ 2754.759310]  dump_stack+0x107/0x167
[ 2754.760230]  should_fail.cold+0x5/0xa
[ 2754.761236]  ? create_object.isra.0+0x3a/0xa20
[ 2754.762212]  should_failslab+0x5/0x20
[ 2754.763021]  kmem_cache_alloc+0x5b/0x310
[ 2754.763886]  ? mark_held_locks+0x9e/0xe0
[ 2754.764849]  create_object.isra.0+0x3a/0xa20
[ 2754.765902]  kmemleak_alloc_percpu+0xa0/0x100
[ 2754.766865]  pcpu_alloc+0x4e2/0x1240
[ 2754.767685]  __kmem_cache_create+0x35a/0x520
[ 2754.768628]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2754.769718]  p9_client_create+0xc6a/0x1230
[ 2754.770758]  ? p9_client_flush+0x430/0x430
[ 2754.771684]  ? trace_hardirqs_on+0x5b/0x180
[ 2754.772773]  ? lockdep_init_map_type+0x2c7/0x780
[ 2754.773797]  ? __raw_spin_lock_init+0x36/0x110
[ 2754.774775]  v9fs_session_init+0x1dd/0x1680
[ 2754.775696]  ? lock_release+0x680/0x680
[ 2754.776555]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2754.777596]  ? v9fs_show_options+0x690/0x690
[ 2754.778627]  ? trace_hardirqs_on+0x5b/0x180
[ 2754.779552]  ? kasan_unpoison_shadow+0x33/0x50
[ 2754.780521]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2754.781612]  v9fs_mount+0x79/0x8f0
[ 2754.782371]  ? v9fs_write_inode+0x60/0x60
[ 2754.783255]  legacy_get_tree+0x105/0x220
[ 2754.784118]  vfs_get_tree+0x8e/0x300
[ 2754.784906]  path_mount+0x1429/0x2120
[ 2754.785737]  ? strncpy_from_user+0x9e/0x470
[ 2754.786661]  ? finish_automount+0xa90/0xa90
[ 2754.787574]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2754.788568]  ? _copy_from_user+0xfb/0x1b0
[ 2754.789469]  __x64_sys_mount+0x282/0x300
[ 2754.790327]  ? copy_mnt_ns+0xa00/0xa00
[ 2754.791164]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2754.792274]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2754.793387]  do_syscall_64+0x33/0x40
[ 2754.794177]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2754.795258] RIP: 0033:0x7fbbb0762b19
[ 2754.796044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2754.799914] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2754.801527] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2754.803032] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2754.804248] tmpfs: Bad value for 'size'
[ 2754.804541] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2754.804562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2754.808404] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2754.814829] tmpfs: Bad value for 'size'
05:10:02 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x80045440, 0x3)

05:10:02 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xedc000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2754.964338] tmpfs: Bad value for 'size'
[ 2754.969340] tmpfs: Bad value for 'size'
05:10:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:17 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x80086601, 0x3)

05:10:17 executing program 3:
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="42bb89fdd315c37aef62d3ccca0de07b", 0x10)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="3a30c323", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x100, 0x81, 0x3f, 0x80, 0x4}})
ioctl$TCXONC(r0, 0x4b45, 0x3)

05:10:17 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000f00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:10:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x8000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:17 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57)

05:10:17 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000e00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:10:17 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000f00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

[ 2769.935466] FAULT_INJECTION: forcing a failure.
[ 2769.935466] name failslab, interval 1, probability 0, space 0, times 0
[ 2769.936068] tmpfs: Bad value for 'size'
[ 2769.938215] CPU: 0 PID: 12656 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2769.940359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2769.942130] Call Trace:
[ 2769.942153]  dump_stack+0x107/0x167
[ 2769.942172]  should_fail.cold+0x5/0xa
[ 2769.942198]  should_failslab+0x5/0x20
[ 2769.942215]  __kmalloc_track_caller+0x79/0x370
[ 2769.942233]  ? kstrdup_const+0x53/0x80
[ 2769.942256]  kstrdup+0x36/0x70
[ 2769.942275]  kstrdup_const+0x53/0x80
[ 2769.942295]  kvasprintf_const+0x10c/0x1a0
[ 2769.942315]  kobject_set_name_vargs+0x56/0x150
[ 2769.942334]  kobject_init_and_add+0xc9/0x160
[ 2769.942352]  ? kobject_create_and_add+0xb0/0xb0
[ 2769.942448]  ? wait_for_completion_io+0x270/0x270
[ 2769.942467]  ? kernfs_name_hash+0xe7/0x110
[ 2769.942489]  ? kernfs_find_ns+0x256/0x380
[ 2769.942516]  sysfs_slab_add+0x172/0x200
[ 2769.942538]  __kmem_cache_create+0x3db/0x520
[ 2769.942561]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2769.942586]  p9_client_create+0xc6a/0x1230
[ 2769.942614]  ? p9_client_flush+0x430/0x430
[ 2769.942634]  ? trace_hardirqs_on+0x5b/0x180
[ 2769.942655]  ? lockdep_init_map_type+0x2c7/0x780
[ 2769.942675]  ? __raw_spin_lock_init+0x36/0x110
[ 2769.942699]  v9fs_session_init+0x1dd/0x1680
[ 2769.942717]  ? lock_release+0x680/0x680
[ 2769.942740]  ? asm_sysvec_call_function_single+0x12/0x20
[ 2769.942753]  ? trace_hardirqs_on+0x5b/0x180
[ 2769.942772]  ? v9fs_show_options+0x690/0x690
[ 2769.942800]  ? _raw_spin_unlock_irqrestore+0x25/0x40
[ 2769.942817]  ? kasan_unpoison_shadow+0x33/0x50
[ 2769.942833]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2769.942852]  v9fs_mount+0x79/0x8f0
[ 2769.942870]  ? v9fs_write_inode+0x60/0x60
[ 2769.942889]  legacy_get_tree+0x105/0x220
[ 2769.942908]  vfs_get_tree+0x8e/0x300
[ 2769.942924]  path_mount+0x1429/0x2120
[ 2769.942946]  ? strncpy_from_user+0x9e/0x470
[ 2769.942963]  ? finish_automount+0xa90/0xa90
[ 2769.942981]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2769.942997]  ? _copy_from_user+0xfb/0x1b0
[ 2769.943022]  __x64_sys_mount+0x282/0x300
[ 2769.943038]  ? copy_mnt_ns+0xa00/0xa00
[ 2769.943060]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2769.943077]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2769.943096]  do_syscall_64+0x33/0x40
[ 2769.943113]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2769.943125] RIP: 0033:0x7fbbb0762b19
[ 2769.943142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2769.943152] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2769.943171] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2769.943181] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2769.943191] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2769.943201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2769.943211] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2769.943362] kobject: can not set name properly!
[ 2769.943449] kmem_cache_create(9p-fcall-cache-390) failed with error -12
[ 2769.943466] CPU: 0 PID: 12656 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2769.943476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2769.943481] Call Trace:
[ 2769.943532]  dump_stack+0x107/0x167
[ 2769.943554]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2769.943578]  p9_client_create+0xc6a/0x1230
[ 2769.943604]  ? p9_client_flush+0x430/0x430
[ 2769.943621]  ? trace_hardirqs_on+0x5b/0x180
[ 2769.943640]  ? lockdep_init_map_type+0x2c7/0x780
[ 2769.943659]  ? __raw_spin_lock_init+0x36/0x110
[ 2769.943680]  v9fs_session_init+0x1dd/0x1680
[ 2769.943703]  ? lock_release+0x680/0x680
[ 2769.943725]  ? asm_sysvec_call_function_single+0x12/0x20
[ 2769.943737]  ? trace_hardirqs_on+0x5b/0x180
[ 2769.943761]  ? v9fs_show_options+0x690/0x690
[ 2769.943788]  ? _raw_spin_unlock_irqrestore+0x25/0x40
[ 2769.943805]  ? kasan_unpoison_shadow+0x33/0x50
[ 2769.943831]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2769.943849]  v9fs_mount+0x79/0x8f0
[ 2769.943867]  ? v9fs_write_inode+0x60/0x60
[ 2769.943890]  legacy_get_tree+0x105/0x220
[ 2769.943908]  vfs_get_tree+0x8e/0x300
[ 2769.943927]  path_mount+0x1429/0x2120
[ 2769.943948]  ? strncpy_from_user+0x9e/0x470
[ 2769.943967]  ? finish_automount+0xa90/0xa90
[ 2769.943987]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2769.944008]  ? _copy_from_user+0xfb/0x1b0
[ 2769.944036]  __x64_sys_mount+0x282/0x300
[ 2769.944055]  ? copy_mnt_ns+0xa00/0xa00
[ 2769.944078]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2769.944099]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2769.944119]  do_syscall_64+0x33/0x40
[ 2769.944140]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2769.944156] RIP: 0033:0x7fbbb0762b19
[ 2769.944177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2769.944191] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2769.944221] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2769.944237] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2769.944252] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
05:10:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2769.944268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2769.944284] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2769.955219] tmpfs: Bad value for 'size'
[ 2769.955559] tmpfs: Bad value for 'size'
[ 2769.957448] tmpfs: Bad value for 'size'
05:10:17 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x80087601, 0x3)

05:10:17 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000000))
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
sendfile(r1, r0, 0x0, 0x4)

05:10:17 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58)

[ 2770.173397] tmpfs: Bad value for 'size'
[ 2770.175111] tmpfs: Bad value for 'size'
05:10:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2770.190534] FAULT_INJECTION: forcing a failure.
[ 2770.190534] name failslab, interval 1, probability 0, space 0, times 0
[ 2770.193147] CPU: 1 PID: 12679 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2770.194651] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2770.196391] Call Trace:
[ 2770.196977]  dump_stack+0x107/0x167
[ 2770.197747]  should_fail.cold+0x5/0xa
[ 2770.198557]  ? create_object.isra.0+0x3a/0xa20
[ 2770.199523]  should_failslab+0x5/0x20
[ 2770.200328]  kmem_cache_alloc+0x5b/0x310
[ 2770.201177]  ? lock_release+0x680/0x680
[ 2770.202014]  create_object.isra.0+0x3a/0xa20
[ 2770.202926]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2770.204004]  __kmalloc_track_caller+0x177/0x370
[ 2770.204981]  ? kstrdup_const+0x53/0x80
[ 2770.205818]  kstrdup+0x36/0x70
[ 2770.206492]  kstrdup_const+0x53/0x80
[ 2770.207276]  kvasprintf_const+0x10c/0x1a0
[ 2770.208146]  kobject_set_name_vargs+0x56/0x150
[ 2770.209104]  kobject_init_and_add+0xc9/0x160
[ 2770.210030]  ? kobject_create_and_add+0xb0/0xb0
[ 2770.211013]  ? wait_for_completion_io+0x270/0x270
[ 2770.212019]  ? kernfs_name_hash+0xe7/0x110
[ 2770.212906]  ? kernfs_find_ns+0x256/0x380
[ 2770.213801]  sysfs_slab_add+0x172/0x200
[ 2770.214648]  __kmem_cache_create+0x3db/0x520
[ 2770.215570]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2770.216607]  p9_client_create+0xc6a/0x1230
[ 2770.217560]  ? p9_client_flush+0x430/0x430
[ 2770.218564]  ? trace_hardirqs_on+0x5b/0x180
[ 2770.219465]  ? lockdep_init_map_type+0x2c7/0x780
[ 2770.220452]  ? __raw_spin_lock_init+0x36/0x110
[ 2770.221422]  v9fs_session_init+0x1dd/0x1680
[ 2770.222344]  ? lock_release+0x680/0x680
[ 2770.223175]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2770.224183]  ? v9fs_show_options+0x690/0x690
[ 2770.225119]  ? trace_hardirqs_on+0x5b/0x180
[ 2770.226025]  ? kasan_unpoison_shadow+0x33/0x50
[ 2770.226979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2770.228031]  v9fs_mount+0x79/0x8f0
[ 2770.228777]  ? v9fs_write_inode+0x60/0x60
[ 2770.229655]  legacy_get_tree+0x105/0x220
[ 2770.230509]  vfs_get_tree+0x8e/0x300
[ 2770.231300]  path_mount+0x1429/0x2120
[ 2770.232098]  ? strncpy_from_user+0x9e/0x470
[ 2770.232999]  ? finish_automount+0xa90/0xa90
[ 2770.233903]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2770.234871]  ? _copy_from_user+0xfb/0x1b0
[ 2770.235737]  __x64_sys_mount+0x282/0x300
[ 2770.236578]  ? copy_mnt_ns+0xa00/0xa00
[ 2770.237410]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2770.238567]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2770.239650]  do_syscall_64+0x33/0x40
[ 2770.240427]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2770.241501] RIP: 0033:0x7fbbb0762b19
[ 2770.242290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2770.246159] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2770.247771] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2770.247782] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2770.247792] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2770.247802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2770.247812] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2770.278917] tmpfs: Bad value for 'size'
05:10:17 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2770.318685] tmpfs: Bad value for 'size'
05:10:17 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0xc0045878, 0x3)

[ 2770.415132] tmpfs: Bad value for 'size'
[ 2770.423529] tmpfs: Bad value for 'size'
05:10:17 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x600000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:17 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
pipe(&(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000000)={0x5942, 0x9, 0x5, 0x1, 0x20, "f7197087ce0d3608f736bed2e5c5831ef588e4", 0x100000, 0xa0})

05:10:18 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2770.575413] tmpfs: Bad value for 'size'
[ 2770.577367] tmpfs: Bad value for 'size'
[ 2770.692060] tmpfs: Bad value for 'size'
[ 2770.702044] tmpfs: Bad value for 'size'
[ 2786.984587] tmpfs: Bad value for 'size'
[ 2786.985703] tmpfs: Bad value for 'size'
05:10:34 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b45, 0x3)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xd3bd, 0x20000)
recvmmsg$unix(r1, &(0x7f0000002dc0), 0x0, 0x40, &(0x7f0000002e80)={0x0, 0x989680})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x6, 0x100010, r1, 0x8000000)
r3 = syz_io_uring_setup(0x47d5, &(0x7f00000002c0)={0x0, 0x7744, 0x1, 0x2, 0x2f7}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x66e2, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r6, 0x0, 0x0}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0)
syz_io_uring_submit(r7, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r2, r5, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x6, 0x0, r8, 0x0, &(0x7f00000000c0)="e3835b92f3cc6d8d0406dde22634677f32b8d0205ce5292acc8c7c5019f961823a441a6283f1acebebf955e0521d59a5b8c15334a33a3607584370d18f2639656182197a50547b42d53c87f5f1c1f8977c7e4c621795cb6d13ddbed9f90cc99584dd037683c373894460f5d5063a98bf4b224405d719d8f5bfa44059e5db29e34a2191e54d50428bbc88b770af6945df721964ca37300bc9f82714", 0x9b, 0x1}, 0x3ff)

05:10:34 executing program 0:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59)

05:10:34 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x100000f00)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$setpipe(r4, 0x407, 0x3ff)
pipe2(&(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f00000522c0)={0x0, [], 0x0, "5722544454e690"})

05:10:34 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1fffffff5)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:10:34 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0xc0045878, 0x3)

05:10:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x700000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

05:10:34 executing program 7:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40000)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x1fffffff5)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
pipe(&(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
fcntl$setpipe(r3, 0x407, 0x3ff)
openat$urandom(0xffffffffffffff9c, 0x0, 0x68100, 0x0)

05:10:34 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2787.005380] tmpfs: Bad value for 'size'
05:10:34 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2787.018382] tmpfs: Bad value for 'size'
05:10:34 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0xc0189436, 0x3)

[ 2787.039362] FAULT_INJECTION: forcing a failure.
[ 2787.039362] name failslab, interval 1, probability 0, space 0, times 0
[ 2787.041120] CPU: 0 PID: 12721 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2787.041981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2787.043007] Call Trace:
[ 2787.043342]  dump_stack+0x107/0x167
[ 2787.043817]  should_fail.cold+0x5/0xa
[ 2787.044301]  should_failslab+0x5/0x20
[ 2787.044778]  __kmalloc_track_caller+0x79/0x370
[ 2787.045357]  ? kstrdup_const+0x53/0x80
[ 2787.045851]  kstrdup+0x36/0x70
[ 2787.046253]  kstrdup_const+0x53/0x80
[ 2787.046729]  __kernfs_new_node+0x9d/0x860
[ 2787.047256]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 2787.047870]  ? lock_acquire+0x197/0x470
[ 2787.048366]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2787.049020]  ? lock_release+0x680/0x680
[ 2787.049524]  ? find_held_lock+0x2c/0x110
[ 2787.050032]  kernfs_new_node+0x18d/0x250
[ 2787.050544]  kernfs_create_dir_ns+0x49/0x160
[ 2787.051095]  sysfs_create_dir_ns+0x127/0x290
[ 2787.051652]  ? sysfs_create_mount_point+0xb0/0xb0
[ 2787.052341]  ? rwlock_bug.part.0+0x90/0x90
[ 2787.052958]  ? do_raw_spin_unlock+0x4f/0x220
[ 2787.053524]  kobject_add_internal+0x25e/0xa30
[ 2787.054160]  kobject_init_and_add+0x101/0x160
[ 2787.054173]  ? kobject_create_and_add+0xb0/0xb0
[ 2787.054190]  ? wait_for_completion_io+0x270/0x270
[ 2787.054199]  ? kernfs_name_hash+0xe7/0x110
[ 2787.054214]  ? kernfs_find_ns+0x256/0x380
[ 2787.054231]  sysfs_slab_add+0x172/0x200
[ 2787.054244]  __kmem_cache_create+0x3db/0x520
[ 2787.054268]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2787.059051]  p9_client_create+0xc6a/0x1230
[ 2787.059068]  ? p9_client_flush+0x430/0x430
[ 2787.059089]  ? trace_hardirqs_on+0x5b/0x180
[ 2787.061014]  ? lockdep_init_map_type+0x2c7/0x780
[ 2787.061609]  ? __raw_spin_lock_init+0x36/0x110
[ 2787.062192]  v9fs_session_init+0x1dd/0x1680
[ 2787.062723]  ? lock_release+0x680/0x680
[ 2787.063221]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2787.063816]  ? v9fs_show_options+0x690/0x690
[ 2787.063832]  ? trace_hardirqs_on+0x5b/0x180
[ 2787.063850]  ? kasan_unpoison_shadow+0x33/0x50
[ 2787.065851]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2787.066476]  v9fs_mount+0x79/0x8f0
[ 2787.066919]  ? v9fs_write_inode+0x60/0x60
[ 2787.067431]  legacy_get_tree+0x105/0x220
[ 2787.067934]  vfs_get_tree+0x8e/0x300
[ 2787.068399]  path_mount+0x1429/0x2120
[ 2787.068414]  ? strncpy_from_user+0x9e/0x470
[ 2787.068433]  ? finish_automount+0xa90/0xa90
[ 2787.070276]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2787.070850]  ? _copy_from_user+0xfb/0x1b0
[ 2787.071372]  __x64_sys_mount+0x282/0x300
[ 2787.071869]  ? copy_mnt_ns+0xa00/0xa00
[ 2787.072353]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2787.072996]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2787.073655]  do_syscall_64+0x33/0x40
[ 2787.074113]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2787.074754] RIP: 0033:0x7fbbb0762b19
[ 2787.075225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2787.077515] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2787.078458] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2787.079346] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2787.080232] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2787.081114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2787.082007] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
[ 2787.083040] kobject_add_internal failed for 9p-fcall-cache-392 (error: -12 parent: slab)
[ 2787.084124] kmem_cache_create(9p-fcall-cache-392) failed with error -12
[ 2787.085233] CPU: 0 PID: 12721 Comm: syz-executor.0 Not tainted 5.10.234 #1
[ 2787.086127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2787.087145] Call Trace:
[ 2787.087473]  dump_stack+0x107/0x167
[ 2787.087923]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2787.088564]  p9_client_create+0xc6a/0x1230
[ 2787.089093]  ? p9_client_flush+0x430/0x430
[ 2787.089628]  ? trace_hardirqs_on+0x5b/0x180
[ 2787.090160]  ? lockdep_init_map_type+0x2c7/0x780
[ 2787.090742]  ? __raw_spin_lock_init+0x36/0x110
[ 2787.091306]  v9fs_session_init+0x1dd/0x1680
[ 2787.091854]  ? lock_release+0x680/0x680
[ 2787.092456]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2787.093058]  ? v9fs_show_options+0x690/0x690
[ 2787.093607]  ? trace_hardirqs_on+0x5b/0x180
[ 2787.094133]  ? kasan_unpoison_shadow+0x33/0x50
[ 2787.094697]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2787.095317]  v9fs_mount+0x79/0x8f0
[ 2787.095752]  ? v9fs_write_inode+0x60/0x60
[ 2787.096272]  legacy_get_tree+0x105/0x220
[ 2787.096784]  vfs_get_tree+0x8e/0x300
[ 2787.097236]  path_mount+0x1429/0x2120
[ 2787.097712]  ? strncpy_from_user+0x9e/0x470
[ 2787.098242]  ? finish_automount+0xa90/0xa90
[ 2787.098775]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2787.099353]  ? _copy_from_user+0xfb/0x1b0
[ 2787.099867]  __x64_sys_mount+0x282/0x300
[ 2787.100368]  ? copy_mnt_ns+0xa00/0xa00
[ 2787.100857]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2787.101502]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2787.102129]  do_syscall_64+0x33/0x40
[ 2787.102589]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2787.103215] RIP: 0033:0x7fbbb0762b19
[ 2787.103668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2787.105916] RSP: 002b:00007fbbadcd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2787.106845] RAX: ffffffffffffffda RBX: 00007fbbb0875f60 RCX: 00007fbbb0762b19
[ 2787.107712] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
[ 2787.108579] RBP: 00007fbbadcd81d0 R08: 0000000020000140 R09: 0000000000000000
[ 2787.109451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2787.110315] R13: 00007ffe9584afcf R14: 00007fbbadcd8300 R15: 0000000000022000
05:10:34 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x4b45, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000040))

[ 2787.139005] tmpfs: Bad value for 'size'
05:10:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x800000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2787.154054] tmpfs: Bad value for 'size'
[ 2787.159845] tmpfs: Bad value for 'size'
[ 2787.165443] tmpfs: Bad value for 'size'
05:10:34 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x900000000000000, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@size={'size', 0x3d, [0x70, 0x31]}}]})

[ 2787.216476] tmpfs: Bad value for 'size'
[ 2787.220759] tmpfs: Bad value for 'size'
[ 2801.225366] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
BUG: memory leak
unreferenced object 0xffff88800fc8e900 (size 32):
  comm "syz-executor.0", pid 12721, jiffies 4297453879 (age 24.003s)
  hex dump (first 32 bytes):
    39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 33  9p-fcall-cache-3
    39 32 00 0f 80 88 ff ff 00 00 00 00 00 00 00 00  92..............
  backtrace:
    [<000000008f2e5fc4>] kstrdup+0x36/0x70
    [<00000000ce91157c>] kstrdup_const+0x53/0x80
    [<0000000016e2549a>] kvasprintf_const+0x10c/0x1a0
    [<0000000014dd2eba>] kobject_set_name_vargs+0x56/0x150
    [<000000004ea468c0>] kobject_init_and_add+0xc9/0x160
    [<00000000ff881bda>] sysfs_slab_add+0x172/0x200
    [<00000000dc51580f>] __kmem_cache_create+0x3db/0x520
    [<000000001ef2d258>] kmem_cache_create_usercopy+0x1db/0x2f0
    [<00000000757d61ab>] p9_client_create+0xc6a/0x1230
    [<000000008058043f>] v9fs_session_init+0x1dd/0x1680
    [<000000009bcb101c>] v9fs_mount+0x79/0x8f0
    [<000000004595512d>] legacy_get_tree+0x105/0x220
    [<0000000072c75416>] vfs_get_tree+0x8e/0x300
    [<00000000555cba73>] path_mount+0x1429/0x2120
    [<00000000a2a4bee1>] __x64_sys_mount+0x282/0x300
    [<00000000bab24ff1>] do_syscall_64+0x33/0x40

BUG: leak checking failed

VM DIAGNOSIS:
05:10:59  Registers:
info registers vcpu 0
RAX=ffffffff83e7e9b0 RBX=0000000000000000 RCX=ffffffff83e6658c RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e7efb8 RBP=0000000000000000 RSP=ffffffff84e07e38
R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001
R12=0000000000000000 R13=ffffffff85678508 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e7e9be RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffdedc75da8 CR3=000000000fc4e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=656a626f206465636e6572656665726e
XMM02=3a29323320657a697328203030396538 XMM03=323120646970202c22302e726f747563
XMM04=6c6c6163662d70392020333320643220 XMM05=32206336206336203136203336203636
XMM06=73657479622032332074737269662820 XMM07=2e343220656761282039373833353437
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffffff83e7e9b0 RBX=0000000000000001 RCX=ffffffff83e6658c RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e7efb8 RBP=0000000000000001 RSP=ffff888008987e70
R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001
R12=0000000000000001 R13=ffffffff85678508 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e7e9be RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0374380020 CR3=000000000fc4e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=656a626f206465636e6572656665726e
XMM02=3a29323320657a697328203030396538 XMM03=323120646970202c22302e726f747563
XMM04=6c6c6163662d70392020333320643220 XMM05=32206336206336203136203336203636
XMM06=73657479622032332074737269662820 XMM07=2e343220656761282039373833353437
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000