, 0x4, 0x0, 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:11:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfc00, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:11:44 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x38}}, 0x0) 01:11:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:11:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:11:44 executing program 7: mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) mq_open(&(0x7f0000000040)='[\x00', 0x800, 0x48, &(0x7f0000000080)={0x2, 0x0, 0x6}) [ 1956.532290] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1956.534000] EXT4-fs (loop4): group descriptors corrupted! [ 1956.534935] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 1956.552453] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 1956.554162] EXT4-fs (loop6): group descriptors corrupted! [ 1956.579257] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1956.580917] EXT4-fs (loop4): group descriptors corrupted! 01:11:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfe80, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:11:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x97ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:11:44 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x38}}, 0x0) 01:11:44 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:11:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:11:45 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x100) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, r0) ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000040)={0x20, 0x8, 0x2, 0x5}) mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) [ 1956.846427] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1956.848051] EXT4-fs (loop4): group descriptors corrupted! [ 1956.892125] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1956.893909] EXT4-fs (loop4): group descriptors corrupted! [ 1956.968296] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 1956.976921] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1956.978619] EXT4-fs (loop6): group descriptors corrupted! 01:12:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x38}}, 0x0) 01:12:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x6) lstat(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$cgroup2(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1040, &(0x7f0000000180)={[{@memory_localevents}, {@subsystem='devices'}, {}, {}, {@memory_recursiveprot}, {@memory_localevents}, {@memory_localevents}, {}], [{@fowner_gt={'fowner>', r1}}, {@smackfshat={'smackfshat', 0x3d, '^:'}}, {@smackfsroot={'smackfsroot', 0x3d, '%['}}, {@permit_directio}]}) r2 = openat(r0, &(0x7f0000000280)='./file0/file0\x00', 0x80000, 0x102) write(r0, &(0x7f00000002c0)="964cfd5588e05315bb60d5cf581f57d3667dba1d6e69ec71fa210bd91410c58de8213a0f63b65c571313c6087a61df29f64feec045b1cb04bd0843edf78a38883eda9243db0e9640638f779e218c3250d395730e39eb46095658151fcfe817a65d0a80b84020a11b0b0ff7b1bfc244b0bed9a028d11015ae7f8f7896e3511b9b093733b6445ad7e699278170a3d9349227ae72e7a645a003fa50c9734159cb49cd0c6c5aa747", 0xa6) write$binfmt_elf64(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x8, 0x1, 0x9, 0x3f, 0x1, 0x3, 0x101, 0x96, 0x40, 0x282, 0x53, 0x5, 0x38, 0x1, 0x8000, 0x7, 0x7}, [{0x2, 0x101, 0x4, 0x7, 0x1ff, 0x2, 0x45, 0x9}, {0x4, 0xf07e, 0x10000, 0x3, 0x2a1f9cd, 0x53f859c1}], "854290cddafcc0fc0d7c4e46e0b7ed11641ccc32ad0c8ad8f6f13fff5fcbda0cc34c9da896c199b18a0ad57cf6b21651e791204dc6e34a594abde1ebbc1bee7563986597a86ae2954eab2a8a075cca10bbfe8763b5263975af24d3d74382e347c130f87c55fe2d7ca8f72f2a65d70f35a20e7aad6039378e155ee902a191018076b6ffdb6899a75c133168d0ff65f6aa85a327e8096b50c88d0544fd1c4d2d6aad0d90656d164d7d61d5329e6778e871bcf01fc9d1ca35f53fcaa73a508673abf586d12276e5a2849f03749aabe82e7c885af4dbf3a71ad0388982a90dcf622ba7be0b86d5d5d45ab4edf5fa8af8ab321d47eab6e68234940ee82c0ec52d75968ac1e79ad793ff52e37bad064d645d56305e57a19367e5e2361de004a237cb01d86c962e11d702d9c7b636f0cb6489e350b14327e11e007344cde5e4133715a6c985b3ac7f17b7dfcd58f6cc32c572478b82684dae4ec8ec1606eb4b2c2268da086dbe4aa766e51316d8f6e4ecf20272c058134998f00764b05f3b8a024b7036b712b153e2f260e600fc052ea3a48c5249e9f759a7b267b4c86ed8b08a66e390c26e314cd568a310c7e0590699093b6712ca3b36d0626327ef3f039aa36782c9e1e5ea6f80b7452a28a23427b56c0112a823d1fc9fc25936724781d0dedaecacd957944bc7b3f1811393ed78aa97532a48b836991aab9a0b47a06c59f43f01fed7c60aa72a794daf82e7aab888642240c2b4a8931906cc77e72dd1d40400d664037f07db65fe3df19fdaa81f9500f10550bd40e392454d3b19aad8c442002270327fbc1ec62a309318723ffd9e4aec0735430573465540151e69b9e92f67eaf78a1c50424a6f4ad569644dcc021a34ccf7d49f6b56313fdb0456d755afc7ffc5be5d01aa0b32a2926f86dc323c199d57c8d76077372d4caba3e2e8c149921aefeaaf80a0c38a48b55ff3f8df0c55769e8e4ad1e7720fde53359bb89c887c51fc980b479034fddf0c1e1e6a6871b29d24d75b934ba8b8455b8912a4d5b8b7ec77c9a7ff3995471e6d67da178135d5857150003f9eb7187c7f8658910ac5d7010138d81ea3af6828fce07a3fd3d2dcb1bdeff78fdb71606e8c792921fb3ffb1018c793d61f78bc8b6c7a5cc87cbc327d5ebef75afa8380cf767a2284b6eff82b99c35b4415b9669f01290fa463bdee3340b81d35a3a0fabf3f7b4580042a14e176c81ddddc0746a72390cb70074d8dbd1b55e2bde3aa2f5281f34969f004cd1b0c398e02b042590b06913b46a3b939aa4f770185e2c90ba6e660546aef6951c066dc7c84df8fee0d19049aae1a87bbdaa57152fc2fee8c775ebb4b3e240274307e0b4c94794e5722f42b2b80a48f8aee1155ab55df813c628f6b5aa96cb4e1e8553788af753d099e46588e40477a45093660c100a6ecfcfbe6dc408ba2e7196547e0814c14065b29445fdf5e2b13013e14cb730fee061390183be414e33b54a693a2da661093b78a972fad51d767400db83b988f76e1d2f2fdb3fc2ca757a9df56b6534322ae7501e20a689a2e4e42227452faf55ec15471e7a2956898a2beed0b06c2c4601ceea9412626fd08694c55a32a71b0f7e3d3be8f51629f750824f1c19a5dbd22e1e721f15c9c69fef0f5d36bca797295f68f9424b06a0089a3dca9ddce33204b0df99ebf599f5109395559f6aae2f0cb35cf042b83bd84de8271b364c1c295479f3962e0c20817413f36412753abb7ebab8d33274a0380306b8e50ac6f5656611224cfd116478de5865139b12d9700e7a289b4422840508ada9434f4e5e161c43134b15bdad52097f85eb8f392b169bf23e5ae5ee0177be7a765fdd720120443ebe51faf36a54c8595d9797def35250fc8d81213a9d3830a8e54b8d7603ad225beff3f5ad8cb7d627cdc1a2f57f5f1fb3a2bf4873b9c7260064f435b4d709ea5c7ea505261e1693a75547bdc02969d36c18b7b226b48213c037a641c37019028b36e4039ec19df5ca88583b0b9f55741a2b05d9c14e05358f61b8f96c70e8f2bfb9591bd3454cdbd78d71c61fa04d7c146cc391904d9a47c1d1acc221387bef712ddf394f6f3c5d26c3f8d08477ea53f77f1bb552a2bf91c0f5a437ab5555cfa44b693c56391a63a6916dec7aef539206cb80a2f268036f63746b7162db1778fd6b0a2b8ddd75bd746b43aa646e2115051a8926da619f9220c28ddc440272bb71746d9da8960bc0b729676538275f285804e748a09e01201677e2eb1069eab6218661f6aa2ea1bfe4f988b199861e1be22b9e61b9b636d657ce224fab1a40af856636f54669ac7866145630fce5c5fa4b858028b3676c4a48f1be71eb769a731ed4c23aad0bc20897d1133a0b4c77871faa56bf43518c1360587dc3904fc1705b6a3936804ae0fa19b198fe191bc6d50806d7d33539ced707b65e22324bf65f4aff00d604002e20ec873bef693c37ea1cbd06d45f69669cdf65e00276505a1862798e317f1932ae911e2c50df427ea5289d9db432f631a4a1613f3adfbcf40461a0a7764cf788a6f4c913c61f81e7dac5fdadb257661b5dd49f919fb68db29b18ab3895476be5b38594e4f306ff812d6444a6e24dd0a902899c243e6a9d9d604a94f1f8ad197c69852a12f5b4807864eeccda947abf375f593848c71fbf92612f3d314c0f0bbfb65c334d6b6ac1a632edd05c1506be2816feb5f1c8321d29f4b89d707393183fb5a7d0999d654dc796f0a0060cd7d54c6afde36e894da87ed3671390043bfb37b3d121fb6332ff5f85131aa2bce04770e15f0df75dc512f62353bd0bfde15bcd763c4f742e4bac2f5277f2a1378a8613ee6882d8ff5f824eb320f0b09595fd6f21153790eb91cbd4643378534f7f844ec2105a1798d1c8353e6e81a970f98fd2093213375eeb2d291871353247c3e73f4a88a18b34fe9b7158f8a526fd2193b33221dd702607a0e1ba0a24508b4806fda6a939dc80486cbf2578cd80fd1b68445fa3e788af2dbe2f943bdb47e450b078dfddf0ab75d0dc0975cfe8e85861e06cbbba9cd2ad2530c4a77bb8541bbdaeade088da0f816ddd7d27a75b7df4bb028edf40662b29ff913582099fe611119438463d8abbb9f75003f91d6296b02b799521647694f80f5bb460ff057559ba72d18f71f371a67d83aee4eb5a0fe9168cbfe705a54ee4339b1d31a8d3d5cf554d960677eab16f94e61f3e373a3d4e335c9ebbcf8bbcd44bd7096e6d77bff3f71200cf8982fb312b634c3fce7caed39a607e6873b95820a4a89d4d353654deaac866d9cf8045699ad18c7407721b3647e2082bc1b480f47136859e060f798666882092a801dfe68651b944339865dfa48aa58ec4d59abbc2b711e7b30671c3e34d1cf5b0d322585c11c28134d35184ebd9677d98f1b6cb07b8a6df636d9b4fbe7d4e414b5c3c993ae7dbdd42b44dab77935233756ddd1670ef0ae16c4e4dcbd55415087b649485b78d018016fb98932a8dfdcd704080703a7fb4e2b5e7f7016f62d8ee59ad3da4a7a1cce39e305184656a292dc2bf5edc7823b69cc5477f06a74ea3bead077d81016d8fc5cf194768d785034de7118826bd6c7d0fde3d3705238fc78c9f2e04fa8cbaaa70720d8bfbef3ed5d1f184f63e208af86f4a61299f1b0b51dd766b072d439acbe0fa4134362a684e931933ae9105ba23f476b8b9a5cc6bd070beaaa3e076bff9a69eb6a50f73c5b945ca48fd71b26ab5fccc86d7e553f34cc5e8dc7e6c7407f570696c777b43c5564f18f8220d85852a33c6672b156c2b13e02f2426b5667911af749a5acce371af601ecb72344a1ca1e601a33f85a27539fb7d51ee1573300473aefd4b592429a3b8eff413b243e7213d5b6eefe953a35ddbbe1bb6614c43e574cbae4058e1dc1e838b3c5a62e57c59489be24c0f23134aa207d240ccb9f54b6de8333c2a19261de414c8216d2236ef9965b53a590d1fdb30c8a2cb7f76b1559a6264fd528eb8a12bf334261456311b9975f757366eb0ce47d5632b73b1df6fe3b95a5a302bdaf25782b54f4ab850dc64b4d0009983c07eb68ddaa3437724e86b2ea406ecf25b179ffc6b7effb7802e572e4ebaac11748532d8c57a18e50e9a74696b6a6245d25bb07f30fd130511452ab6be4b1233aa9f15cf5e51bcdf01f931b5d1ad72f77446e594b018a7fbfc0717beee10b14514045771fea20895f360d57e7772d40057f3fed1080db0dc8527c77a20b13ea6311f648c025c6fd406785610bce3cbc2bb20f6cd74e6ce29e31358e266fe0ed6302d69efb7d5955ab1599bfce99dc3927556c00fd4e8c1abc4d6b7bc260f118e3e3e9958a95de8fa23c6f694fe4864d6faed4b71591305ff3b941b8269666cc557a70ad930e8cdc62324a9c9d77bcca097ee9107244fa397786c352b3860f18ecf899f5ef04650a84826ab8e0c38e81e871e55d805f150aff424c69855b93a6cb9e7b6ce0165fbba62009054aa3a99daf75676b7cf03aaa3dd6de4e5830a857d97afc22b765e30bdc0f24f6bfaf4758a724da8597dff676702f67ffa6f7769ded7f4f59048908f67e59295de53ed84870e59de906f7064634be02d5c465cd6c74d1deccb4f6481b8c2058133f19bf4f3fc70285cbe1fd1f4fe4a3ecd4bc25ff6e69b501af43a4d373b9287e33d23e17085903c2551fc1fa1fca75b4f3c6f4038cc70c421fdfa6bf1b03885a4f78f233b21e72e9d6c6b91c02b61125584e79c1834c69b6737ba6f59d4b06fc9c2b25838d3eb224723a3ce4a1f6bc09c15d69eeffb39e66347f10998d2d6446867528a279cb3ae57806d688787d18c50b8554607f9c7d708a3857802058e972b95b837f31de5eaeae425cc3cc5fb8697bbe0a95aa93f2bd9e332c57a13b1273f3fc326506fff22877ab106919a35b71f7c847845f938cb72fcb1668c5f6e1514015c69c4f677e1610f38581f863cc0e488f00f090c4132940a885572fdc05998c6b892b9230d9d1dc85269930dfcbc3f7f03dfaf83124f86be6aeee3fe3000007abec9d43ddc2000239c26394e53417603fe78f584dd123ac76a821312c215c2b2007f983ccb41cc2faec6e12987b2a6562625645a967330f9dc3fa8388181df4950aa47393b94104df5e4526d2d92d6c7c18888663dcaea1cb8fe8f93bb68aa39d9691436cb49cb5c099cce7f8a827a7778d0b856360c57b569678c5e8e668a992d3c30e54549302ba974a3a62100f091f27d8f9a28bf1bd3b1ebef617fc55e03788131493a46502986ca3dd648ec5f903141f5e9ff5e22cdcb694eb835b3b34854a30f545f00c1744d615ab116067acd3bc923acad35f2c70ae2ba1026917b2f22daf65f82f8f1a7b52c32d0e2b5ec934c263a58f529136bf9103a954d58a723f48e41ed3b7bbd7615d1e1da6e3a7f77d48d91c9336c7890b3040bdbd431a5539875875f636d71ab3bcdddf3302e5c1f98d7bcb619968120b16798e6aabba4425b2a21e472e32140cbc13df2774ecd91a94790d28946984a9b3d2fe4f510d00aa9420e2892532cd63c6aeb26eefa95097a023584faed37b5b80b5cf6f52f79f9aab402af74c368b3473982fd70d3eb623535610780ac70fa8af3495415ead3b2fa3b416abc6fe2cf91fc0b5b221bdb24a2688c7b3f9d9e41232f9d042ab143b21a68eea98856de803652e11044867c189e5c9cd73b57a446ec5f66e958419c33053ee71987982a188347b8b596be4d5bc88d74358b6cec346d2f3ff3f811f5afc99c86398b7c93d4629aaa604c5cc52bac3a877aa8be686eeca23", ['\x00', '\x00', '\x00', '\x00']}, 0x14b0) bind$bt_l2cap(r2, &(0x7f0000001840)={0x1f, 0x6, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xd1c2, 0x4bf762203acd4f6f}, 0xe) r3 = openat(r0, &(0x7f0000001880)='./file0/file0\x00', 0x103002, 0x180) r4 = fcntl$dupfd(r3, 0x406, r3) r5 = syz_open_dev$vcsa(&(0x7f00000018c0), 0x5, 0x2001) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x80049367, &(0x7f0000001900)) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000001940), 0x8006, 0x0) fallocate(r6, 0x10, 0xfffffffffffffffb, 0x9) sendmmsg(r4, &(0x7f0000001f80)=[{{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000001980)="4faf9a7ede19f27969528cc82d2bf14a5d00c47f7b2a16f86cf2f9944cf41d2106b735dbb8ff597fa48d38ea094c90fd8a36bdc0472a9387ae4c1c5ed09c6ae7bdb8662fe9b0588d057b226f1bf868587be4a5f3da142e0140fa529cebb8ed68b7a22b5d0475347566a5f77951556214fbd6b7693a2e2a0ea27e7f", 0x7b}, {&(0x7f0000001a00)="104b183af2d26338fae54396c213afcaaffe356834803c4d9a2ee5a1e3f4663f7e8afd18fb76e118a1d9861ff9e0a0d46a8d98b2a3d287cb05fb4dbcebd440afe3a48bc6866553642bddb98d1458d35c8489747f7ce5e259fdf906dede0da40f3818c43f6890610e1e9434cd1c683ad5ef7e323db85a40eb25597b6f75bf749ab33d2527cb916a9486ea158d5cfb6d", 0x8f}, {&(0x7f0000001ac0)="4fcb0b1a33ae88457109ed370857233e81e9353817ab01243723164ceb5c6c27e9155fe5104e41b72ce0bcdb9f1ff857fbb630dc80fcdcb445619642e7974f64c1a1ca9829baf203a2409dc8fe0591edc664e70a21ec19776901833866b82ca2e3fb11f053720ab98e29d54a67c2eedc969d5eece5c68796f2773a07af48e7c61adb80c4c663787c049e925cdc126367c773af5e2be2525ffb385ba69cddea0a718406", 0xa3}, {&(0x7f0000001b80)="1799fd43dd1478e16f14d453c130fb2c56d188f71215ec5d37031b0b6790520d49f86b0bd939787f01b7fe63b8202b3ab42b9db260ffb8785178b2de02638b58ed4511cb94d43f91a61816d584c6a2f81f8c0bc858aface24e5f0fce9e4f8945685205e0e4ed1f5d3f25141e34d5ad81f923fdcc0bde28f2e94e9a5537642f37f3f5270be4de13d426253790834dbb18bdb08356347405b71352bfc67212f47c691979a0ab71abdc139f145b20a9b21c345c562f09caf4f050efed8be3633437e486696295cf2c83d9325a18d6c9f0adf1af46c714de97f8bf7812545da616784e36e20fd60aa41a30a47e800b6a751ef17df7260eae54", 0xf7}, {&(0x7f0000001c80)="4b6d66897259e4925a4dd5465f8a46a1ac9de10a3bcf6c7e3ef4bd2e69daf66aea8cbdfc5e263af84f07cf17a4fca94f3d0dddcac94cf28c8f2d1e8803287d371f33e3f56ec66999cc81a6c63e37034f90ae55e37c2d3174650aac34a8aa1e3ecbb9a80b91a7f36c49f79c995e9087da269533f1b3b42222df1939b849a4e6b4a49003162faa7b0001dcd9afed600bad8e03e599724ecc27c343731fb403535963f0ebc339e171391ff815a90fb8f4387a8a57dca77b667fa6d59c18a5657f626a1f7554573a61a56543661221182ed1d822c3fa0f365c1ba980af802c98", 0xde}, {&(0x7f0000001d80)="bafde71832651e9003a3b3fe8f4fbb2f4330dea3f32d93977851bea2f37ff14649193525672293be95ef0cb3e5323242337787768cd04d94dd853bfe8b2d2a9cbd8e357d4688fba7", 0x48}], 0x6, &(0x7f0000001e80)=[{0xf8, 0x0, 0x9, "bc2c708a0e7e608cc3c32bbed2a42e41c9f62b2289fb9b678f45aacf910ed8c02664d2282743a4284174d49774efda94c72fb8421f241618bef3918ceaa437e8797c635c0d89f69593a2e58d2685fffdad8e2db853b1374b5be4175db02f51e3d619b262db91273ed8be8b906771f16094ddf35818b3b05a1c692fe7b68dbb586e7d0178a7c28c5e18040618dae02210cd6c5f8bc2bb76e58a93819ff523d6515d5f7170218e040a67c9271087f331022c83268d5ec35553bee253cc07b9ffd5e2e874c477a86b11e20f81a156255b0c0da73442eafd9ab593934c66f2cb5159c478c2c75fe4"}], 0xf8}}], 0x1, 0x80) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f0000002140)=@IORING_OP_WRITEV={0x2, 0x5, 0x2007, @fd=r4, 0x81, &(0x7f0000002100)=[{&(0x7f0000001fc0)="0367bd5380b1a86e87cdeac9ed11b6a2b0be47120623757188fe0c82a87f4f8948ca72e0c9833273b2869fe5d1b0c358f0d2f1893cbc4c4157d9b4837b18fb531ff5ba7da29a592819c82a8e696ce174e39e23d5f9e89f8cc0", 0x59}, {&(0x7f0000002040)="e723d8f34835afc4b7759e11055213383e9a3a0a8d954533ad8598430c5f5c992f2385b524ce51515f3b4a1f0eef0fb8f5cc0da9fa41fd2aefc79aad12c7a8ac21d23e8f419a710e02e08a6e8760604a5c99d87efea1c18bb37cd05b8f631918feb3c2bb4906b2fe29bb29d981fc2bd5ad428120a6e31b76bbba60abd94a6b9a0642415aa0b0488d85d1656ff0666d6bff0d1244928248a4b4", 0x99}], 0x2, 0xc, 0x0, {0x2}}, 0x1) connect$bt_l2cap(r4, &(0x7f0000002180)={0x1f, 0x100, @none, 0x4}, 0xe) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) fsetxattr$security_evm(r8, &(0x7f00000021c0), &(0x7f0000002200)=@sha1={0x1, "6786319be8b55f4647dcbe69fa2d4aa9092bdf1b"}, 0x15, 0x3) dup3(r0, r4, 0x0) 01:12:01 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x0, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:12:01 executing program 7: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x402400, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f00000005c0)) mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) 01:12:01 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:12:01 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:01 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfec0, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 1973.170938] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1973.172302] EXT4-fs (loop4): group descriptors corrupted! 01:12:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xff00, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 1973.192255] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 1973.209865] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1973.211217] EXT4-fs (loop6): group descriptors corrupted! 01:12:21 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x0, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:12:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000120001010000000000000000000000000800008004000000040000800c002e8008000000", @ANYRES32, @ANYBLOB="16dc474dc7cd4485337e9b5ad6db1d47df4d5e6ce312dc0989cc4b9908ee107a874cfbe57864507574b9a00e6f2deb3e3f8cd175edad999da8e6919b6411709adcb8dd8c64f4fdbdcaa80f9f9d491823002d094dedd349fa59759330024a490ddb02487ceca163379f9f8fefd8f6028b9fed39abcede7e29bda6745d750000"], 0x2c}}, 0x0) 01:12:21 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x38}}, 0x0) 01:12:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xff0f, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:12:21 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:21 executing program 7: mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = dup2(r1, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, r2, 0x0, 0x7ffffff9) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r3, 0xf502, 0x0) 01:12:21 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:21 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 1993.911275] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1993.913485] EXT4-fs (loop4): group descriptors corrupted! [ 1993.920221] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 1993.929163] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1993.931244] EXT4-fs (loop6): group descriptors corrupted! [ 1993.982898] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1993.985124] EXT4-fs (loop4): group descriptors corrupted! 01:12:22 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00'], 0x38}}, 0x0) 01:12:22 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600), 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x40000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:12:22 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x2, &(0x7f0000000200)=[{&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:22 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x50, r0, 0x10000000) syz_io_uring_submit(r1, r3, &(0x7f0000000380)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x800, 0x1}, 0x7) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r7, r6) syz_io_uring_submit(r1, 0x0, &(0x7f0000000540)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, r7, 0x0, &(0x7f0000000500)='./file0\x00', 0x10, 0x0, 0x12345}, 0x3ff) perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002900)=""/158, 0x9e}, 0x0, 0x40002282, 0x0, {0xfffe}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x134, 0x2e, 0x8, 0x70bd26, 0x25dfdbff, {0x20}, [@generic="96ebed2bd685e2e7c1f1c41aa64371120c25a6319a2c69af1f3edb", @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x7d, 0x0, 0x0, @uid=0xffffffffffffffff}]}, @nested={0xf5, 0x1c, 0x0, 0x1, [@generic="74c8249b421a", @typed={0x4, 0x90}, @typed={0xc, 0x58, 0x0, 0x0, @u64=0x2}, @generic="39017eda5a3544c82c4e95b79822712ab2d139b67e9ff6bd0381cfe06f74944339e1a667ca05994e5bfd661b4eb8d6a67927a5e3d2d9f24fa717fbcb7f39249c0ed7b18b974160a037d4440667771506687c229860e4f9aad45fc2", @typed={0x8, 0x4, 0x0, 0x0, @uid=0xee01}, @generic="d406d439989ed50c97b1c8f6c3596ba68b0c0f46386605ef8260c34b1413779a", @generic="099dbe77887c72e7b80607746e7b0b3eea5c79f1b8da7d4a48864e26d6b57362021c496d52dcb45c1073fa68c7046bfb03a481a398852c22e7b8e5661ac761877571a56bf3a26faa470ff77821b9e9feda552220", @typed={0x4, 0x54}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x400c000}, 0x800) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x6, 0x6, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000004, 0x10, r0, 0x10000000) syz_io_uring_submit(r1, r8, &(0x7f0000000440)=@IORING_OP_OPENAT={0x12, 0xe65007ab7bef532c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)='./file0\x00', 0x100, 0x183602, 0x12345}, 0x400) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1994.202001] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=10638 comm=syz-executor.2 [ 1994.265179] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:12:40 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x0, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:12:40 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf99a8465, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:12:40 executing program 7: mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) mq_open(&(0x7f0000000040)='\\\x00', 0x40, 0x181, &(0x7f0000000080)={0xbcf, 0x8, 0x3, 0x9}) 01:12:40 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00'], 0x38}}, 0x0) 01:12:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600), 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x1000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:12:40 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x2, &(0x7f0000000200)=[{&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:40 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x50, r0, 0x10000000) syz_io_uring_submit(r1, r3, &(0x7f0000000380)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x800, 0x1}, 0x7) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r7, r6) syz_io_uring_submit(r1, 0x0, &(0x7f0000000540)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, r7, 0x0, &(0x7f0000000500)='./file0\x00', 0x10, 0x0, 0x12345}, 0x3ff) perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002900)=""/158, 0x9e}, 0x0, 0x40002282, 0x0, {0xfffe}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x134, 0x2e, 0x8, 0x70bd26, 0x25dfdbff, {0x20}, [@generic="96ebed2bd685e2e7c1f1c41aa64371120c25a6319a2c69af1f3edb", @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x7d, 0x0, 0x0, @uid=0xffffffffffffffff}]}, @nested={0xf5, 0x1c, 0x0, 0x1, [@generic="74c8249b421a", @typed={0x4, 0x90}, @typed={0xc, 0x58, 0x0, 0x0, @u64=0x2}, @generic="39017eda5a3544c82c4e95b79822712ab2d139b67e9ff6bd0381cfe06f74944339e1a667ca05994e5bfd661b4eb8d6a67927a5e3d2d9f24fa717fbcb7f39249c0ed7b18b974160a037d4440667771506687c229860e4f9aad45fc2", @typed={0x8, 0x4, 0x0, 0x0, @uid=0xee01}, @generic="d406d439989ed50c97b1c8f6c3596ba68b0c0f46386605ef8260c34b1413779a", @generic="099dbe77887c72e7b80607746e7b0b3eea5c79f1b8da7d4a48864e26d6b57362021c496d52dcb45c1073fa68c7046bfb03a481a398852c22e7b8e5661ac761877571a56bf3a26faa470ff77821b9e9feda552220", @typed={0x4, 0x54}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x400c000}, 0x800) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x6, 0x6, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000004, 0x10, r0, 0x10000000) syz_io_uring_submit(r1, r8, &(0x7f0000000440)=@IORING_OP_OPENAT={0x12, 0xe65007ab7bef532c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)='./file0\x00', 0x100, 0x183602, 0x12345}, 0x400) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2012.312273] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=10660 comm=syz-executor.2 01:12:40 executing program 7: r0 = mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() pidfd_open(r2, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r4, 0x0, 0x0) kcmp(r2, r3, 0x5, r1, r4) mq_notify(r0, &(0x7f0000000040)={0x0, 0x38, 0x1, @tid=r3}) [ 2012.360641] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:12:40 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00'], 0x38}}, 0x0) 01:12:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x2000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2012.381776] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2012.383505] EXT4-fs (loop4): group descriptors corrupted! 01:12:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600), 0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:40 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x2, &(0x7f0000000200)=[{&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2012.432883] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2012.433877] EXT4-fs (loop4): group descriptors corrupted! [ 2012.483232] Module has invalid ELF structures 01:12:40 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='((\xde,4[\\\x00') syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d994f0fc3485310ae1ab3f9724ce086892d2b722124d8ff3b17c89b1521232d7365014a4d74611d3535067bdb6764123773fd7f67833a53739252a3985b6af049f76be22bbc11b1659bb11ffe08c8fdc438459d0c7b2efc0953bda921b09da7f0036db9c11e4b93828a070c16d24e692f72bde2abc639685d182b2cd7b47c83272b01be7e5341f51f4e7d2f8d68b79fa06958c352fcbc5225de48de97cd01d53e716a9ace97139629d9c8168e7f81f546160cfb1a6a120662d6317cd9ea7c709c092e87ed9cabfd2c83f6a24bbfc3a70c1633aa9e9ee4c90f2925fc2b6f919835d16d927a9b382b0d39a23366e155c828f29e8bbb16dda9f04b70f8199a6a6a9a007f04a0323faeb604b5eb499b4b25d93464c64125660eaf3f91ee7acf667a507dbad270faf0ce121a8ef7776c72484005214bc42496bf7dc7a3b24c22404cda56d723b2583edaeb1d6ae986af261191e99b30f4dee504a177cd09c2f9375fa2b3725c4f20d153ca4730d96516c8d8df670808ff35ae00d0b1f1ae8a7862c17612ee50656c480c757494a9b43af192720b41bd45dad728d291786fce16f37b9f286fd6b89687cdaf2707", @ANYRESHEX=r1, @ANYBLOB=',\x00']) 01:12:40 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf9fdffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2012.518438] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=10678 comm=syz-executor.2 [ 2012.591765] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2012.625276] 9pnet: Insufficient options for proto=fd [ 2012.640559] 9pnet: Insufficient options for proto=fd [ 2012.655911] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2012.657251] EXT4-fs (loop4): group descriptors corrupted! [ 2012.684262] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2012.685638] EXT4-fs (loop4): group descriptors corrupted! 01:12:59 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x0, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:12:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x3000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:12:59 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfbffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:12:59 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{0x0}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:59 executing program 7: mq_open(&(0x7f0000000040)='.\\,*\\#\x00', 0x0, 0x2e, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = dup2(r1, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, r2, 0x0, 0x7ffffff9) write(r3, &(0x7f0000000000)="77d2f4708536e3dedd45debbd43a6a686f2383579f4726a0e62b85e239757eb88b566c27f7349541048e436c76330a9d", 0x30) 01:12:59 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200"], 0x38}}, 0x0) 01:12:59 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:59 executing program 1: r0 = mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() pidfd_open(r2, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r4, 0x0, 0x0) kcmp(r2, r3, 0x5, r1, r4) mq_notify(r0, &(0x7f0000000040)={0x0, 0x38, 0x1, @tid=r3}) 01:12:59 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200"], 0x38}}, 0x0) [ 2031.283922] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2031.284900] EXT4-fs (loop4): group descriptors corrupted! [ 2031.295643] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2031.312425] Module has invalid ELF structures 01:12:59 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{0x0}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:12:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x4000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2031.325686] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2031.326675] EXT4-fs (loop4): group descriptors corrupted! 01:12:59 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:12:59 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfcfdffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:12:59 executing program 1: r0 = mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() pidfd_open(r2, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r4, 0x0, 0x0) kcmp(r2, r3, 0x5, r1, r4) mq_notify(r0, &(0x7f0000000040)={0x0, 0x38, 0x1, @tid=r3}) 01:12:59 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200"], 0x38}}, 0x0) [ 2031.580994] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2031.584468] Module has invalid ELF structures 01:12:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x5000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2031.607387] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2031.608275] EXT4-fs (loop4): group descriptors corrupted! 01:13:17 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{0x0}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:13:17 executing program 1: r0 = mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() pidfd_open(r2, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r4, 0x0, 0x0) kcmp(r2, r3, 0x5, r1, r4) mq_notify(r0, &(0x7f0000000040)={0x0, 0x38, 0x1, @tid=r3}) 01:13:17 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:13:17 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd"], 0x38}}, 0x0) 01:13:17 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x0, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:13:17 executing program 7: mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) mq_open(&(0x7f0000000040)='.\\-*\\#\x00', 0x1, 0x14, &(0x7f0000000080)={0x92, 0x53b0}) 01:13:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x6000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:13:17 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2049.800927] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2049.811961] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2049.813100] EXT4-fs (loop4): group descriptors corrupted! 01:13:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd"], 0x38}}, 0x0) [ 2049.863681] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2049.868126] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2049.869187] EXT4-fs (loop4): group descriptors corrupted! [ 2049.931381] Module has invalid ELF structures [ 2049.934372] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 01:13:18 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:13:18 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfdffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:13:18 executing program 7: mq_open(&(0x7f0000000040)='.\\\x95\x03\x00\xe1-*C#\x00', 0x0, 0x0, 0x0) 01:13:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x7000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:13:18 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:13:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd"], 0x38}}, 0x0) 01:13:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x8000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2050.082095] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2050.083594] EXT4-fs (loop4): group descriptors corrupted! 01:13:18 executing program 1: r0 = mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() pidfd_open(r2, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r4, 0x0, 0x0) kcmp(r2, r3, 0x5, r1, r4) mq_notify(r0, &(0x7f0000000040)={0x0, 0x38, 0x1, @tid=r3}) [ 2050.121609] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2050.123087] EXT4-fs (loop4): group descriptors corrupted! 01:13:18 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2050.170247] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2050.173671] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2050.241441] Module has invalid ELF structures 01:13:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xdc183db, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:13:36 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x0, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:13:36 executing program 1: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffffc0340000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) poll(&(0x7f0000000100)=[{r0}], 0x1, 0x1af7) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 01:13:36 executing program 7: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) ioctl$CDROMREADMODE2(r0, 0x530c, &(0x7f0000000080)={0xd6, 0x1f, 0x1, 0x81, 0x5, 0xf7}) mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r6, r5) pidfd_getfd(r4, r5, 0x0) 01:13:36 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:13:36 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:13:36 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 1) 01:13:36 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2068.291276] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2068.325654] FAULT_INJECTION: forcing a failure. [ 2068.325654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2068.327410] CPU: 1 PID: 10805 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2068.328456] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.329651] Call Trace: [ 2068.330042] dump_stack+0x107/0x167 [ 2068.330572] should_fail.cold+0x5/0xa [ 2068.331130] _copy_from_user+0x2e/0x1b0 [ 2068.331711] __copy_msghdr_from_user+0x91/0x4b0 [ 2068.332384] ? __ia32_sys_shutdown+0x80/0x80 [ 2068.333035] ? perf_trace_lock+0xac/0x490 [ 2068.333647] ? __lock_acquire+0xbb1/0x5b00 [ 2068.334274] sendmsg_copy_msghdr+0xa1/0x160 [ 2068.334903] ? do_recvmmsg+0x6d0/0x6d0 [ 2068.335467] ? perf_trace_lock+0xac/0x490 [ 2068.336069] ? SOFTIRQ_verbose+0x10/0x10 [ 2068.336664] ? __lockdep_reset_lock+0x180/0x180 [ 2068.337341] ? perf_trace_lock+0xac/0x490 [ 2068.337943] ? SOFTIRQ_verbose+0x10/0x10 [ 2068.338539] ___sys_sendmsg+0xc6/0x170 [ 2068.339107] ? sendmsg_copy_msghdr+0x160/0x160 [ 2068.339770] ? __fget_files+0x26d/0x4c0 [ 2068.340350] ? lock_downgrade+0x6d0/0x6d0 [ 2068.340960] ? find_held_lock+0x2c/0x110 [ 2068.341562] ? __fget_files+0x296/0x4c0 [ 2068.342151] ? __fget_light+0xea/0x290 [ 2068.342723] __sys_sendmsg+0xe5/0x1b0 [ 2068.343274] ? __sys_sendmsg_sock+0x40/0x40 [ 2068.343898] ? rcu_read_lock_any_held+0x75/0xa0 [ 2068.344574] ? __traceiter_irq_enable+0xc0/0xc0 [ 2068.345254] ? fput_many+0x2f/0x1a0 [ 2068.345784] ? trace_rcu_dyntick+0x2f/0x170 [ 2068.346413] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.347169] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.347908] ? trace_hardirqs_on+0x5b/0x180 [ 2068.348531] do_syscall_64+0x33/0x40 [ 2068.349078] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.349818] RIP: 0033:0x7f28e3e30b19 [ 2068.350355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.353003] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2068.354106] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2068.355130] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2068.356156] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.357185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2068.358211] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 01:13:36 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:13:36 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db", 0x1}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2068.377658] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2068.379586] EXT4-fs (loop4): group descriptors corrupted! 01:13:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xe000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2068.433014] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2068.434568] EXT4-fs (loop4): group descriptors corrupted! 01:13:36 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 2) [ 2068.596097] FAULT_INJECTION: forcing a failure. [ 2068.596097] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2068.598070] CPU: 0 PID: 10817 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2068.599198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2068.600541] Call Trace: [ 2068.600990] dump_stack+0x107/0x167 [ 2068.601591] should_fail.cold+0x5/0xa [ 2068.602224] _copy_from_user+0x2e/0x1b0 [ 2068.602881] iovec_from_user+0x141/0x400 [ 2068.603560] __import_iovec+0x67/0x590 [ 2068.604197] ? __ia32_sys_shutdown+0x80/0x80 [ 2068.604923] ? perf_trace_lock+0xac/0x490 [ 2068.605613] import_iovec+0x83/0xb0 [ 2068.606220] sendmsg_copy_msghdr+0x131/0x160 [ 2068.606945] ? do_recvmmsg+0x6d0/0x6d0 [ 2068.607608] ? perf_trace_lock+0xac/0x490 [ 2068.608317] ? __lockdep_reset_lock+0x180/0x180 [ 2068.609097] ? perf_trace_lock+0xac/0x490 [ 2068.609813] ___sys_sendmsg+0xc6/0x170 [ 2068.610478] ? sendmsg_copy_msghdr+0x160/0x160 [ 2068.611250] ? __fget_files+0x26d/0x4c0 [ 2068.611929] ? lock_downgrade+0x6d0/0x6d0 [ 2068.612627] ? find_held_lock+0x2c/0x110 [ 2068.613339] ? __fget_files+0x296/0x4c0 [ 2068.614030] ? __fget_light+0xea/0x290 [ 2068.614708] __sys_sendmsg+0xe5/0x1b0 [ 2068.615351] ? __sys_sendmsg_sock+0x40/0x40 [ 2068.616087] ? __traceiter_irq_enable+0xc0/0xc0 [ 2068.616868] ? fput_many+0x2f/0x1a0 [ 2068.617512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2068.618389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2068.619252] ? trace_hardirqs_on+0x5b/0x180 [ 2068.619980] do_syscall_64+0x33/0x40 [ 2068.620610] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2068.621472] RIP: 0033:0x7f28e3e30b19 [ 2068.622096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2068.625144] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2068.626421] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2068.627608] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2068.628798] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2068.629992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2068.631178] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2068.654372] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:13:36 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff0f0000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:13:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x18020000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2068.843804] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2068.845341] EXT4-fs (loop4): group descriptors corrupted! [ 2068.863968] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2068.865361] EXT4-fs (loop4): group descriptors corrupted! 01:13:54 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 3) 01:13:54 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db", 0x1}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:13:54 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000400)=""/7, &(0x7f0000000440)=0x7) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000004d00)=[{{&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000140)=""/130, 0x82}, {&(0x7f00000000c0)=""/36, 0x24}, {&(0x7f0000000200)=""/152, 0x98}, {&(0x7f00000002c0)=""/35, 0x23}, {&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000000340)=""/12, 0xc}, {&(0x7f0000000380)}], 0x7, &(0x7f0000000500)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x58}}, {{&(0x7f0000000580), 0x6e, &(0x7f0000000800)=[{&(0x7f00000003c0)=""/59, 0x3b}, {&(0x7f0000000600)=""/213, 0xd5}, {&(0x7f0000000700)=""/177, 0xb1}, {&(0x7f00000007c0)=""/50, 0x32}], 0x4, &(0x7f0000000840)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f0000000900), 0x6e, &(0x7f0000000980), 0x0, &(0x7f00000009c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000000a00)=@abs, 0x6e, &(0x7f0000001b80)=[{&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/121, 0x79}, {&(0x7f0000001b00)=""/65, 0x41}], 0x3, &(0x7f0000001bc0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000001c80), 0x6e, &(0x7f0000003080)=[{&(0x7f0000001d00)=""/39, 0x27}, {&(0x7f0000001d40)=""/4096, 0x1000}, {&(0x7f0000002d40)=""/131, 0x83}, {&(0x7f0000002e00)=""/79, 0x4f}, {&(0x7f0000002e80)=""/178, 0xb2}, {&(0x7f0000002f40)=""/37, 0x25}, {&(0x7f0000002f80)=""/205, 0xcd}], 0x7, &(0x7f0000003100)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}, {{&(0x7f0000003140), 0x6e, &(0x7f0000003240)=[{&(0x7f00000031c0)=""/108, 0x6c}], 0x1, &(0x7f0000003280)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd0}}, {{&(0x7f0000003380), 0x6e, &(0x7f0000003a00)=[{&(0x7f0000003400)=""/75, 0x4b}, {&(0x7f0000003480)=""/191, 0xbf}, {&(0x7f0000003540)=""/107, 0x6b}, {&(0x7f00000035c0)=""/199, 0xc7}, {&(0x7f00000036c0)=""/76, 0x4c}, {&(0x7f0000003740)=""/169, 0xa9}, {&(0x7f0000003800)=""/213, 0xd5}, {&(0x7f0000003900)=""/244, 0xf4}], 0x8, &(0x7f0000003a80)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}, {{&(0x7f0000003ac0)=@abs, 0x6e, &(0x7f0000004bc0)=[{&(0x7f0000003b40)=""/4096, 0x1000}, {&(0x7f0000004b40)=""/128, 0x80}], 0x2, &(0x7f0000004c00)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xc8}}], 0x8, 0x20, &(0x7f0000004f00)={0x77359400}) pwritev(r2, &(0x7f0000005040)=[{&(0x7f0000004f40)="abb83bccd28ef76c2de62c8bd04c2009561b52c99c9d5806e8f8e22f6329ec52a56a8d1d5ed52d814302efd37c810189e71665f2e16450f3e712e031b99cd14e242d0221c83ede9d7fb7697a7f1c881128927ea952af5d9a488de5fcc09be44faabcf08bd1fc4b183496d39ea901360de27c291525927cb77cd1a486a04344a66bf8e03e3b05fdf17155b76b7d4786c22e2f7ffc9d6f169d0a6583d88d31732d1bd3c0e7d8f5e8fac3e731e5cc9dd1c73dcf40c59ff384243aa159b6360a201e9a7a420352b759f7e1aea04fe64043b91a3ff4b7c8f726dc09b584ac93618fa0ff286e4a1e876089acdb1b", 0xeb}], 0x1, 0x7fffffff, 0x8ac) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x7ffffff9) close_range(r0, 0xffffffffffffffff, 0x2) 01:13:54 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:13:54 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfff7ffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:13:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x3eeeab4e, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:13:54 executing program 7: ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000040)=0x1) mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x80, 0x0, 0x0) 01:13:54 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0", 0x2d, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2086.595981] FAULT_INJECTION: forcing a failure. [ 2086.595981] name failslab, interval 1, probability 0, space 0, times 0 [ 2086.597718] CPU: 1 PID: 10839 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2086.598734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2086.599938] Call Trace: [ 2086.600335] dump_stack+0x107/0x167 [ 2086.600881] should_fail.cold+0x5/0xa [ 2086.601461] ? __alloc_skb+0x6d/0x5b0 [ 2086.602028] should_failslab+0x5/0x20 [ 2086.602589] kmem_cache_alloc_node+0x55/0x330 [ 2086.603257] __alloc_skb+0x6d/0x5b0 [ 2086.603800] netlink_sendmsg+0x998/0xdf0 [ 2086.604405] ? netlink_unicast+0x7f0/0x7f0 [ 2086.605029] ? netlink_unicast+0x7f0/0x7f0 [ 2086.605668] __sock_sendmsg+0x154/0x190 [ 2086.606258] ____sys_sendmsg+0x70d/0x870 [ 2086.606859] ? sock_write_iter+0x3d0/0x3d0 [ 2086.607477] ? do_recvmmsg+0x6d0/0x6d0 [ 2086.608050] ? perf_trace_lock+0xac/0x490 [ 2086.608808] ? __lockdep_reset_lock+0x180/0x180 [ 2086.609517] ? perf_trace_lock+0xac/0x490 [ 2086.610341] ? SOFTIRQ_verbose+0x10/0x10 [ 2086.611030] ___sys_sendmsg+0xf3/0x170 [ 2086.611600] ? sendmsg_copy_msghdr+0x160/0x160 [ 2086.612263] ? lock_downgrade+0x6d0/0x6d0 [ 2086.612873] ? find_held_lock+0x2c/0x110 [ 2086.613494] ? __fget_files+0x296/0x4c0 [ 2086.614095] ? __fget_light+0xea/0x290 [ 2086.614675] __sys_sendmsg+0xe5/0x1b0 [ 2086.615234] ? __sys_sendmsg_sock+0x40/0x40 [ 2086.615863] ? rcu_read_lock_any_held+0x75/0xa0 [ 2086.616544] ? __traceiter_irq_enable+0xc0/0xc0 [ 2086.617245] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.617385] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2086.617999] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2086.618016] ? trace_hardirqs_on+0x5b/0x180 [ 2086.618037] do_syscall_64+0x33/0x40 [ 2086.618064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2086.621581] RIP: 0033:0x7f28e3e30b19 [ 2086.622121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2086.624749] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2086.625860] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2086.626892] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2086.627918] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2086.628940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2086.629972] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2086.690894] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2086.692292] EXT4-fs (loop4): group descriptors corrupted! 01:13:54 executing program 7: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f00000000c0)) mq_open(&(0x7f0000000000)='.\\-*\\#\x00', 0x0, 0x0, 0x0) 01:13:54 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db", 0x1}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:13:54 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0", 0x2d, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:13:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x40000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2086.765207] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2086.766816] EXT4-fs (loop4): group descriptors corrupted! 01:13:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r3 = geteuid() mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20044, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="2c9bf0646e6f3d", @ANYRESHEX=r1, @ANYBLOB="2c6e6f657874656e642c6d6d61702c736d61636b66737472616e736d7574653d2f40ac2c61707072616973655f747970653d696d617369672c666f776e65723e", @ANYRESDEC=r3, @ANYBLOB="2c66736e616d653d9d2c6d61736b3d5e4d41595f524541442c61707072616973655f747970653d696d617369672c00"]) write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x1020) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3000002, 0x12, r4, 0xe6921000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x4022812, r0, 0x0) 01:13:55 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffbffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:13:55 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 4) [ 2086.961309] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2087.033190] FAULT_INJECTION: forcing a failure. [ 2087.033190] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.034995] CPU: 1 PID: 10866 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2087.035997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.037200] Call Trace: [ 2087.037599] dump_stack+0x107/0x167 [ 2087.038129] should_fail.cold+0x5/0xa [ 2087.038686] ? create_object.isra.0+0x3a/0xa20 [ 2087.039353] should_failslab+0x5/0x20 [ 2087.039905] kmem_cache_alloc+0x5b/0x310 [ 2087.040501] create_object.isra.0+0x3a/0xa20 [ 2087.041157] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.041900] kmem_cache_alloc_node+0x169/0x330 [ 2087.042568] __alloc_skb+0x6d/0x5b0 [ 2087.043105] netlink_sendmsg+0x998/0xdf0 [ 2087.043711] ? netlink_unicast+0x7f0/0x7f0 [ 2087.044338] ? netlink_unicast+0x7f0/0x7f0 [ 2087.044952] __sock_sendmsg+0x154/0x190 [ 2087.045545] ____sys_sendmsg+0x70d/0x870 [ 2087.046144] ? sock_write_iter+0x3d0/0x3d0 [ 2087.046757] ? do_recvmmsg+0x6d0/0x6d0 [ 2087.047325] ? perf_trace_lock+0xac/0x490 [ 2087.047934] ? __lockdep_reset_lock+0x180/0x180 [ 2087.048605] ? perf_trace_lock+0xac/0x490 [ 2087.049215] ? SOFTIRQ_verbose+0x10/0x10 [ 2087.049811] ___sys_sendmsg+0xf3/0x170 [ 2087.050387] ? sendmsg_copy_msghdr+0x160/0x160 [ 2087.051058] ? lock_downgrade+0x6d0/0x6d0 [ 2087.051670] ? find_held_lock+0x2c/0x110 [ 2087.052269] ? __fget_files+0x296/0x4c0 [ 2087.052866] ? __fget_light+0xea/0x290 [ 2087.053453] __sys_sendmsg+0xe5/0x1b0 [ 2087.054007] ? __sys_sendmsg_sock+0x40/0x40 [ 2087.054639] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.055311] ? __traceiter_irq_enable+0xc0/0xc0 01:13:55 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, 0x0, 0x38}}], 0x1, 0x0) [ 2087.056004] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 01:13:55 executing program 7: ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="09000010000000002e2f66696c653000da2e9c6df443b7747a0b6392895554820f17387a1f"]) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002740), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="9399c15a", @ANYRES16=r2, @ANYBLOB="010300000000000000000f00000004000180"], 0x18}}, 0x0) getxattr(&(0x7f0000001500)='./file0\x00', &(0x7f0000004080)=@known='user.incfs.id\x00', &(0x7f00000040c0)=""/190, 0xbe) clock_gettime(0x0, &(0x7f0000001c00)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003e00)=[{{&(0x7f0000000140)=@caif=@rfm, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)=""/165, 0xa5}, {&(0x7f0000004180)=""/30, 0x1e}, {&(0x7f0000000400)=""/113, 0x71}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000480)=""/216, 0xd8}, {&(0x7f0000000580)=""/178, 0xb2}], 0x6, &(0x7f00000006c0)=""/250, 0xfa}}, {{&(0x7f00000007c0)=@tipc=@name, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000840)=""/85, 0x55}], 0x1}, 0x7}, {{&(0x7f0000000900)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000041c0)=""/102400, 0x19000}, {&(0x7f00000009c0)=""/50, 0x32}], 0x2, &(0x7f0000000a40)=""/31, 0x1f}, 0x4}, {{&(0x7f0000000a80)=@caif=@util, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000b00)=""/245, 0xf5}, {&(0x7f0000000c00)=""/88, 0x58}], 0x2, &(0x7f0000000cc0)=""/130, 0x82}, 0x4}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000d80)=""/93, 0x5d}, {&(0x7f000001e1c0)=""/4106, 0x100a}, {&(0x7f000001d1c0)=""/4096, 0x1000}], 0x3, &(0x7f0000000e40)=""/58, 0x3a}, 0x2}, {{&(0x7f0000000e80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000f00)=""/133, 0x85}, {&(0x7f0000000fc0)=""/104, 0x68}, {&(0x7f0000001040)=""/103, 0x67}], 0x3, &(0x7f0000001100)=""/69, 0x45}, 0xfffffff7}, {{&(0x7f0000001180)=@alg, 0x80, &(0x7f0000001380)=[{&(0x7f0000001200)=""/130, 0x82}, {&(0x7f00000012c0)=""/177, 0xb1}], 0x2}, 0x3ff}, {{&(0x7f00000013c0)=@generic, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001440)=""/124, 0x7c}, {&(0x7f00000014c0)=""/60, 0x3c}, {&(0x7f0000001500)}, {&(0x7f0000001540)=""/112, 0x70}], 0x4, &(0x7f0000001600)=""/4, 0x4}, 0xffffff01}, {{&(0x7f0000001640)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000001980)=[{&(0x7f00000016c0)=""/103, 0x67}, {&(0x7f0000001740)=""/218, 0xda}, {&(0x7f0000001840)=""/250, 0xfa}, {&(0x7f0000001940)=""/23, 0x17}], 0x4, &(0x7f00000019c0)=""/244, 0xf4}, 0x9}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001ac0)=""/235, 0xeb}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x2}, 0x2}], 0xa, 0x2140, &(0x7f0000001c40)={r3, r4+60000000}) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001d40)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001c80)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000127bd7000fddbdf25100000006000018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="14000200771f0000000000000000000000000000140002006c6f00000000000000000000000000001400020076657468315f746f5f62617461647600080003000100000008000300010000000800070040000000"], 0x7c}, 0x1, 0x0, 0x0, 0xc0}, 0x4004814) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r6, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) creat(&(0x7f0000000000)='./file2\x00', 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x134}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x4, 0x0, @fd, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x1}, 0x5) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040)}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(r7, 0x0, 0x2) r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x12e) copy_file_range(r8, 0x0, r7, 0x0, 0x200f5ef, 0x0) [ 2087.056968] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.057971] ? trace_hardirqs_on+0x5b/0x180 [ 2087.058640] do_syscall_64+0x33/0x40 [ 2087.059193] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.059938] RIP: 0033:0x7f28e3e30b19 [ 2087.060489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.063115] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2087.064218] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2087.065252] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2087.066286] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.067308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2087.068336] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2087.087052] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2087.088726] EXT4-fs (loop4): group descriptors corrupted! [ 2087.126927] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2087.128398] EXT4-fs (loop4): group descriptors corrupted! [ 2087.137792] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:14:13 executing program 1: r0 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x1) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x2, 0xfdef, 0x0, 0x0) timer_delete(0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x4012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3d8a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000), 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) open_by_handle_at(r1, &(0x7f0000000000)=@ocfs2_parent={0x18, 0x2, {{0x3648}, {0x3ff}}}, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r1, 0x40046210, &(0x7f0000000240)=0x1) timer_settime(0x0, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x18, 0x16, 0xd01, 0x70bd2a, 0x0, {0xd}, [@nested={0x4, 0x29}]}, 0x18}}, 0x0) read(r2, &(0x7f0000000080)=""/65, 0x41) timer_gettime(0x0, &(0x7f0000000080)) r3 = gettid() r4 = socket$nl_xfrm(0x10, 0x3, 0x6) getpeername(r4, &(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @dev}}, &(0x7f0000000340)=0x80) rt_sigqueueinfo(r3, 0x0, &(0x7f0000000600)) capset(&(0x7f0000000140)={0x20080522, r3}, &(0x7f0000000180)={0x4, 0xcba, 0x6, 0x3, 0x800, 0x5}) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 01:14:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x40020000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:13 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:14:13 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/module/acpi_cpufreq', 0x73fa01, 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x60000, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffe3) r2 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x1, 0x0, 0x6, 0x9, 0x0, 0x1002, 0x2200, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000000c0)}, 0x10001, 0x61a0, 0x6, 0x8, 0xffff, 0x10000, 0x7, 0x0, 0x6, 0x0, 0x101}, 0x0, 0x6, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000040)) chdir(&(0x7f0000000040)='./file0\x00') r4 = accept(r1, &(0x7f0000000200)=@hci, &(0x7f0000000280)=0x80) sendmsg$sock(r4, &(0x7f0000000580)={&(0x7f00000002c0)=@llc={0x1a, 0x104, 0x7f, 0x0, 0x4, 0x81, @random="cc4f82d7c6fa"}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000340)="59fba8aa2a5accfd2ffe25604823b582810c6b5481ac60ebf93cbae260d0d09efe17", 0x22}, {&(0x7f0000000380)="a60e99da1f6e3bd4f5d59070070b92ddf1b94442c99e37d9cf490817df86a77963da14", 0x23}, {&(0x7f00000003c0)="423c4119fc5dfc386150d81a160a24fb21882bd529c9bf1d57bafd0f1f3b4086923caa1ce3210cbe681ba1dc030d0bd4410427e54aa5bc2a5a59125263269926902adbc305f0dabf1cbb158dc4a59b84ef6f3b723196284bb64e1c8ba0cba678d2bbc760d478ec9315576c467f1f7b86b4fbc7787306d7c3b387ab6cd9d1345ed6eaa695e4c456fdab3356a9bd6ace5edf53e214f300f80a37c5318b89cf890d7841c7d0691a3f4e699254793ca346c5deb6e0da5eb16188f17dc3584a773856dfa59e104926978fdf57ea07ddcacf63c433e7764692adf38186c695ce033cbdbb7565b4bfbd9a80f9af69a1fdbc04ca384d77af6464", 0xf6}], 0x3, &(0x7f0000000500)=[@timestamping={{0x14, 0x1, 0x25, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x9ef0}}, @mark={{0x14, 0x1, 0x24, 0x4}}], 0x48}, 0x4000) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r5, 0xffffffffffffffff, 0x0, 0x7ffffff9) connect$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x2, 0x4e20, @multicast1}, 0x10) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000680)={{0x1, 0x1, 0x18, r2, {0x8}}, './file0\x00'}) perf_event_open(&(0x7f0000000600)={0x4, 0x80, 0x4, 0x16, 0x4, 0x1, 0x0, 0x1f, 0x8c00, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x4ba, 0x8}, 0x10100, 0x7fffffff, 0x8, 0x2, 0xaf6f, 0x2, 0x54, 0x0, 0x7, 0x0, 0x4}, 0x0, 0x4, r6, 0xa) 01:14:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffff7ff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:13 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 5) 01:14:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, 0x0, 0x38}}], 0x1, 0x0) 01:14:13 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0", 0x2d, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2105.112483] FAULT_INJECTION: forcing a failure. [ 2105.112483] name failslab, interval 1, probability 0, space 0, times 0 [ 2105.114530] CPU: 0 PID: 10894 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2105.115652] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2105.116987] Call Trace: [ 2105.117438] dump_stack+0x107/0x167 [ 2105.118039] should_fail.cold+0x5/0xa [ 2105.118680] should_failslab+0x5/0x20 [ 2105.119310] __kmalloc_node_track_caller+0x74/0x3b0 [ 2105.120136] ? netlink_sendmsg+0x998/0xdf0 [ 2105.120839] __alloc_skb+0xb1/0x5b0 [ 2105.121502] netlink_sendmsg+0x998/0xdf0 [ 2105.122242] ? netlink_unicast+0x7f0/0x7f0 [ 2105.122958] ? netlink_unicast+0x7f0/0x7f0 [ 2105.123633] __sock_sendmsg+0x154/0x190 [ 2105.124269] ____sys_sendmsg+0x70d/0x870 [ 2105.124917] ? sock_write_iter+0x3d0/0x3d0 [ 2105.125598] ? do_recvmmsg+0x6d0/0x6d0 [ 2105.126225] ? perf_trace_lock+0xac/0x490 [ 2105.126898] ? __lockdep_reset_lock+0x180/0x180 [ 2105.127642] ? perf_trace_lock+0xac/0x490 [ 2105.128309] ___sys_sendmsg+0xf3/0x170 [ 2105.128946] ? sendmsg_copy_msghdr+0x160/0x160 [ 2105.129687] ? lock_downgrade+0x6d0/0x6d0 [ 2105.130354] ? find_held_lock+0x2c/0x110 [ 2105.131014] ? __fget_files+0x296/0x4c0 [ 2105.131668] ? __fget_light+0xea/0x290 [ 2105.132300] __sys_sendmsg+0xe5/0x1b0 [ 2105.132912] ? __sys_sendmsg_sock+0x40/0x40 [ 2105.133609] ? __traceiter_irq_enable+0xc0/0xc0 [ 2105.134370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2105.135202] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2105.136029] ? trace_hardirqs_on+0x5b/0x180 [ 2105.136726] do_syscall_64+0x33/0x40 [ 2105.137335] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2105.138149] RIP: 0033:0x7f28e3e30b19 [ 2105.138754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2105.141653] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2105.142874] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2105.144005] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2105.145134] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2105.146266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2105.147396] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 01:14:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x4eabee3e, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2105.181624] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2105.183313] EXT4-fs (loop4): group descriptors corrupted! [ 2105.189403] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:14:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, 0x0, 0x38}}], 0x1, 0x0) [ 2105.237839] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2105.239417] EXT4-fs (loop4): group descriptors corrupted! 01:14:13 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f", 0x44, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:14:13 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 6) 01:14:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffbff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = dup2(r1, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, r2, 0x0, 0x7ffffff9) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x4, 0x2, 0x0, 0x0, 0x0, r3}, &(0x7f00000a0000)=nil, &(0x7f000017b000/0x1000)=nil, 0x0, &(0x7f0000000140)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r4, 0x0) io_uring_enter(0xffffffffffffffff, 0x23d2, 0x53b4, 0x3, &(0x7f0000000380)={[0x7f]}, 0x8) fork() 01:14:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x54000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000"], 0x38}}], 0x1, 0x0) [ 2105.437333] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2105.443978] EXT4-fs error (device loop6): ext4_fill_super:4962: inode #2: comm syz-executor.6: iget: special inode unallocated [ 2105.447309] EXT4-fs (loop6): get root inode failed [ 2105.447997] EXT4-fs (loop6): mount failed [ 2105.458357] FAULT_INJECTION: forcing a failure. [ 2105.458357] name failslab, interval 1, probability 0, space 0, times 0 [ 2105.460307] CPU: 0 PID: 10917 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2105.461437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2105.462771] Call Trace: [ 2105.463216] dump_stack+0x107/0x167 [ 2105.463823] should_fail.cold+0x5/0xa [ 2105.464461] ? create_object.isra.0+0x3a/0xa20 [ 2105.465221] should_failslab+0x5/0x20 [ 2105.465858] kmem_cache_alloc+0x5b/0x310 [ 2105.466537] create_object.isra.0+0x3a/0xa20 [ 2105.467258] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2105.468097] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2105.468921] ? netlink_sendmsg+0x998/0xdf0 [ 2105.469640] __alloc_skb+0xb1/0x5b0 [ 2105.470250] netlink_sendmsg+0x998/0xdf0 [ 2105.470934] ? netlink_unicast+0x7f0/0x7f0 [ 2105.471646] ? netlink_unicast+0x7f0/0x7f0 [ 2105.472350] __sock_sendmsg+0x154/0x190 [ 2105.473004] ____sys_sendmsg+0x70d/0x870 [ 2105.473677] ? sock_write_iter+0x3d0/0x3d0 [ 2105.474363] ? do_recvmmsg+0x6d0/0x6d0 [ 2105.475009] ? perf_trace_lock+0xac/0x490 [ 2105.475698] ? __lockdep_reset_lock+0x180/0x180 [ 2105.476454] ? perf_trace_lock+0xac/0x490 [ 2105.477146] ___sys_sendmsg+0xf3/0x170 [ 2105.477799] ? sendmsg_copy_msghdr+0x160/0x160 [ 2105.478553] ? lock_downgrade+0x6d0/0x6d0 [ 2105.479238] ? find_held_lock+0x2c/0x110 [ 2105.479920] ? __fget_files+0x296/0x4c0 [ 2105.480591] ? __fget_light+0xea/0x290 [ 2105.481244] __sys_sendmsg+0xe5/0x1b0 [ 2105.481885] ? __sys_sendmsg_sock+0x40/0x40 [ 2105.482594] ? __traceiter_irq_enable+0xc0/0xc0 [ 2105.483388] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2105.484242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2105.485085] ? trace_hardirqs_on+0x5b/0x180 [ 2105.485804] do_syscall_64+0x33/0x40 [ 2105.486425] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2105.487258] RIP: 0033:0x7f28e3e30b19 [ 2105.487884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2105.490838] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2105.492082] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2105.493248] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2105.494419] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2105.495580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2105.496744] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2105.564934] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2105.602943] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2105.604300] EXT4-fs (loop4): group descriptors corrupted! [ 2105.636212] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2105.637431] EXT4-fs (loop4): group descriptors corrupted! 01:14:31 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000"], 0x38}}], 0x1, 0x0) 01:14:31 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 7) 01:14:31 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f", 0x44, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:14:31 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)=ANY=[@ANYBLOB="3400000010000100060000000000000000000000050000000000002c5910fa548fb2661a7d12b500150000809be149f8326500000ad022cea3b5906ed71efbac71604114ae634a1d3f5b42332fdb1ddff6c996d594f336ade7daae4433b91e5be24f079e43a9064d68a1d6a3cb91015718c60269295ef52ee6f3acaab637ceb7852dafdf71f385cfa97aa0b4888bc37e88bda6372e3668ad38b7f74f5579af15595a0c30cb611c48d698f5ab174fbc688112a84bc0f1ed5b30c723ba82fedf97000c195cdd6e5a3ec69861582d62e9182637b26db43c04d57f6347516027b7371ef6d57bb665800245e02e023c7cbd35dd92db51b6b9e621f72cd7ee1b2062b45aa514f7a9df82b468015ca553a28ee53e37f0e726fb6627a0f1e689027bf58f88047ba1eb3937f3cebf702e68208f9fc4a79a083b18e58636dca0040233fd2b08cad839347f168f0e53fbfb1583a4ee507c7b4d0dd55828016e866077e67f2462000000000000000000000000000000000000000000000000000000000000354053bbeaad9eed7065884d031e791fcd8949b36097b1b497fdf05a6e02016ed94378bb10d057442cc06b0a0d49f9f4d4102cfeb32027d693f9ba67a7cf60ec6d35a96a9ebf699712b310740e532fa5f2dde8d0bbfbdd6dc187da04aaf58a4c6989d95cfbbf807dad69ac107553b40efd7f3607605bb396a18a4b7f81abfbf0de65e94275640b7643c0281b11d4bc988e330788dc6bf5c623b2e5d08588b4ff9ccbccbea2b8ca48da7205e34c4048d54e36c4637601d97864a81a8107cd9eb840f573e0e9569e4202415a0910deac7bab6c7c1ddabe2d31f07018eee2034ce8264bb01254ebc469baec17e36b18e87d3ec70ba8d2e6119c4a6b21bb74006d8449f910a5ea797d56d14b4244fb91b3751751af1fc3df9c3a091cb9127a9b42004a0b4c8d492fabb0e2afc782d728ba3c2e395d4e8051d2ab0d2e273acb289a9747d12afa87a836e3d81ae1e3a25b1202d796c93ae614e32434bebd70b8d7c9ffe6099ae233998d78380892fc673eda9377df20a7deb69a7dde26f4b743fe"], 0x34}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_io_uring_setup(0x3167, &(0x7f0000000ac0)={0x0, 0x8, 0x0, 0x0, 0x108, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) r6 = io_uring_setup(0x6491, &(0x7f00000008c0)={0x0, 0x2752, 0x4, 0x94d, 0x1d1, 0x0, r1}) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco}, 0x0) r7 = eventfd2(0x8, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000000040)={0x3, 0x2}) io_uring_enter(r1, 0x76d3, 0x80, 0x1, 0x0, 0x0) r8 = fsmount(r5, 0x0, 0x0) execveat(r8, &(0x7f0000000180)='./file0\x00', &(0x7f00000005c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000bc0)='\x00\x80C\x107\xa64\xee\xbd*\xd4o\x8a?[\x98\xf29\xee\xc7\x90\x97\xaa\xc3\xc8Zq\xf3\x91\x04[S\\B2m=V\x89\x99\x96Q\xcaA\x18\xaf\xaf:\xf1\xab\x80\"\x7f\xb3\x18\xfe\xd7\xbd\xcd\xcdIf\xae\xb5\x87\xb8#\xe1\xbe\xec\xf0\t\xa1\xf7\xa7\xb1\x9d\xc7\xc2\xf0\x02\xaf\xc4\xd0@\xc2\x12\'\xb9\x9a\xea\x90e%\xe6\xd2E\x19E/\xc6\x17gB0Qim\x82u\x0fZ\xa9\x14\xf5\xc7X\xa9\x00\xb7\xaf\xcfouN\xbd\xb2\t^\xbe&~\xa7l\xfa\x036\x1c\"\x80\xfc/\x9b\x95\xf1!K\xc5{\xe7\xfdB[\xca\x87\x9bc\x98dg\x1a\xa1\xaa\xb4\x19\x7f\xa7\x90y\x9fq\xf5\x8a\xa9 \xa6\xdd\xf0+gb\xa6g\\\xec\tz\x06\xdf\x1a\x9c\xc9\xf7\xcc\x85\xb4G\xe9\xd3D\xf4\x8c\n\x17\xd5\x00\xf18\xb3T', &(0x7f0000000480)='\x00', &(0x7f0000000cc0)='\"6\x03hl\xda/=\xf4\x11\x9eM\xccp\xafk\x18\x86\xa3>\xf5\xb9\x87\x16\x1c\xc6\xb0a\x1a\vs}\xab\xc1\xcd\x98\x9d(\x89\xbe\xc4R\x0fc\x81\xe4\xbc\xa5G\x84\xcb\xa9\x8b\xa1\xbc\x8f\xe6Fh\xfcAW\x91\xd5\xfe{\xaf\xa9\xaa! \xb0\x8a\xe7\xe2\xfb\x10\xf0\t\x95\x15\xa9{`\xb7J\xa3>\xd4\x9c\x1f\xa0\xdf\xa9p\x89\xaa\xae\xdf!N\x10\x93\x96\xabR\xacs\x86|#\xdca\xf0\x9aq\xac\xce\x1ft\\\xfb\"\xd7lP\r;{\x91\x8b\xf7 I\x8c\x8a\xf6H\x10d\xa4%\x98&\xae\xf9}\xb8\x97\xe5#\xff $d\x84\xac\xf2\xce\xb1&=4\xeaK`\x1e\x91vf\xe4\xf3\xb1)\x11\xa3\x10\\\x0e([i\xe3@\xb05\xf3\xa7~\x0e+\xee\xe1|@\xe1\x90\xcf\x97\x84K', &(0x7f0000000500)='\x00', &(0x7f0000000540)='\x00', &(0x7f0000000a00)='\x009\x1c\xaf\x14\xe6\xeb\xe9\xf1\xccO@\xbd\xfc\xbdN\xfa\x93Z\x94\xfd\xc6]\xc3\x81g\x95\'\xb7\xf2\xe8\xbf\xd3\xf3\"\xf0Z\x93T\xa1\xc6\x10\x01\xba\xf0\x11\x01 \x94X\x7fQ\xa6\v\xfa\xc2\\$\xad\x96A\xd6\xdf|\x0e,c\xc4\x13\xfb\x91\xc5|{\xde\'xb\xcd\xb2\x177\x83\'\xdb\xf6y_\x10\x87\x01\xd4\xb1\x9b\xe4\xac\xf0D4\xe6v\x86\x02^bt\xbf!b\xd4k\x11\xf5Nj\x97P\b\xf2\xdd\r\xaa,g\xfc\x8f*\bq\x10wl\xe0\x02HG)\xa0\xb9%\x12\x9fx]\xf8Gz`\xfd\x00l\xe9<\xa5\xbd\x9f\x80\xa5\x0f\xd3\xf7\xc8\x98'], &(0x7f0000000840)=[&(0x7f0000000600)='[*\x00', &(0x7f0000000000)='\xff\xb1\xc2k\xc9\xbf1Q\x9e^\x9a\x9dOW\xa5\x0el\xd2~\xa7%\xa5 \rZ\x81l\xa6\x97\xc6\xb90S\x04\x9b\xcb', &(0x7f0000000680)='\x00', &(0x7f0000000940)=']\xadt\xe0\r\xa3\xd7\xe8\x91\x90\n\x03_\x85\xa9\'E\xae\"\xeb]DE\xa3w\x8b\x94\xf7Yf\x03\x00\xd2:-\xab7\xd0\xf6\x0e\x903U\xe1\xe2\x8cS*HC\x17\xa0}@\xf4.\x87]\xed\x1f\x1e\xe8;\xfd\xee$\x8f\xba\xa5@\"\x93\xf7yR\x95z\x95\xc4\x03{\x11\xbe\xb3e\xb8B\x13\xa3uh\xcf\x11\xc7{Y\x0fp\x031\xb1/b_mq\x96\xccc\xa7\xbb\xb4T\x00J\xd7\xb8\n\xd4\xd9B\xa9\xec\xc5\xb5\x0e\xf1Q\x03\xbcX\x8d\xb2\xf6^\xb9\xc8\xa5\xdc\xa5\xcb\xde\xd3\xd03\xcc\xbe\xed\x9b\xbd\xcbb\x91\x98\x80\xe1X(t\xda\xd3F\x02\xa9\xa0\x81\xce;{\xfa\xba\xa3,{\xe87\xf6\x0f\xf9M\xb5mz', &(0x7f0000000700)='\x00', &(0x7f0000000740)='\x00', &(0x7f0000000100)='!\x9b', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00'], 0x1000) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000280)=0x2b8) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r10 = dup2(r6, r5) openat(r10, &(0x7f00000000c0)='./file0\x00', 0x200040, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r9, 0x0) 01:14:31 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:14:31 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x62000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:31 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdf9, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000016c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="400000001f0020002cbd0000008000000001000004d20a00050000005ec72ab9e00000000000000000030000000000"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000980)=ANY=[@ANYBLOB="8401000010000100000000000000000000000000000000000000ffffac14140dfe8000000000000000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="fe8800000000000000000000000001010000000032000000fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00040000000000000000005800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000f24aa6b13c2e62f3556b1cbcfeac2a008001800fd00000028001a00e0000001000000000000000000000000ac1414bb000066ebe93c0000000000000a0008800c000f0000000000"], 0x184}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) fallocate(r1, 0x4, 0x2, 0x2) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f00000004c0)={{0x7}, 0x100, './file0\x00'}) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0) sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xfffffffffffffeb3, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x1}, 0x24048811) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0/../file0\x00', 0x122) [ 2123.811981] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.7'. 01:14:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000"], 0x38}}], 0x1, 0x0) [ 2123.830892] FAULT_INJECTION: forcing a failure. [ 2123.830892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2123.832897] CPU: 0 PID: 10950 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2123.834047] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2123.835411] Call Trace: [ 2123.835871] dump_stack+0x107/0x167 [ 2123.836486] should_fail.cold+0x5/0xa [ 2123.837139] _copy_from_iter_full+0x201/0xa60 [ 2123.837900] ? __virt_addr_valid+0x170/0x5c0 [ 2123.838641] ? __check_object_size+0x319/0x440 [ 2123.839414] netlink_sendmsg+0x879/0xdf0 [ 2123.840106] ? netlink_unicast+0x7f0/0x7f0 [ 2123.840836] ? netlink_unicast+0x7f0/0x7f0 [ 2123.841533] __sock_sendmsg+0x154/0x190 [ 2123.842219] ____sys_sendmsg+0x70d/0x870 [ 2123.842886] ? sock_write_iter+0x3d0/0x3d0 [ 2123.843567] ? do_recvmmsg+0x6d0/0x6d0 [ 2123.844214] ? perf_trace_lock+0xac/0x490 [ 2123.844894] ? __lockdep_reset_lock+0x180/0x180 [ 2123.845645] ? perf_trace_lock+0xac/0x490 [ 2123.846321] ___sys_sendmsg+0xf3/0x170 [ 2123.846950] ? sendmsg_copy_msghdr+0x160/0x160 [ 2123.847706] ? lock_downgrade+0x6d0/0x6d0 [ 2123.848375] ? find_held_lock+0x2c/0x110 [ 2123.849049] ? __fget_files+0x296/0x4c0 [ 2123.849718] ? __fget_light+0xea/0x290 [ 2123.850357] __sys_sendmsg+0xe5/0x1b0 [ 2123.850975] ? __sys_sendmsg_sock+0x40/0x40 [ 2123.851678] ? __traceiter_irq_enable+0xc0/0xc0 [ 2123.852441] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2123.853294] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2123.854133] ? trace_hardirqs_on+0x5b/0x180 [ 2123.854840] do_syscall_64+0x33/0x40 [ 2123.855437] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2123.856268] RIP: 0033:0x7f28e3e30b19 [ 2123.856866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:14:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x91ffffff, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2123.859844] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2123.861221] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2123.862379] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2123.863543] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2123.864697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2123.865862] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2123.888072] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2123.889467] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2123.912528] EXT4-fs error (device loop6): ext4_fill_super:4962: inode #2: comm syz-executor.6: iget: special inode unallocated [ 2123.915260] EXT4-fs (loop6): get root inode failed [ 2123.916350] EXT4-fs (loop6): mount failed [ 2123.917208] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2123.918544] EXT4-fs (loop4): group descriptors corrupted! 01:14:32 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 8) [ 2123.976056] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2123.977212] EXT4-fs (loop4): group descriptors corrupted! 01:14:32 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfc, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:32 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f", 0x44, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:14:32 executing program 7: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlink(&(0x7f0000000180)='./file1\x00', &(0x7f0000000980)='./file1\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000090}, 0x4000000) open_by_handle_at(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="640000004f000000d199cf99708ab3b1852b8ec576d1f1e9d2fbfc6eb4e3844d2a5e66af0bc7e7726078578eacefcc28d9dce2a883acedd07091448ed8e5668c7bf46632e043d5fcdf36455826ae966522a2b8b2db14dc2eab04ec4035d98119060ee6622a38bbed2f960000733f3e1062b6b931e8b8a16a285069ae36ca13d1ef84b86c93caa6792a0e25a695abe4e8d725ab32adab65e3ad25b504f8e115427ca03b7d95c488b29708e1df90ab015812a9f98afedd9d7a3602e36dcd9275a8308d63d584321a1b5bc68f0cb3ff7ed554eb2d645860"], 0x200900) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000340)={{0x1, 0x1, 0x18, r0, {0x5985}}, './file1\x00'}) setsockopt$inet6_tcp_int(r3, 0x6, 0x11, &(0x7f0000000400)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$setstatus(r2, 0x4, 0xc00) eventfd(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmsg$inet6(r2, &(0x7f00000006c0)={0x0, 0x56, &(0x7f0000000080)=[{&(0x7f00000001c0)="cf", 0x1}, {&(0x7f00000000c0)="9a17e64cdc67bd627708c4", 0xb}, {&(0x7f0000000100)="11fa030674fe5d5c8842559152d3126c4249dfe24d8d98a6439e8cb160e171b641b5cd528f240594de4abf45957c095ea90b68d62f55fc64541601bff7e106fb023db64e8c15f6346c745da761ffee826727bd98b2bffae59c91c021ffc59f6081dbaa196e95a3b173cddce6b01c1e5bac179d6881414edcc12bf994d30576798a19d0f9db5d054e8fdf2821230a23ed81a02369234a399d7115", 0x9a}, {&(0x7f0000000380)="d21e0ed1ee27c972fd2bef67c6a077b239514e0a205b38c982a5a6ca75c562f403f161f541cbc23b2e120f45812688f0de482c2bf16064f11091e836607a0e0217e4ccf2cc1e962d"}], 0x3}, 0x38008004) dup2(r1, r2) readlink(&(0x7f0000000440)='./file1\x00', &(0x7f0000000480)=""/5, 0x5) lchown(&(0x7f0000000000)='./file1\x00', 0x0, 0xee00) [ 2124.110281] FAULT_INJECTION: forcing a failure. [ 2124.110281] name failslab, interval 1, probability 0, space 0, times 0 [ 2124.111592] CPU: 1 PID: 10975 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2124.112358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2124.113271] Call Trace: [ 2124.113592] dump_stack+0x107/0x167 [ 2124.113998] should_fail.cold+0x5/0xa [ 2124.114422] ? __alloc_skb+0x6d/0x5b0 [ 2124.114841] should_failslab+0x5/0x20 [ 2124.115259] kmem_cache_alloc_node+0x55/0x330 [ 2124.115752] __alloc_skb+0x6d/0x5b0 [ 2124.116159] netlink_dump+0x735/0x1050 [ 2124.116586] ? netlink_deliver_tap+0xcc0/0xcc0 [ 2124.117084] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2124.117625] ? security_capable+0x95/0xc0 [ 2124.118085] __netlink_dump_start+0x649/0x900 [ 2124.118585] ? xfrm_compile_policy+0x610/0x610 [ 2124.119077] xfrm_user_rcv_msg+0x6b6/0x830 [ 2124.119537] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2124.120087] ? xfrm_compile_policy+0x610/0x610 [ 2124.120581] ? xfrm_dump_policy_start+0x20/0x20 [ 2124.121105] ? lock_acquire+0x197/0x470 [ 2124.121537] ? xfrm_netlink_rcv+0x5c/0x90 [ 2124.121997] ? lock_release+0x680/0x680 [ 2124.122433] ? perf_trace_lock+0xac/0x490 [ 2124.122894] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2124.123489] ? SOFTIRQ_verbose+0x10/0x10 [ 2124.124054] ? __lockdep_reset_lock+0x180/0x180 [ 2124.124633] ? __mutex_lock+0x4fe/0x10b0 [ 2124.125204] ? __lockdep_reset_lock+0x180/0x180 [ 2124.125800] netlink_rcv_skb+0x14b/0x430 [ 2124.126249] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2124.126782] ? netlink_ack+0xab0/0xab0 [ 2124.127216] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2124.127717] xfrm_netlink_rcv+0x6b/0x90 [ 2124.128148] netlink_unicast+0x549/0x7f0 [ 2124.128594] ? netlink_attachskb+0x870/0x870 [ 2124.129083] netlink_sendmsg+0x90f/0xdf0 [ 2124.129524] ? netlink_unicast+0x7f0/0x7f0 [ 2124.130004] ? netlink_unicast+0x7f0/0x7f0 [ 2124.130457] __sock_sendmsg+0x154/0x190 [ 2124.130951] ____sys_sendmsg+0x70d/0x870 [ 2124.131458] ? sock_write_iter+0x3d0/0x3d0 [ 2124.132014] ? do_recvmmsg+0x6d0/0x6d0 [ 2124.132585] ? perf_trace_lock+0xac/0x490 [ 2124.133055] ? __lockdep_reset_lock+0x180/0x180 [ 2124.133560] ? perf_trace_lock+0xac/0x490 [ 2124.134005] ? SOFTIRQ_verbose+0x10/0x10 [ 2124.134443] ___sys_sendmsg+0xf3/0x170 [ 2124.134861] ? sendmsg_copy_msghdr+0x160/0x160 [ 2124.135354] ? lock_downgrade+0x6d0/0x6d0 [ 2124.135801] ? find_held_lock+0x2c/0x110 [ 2124.136244] ? __fget_files+0x296/0x4c0 [ 2124.136682] ? __fget_light+0xea/0x290 [ 2124.137107] __sys_sendmsg+0xe5/0x1b0 [ 2124.137523] ? __sys_sendmsg_sock+0x40/0x40 [ 2124.138048] ? rcu_read_lock_any_held+0x75/0xa0 [ 2124.138609] ? __traceiter_irq_enable+0xc0/0xc0 [ 2124.139230] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2124.139940] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2124.140546] ? trace_hardirqs_on+0x5b/0x180 [ 2124.141008] do_syscall_64+0x33/0x40 [ 2124.141408] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2124.141971] RIP: 0033:0x7f28e3e30b19 [ 2124.142371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2124.144288] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2124.145088] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2124.145977] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2124.146870] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2124.147776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2124.148525] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 01:14:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xdb83c10d, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32], 0x38}}], 0x1, 0x0) [ 2124.271784] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2124.273246] EXT4-fs (loop4): group descriptors corrupted! [ 2124.321007] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2124.337250] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2124.338900] EXT4-fs (loop4): group descriptors corrupted! [ 2124.347006] EXT4-fs error (device loop6): ext4_fill_super:4962: inode #2: comm syz-executor.6: iget: special inode unallocated [ 2124.348866] EXT4-fs (loop6): get root inode failed [ 2124.349327] EXT4-fs (loop6): mount failed 01:14:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 9) 01:14:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xe8030000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:51 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(0xffffffffffffffff, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:14:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x24, 0x10, 0x1, 0x0, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x5, 0x0, 0x0, 0x1, [@generic='H']}]}, 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x101800, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) 01:14:51 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfd, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f0000000000000000010000", 0x4f, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:14:51 executing program 7: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlink(&(0x7f0000000180)='./file1\x00', &(0x7f0000000980)='./file1\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000090}, 0x4000000) open_by_handle_at(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="640000004f000000d199cf99708ab3b1852b8ec576d1f1e9d2fbfc6eb4e3844d2a5e66af0bc7e7726078578eacefcc28d9dce2a883acedd07091448ed8e5668c7bf46632e043d5fcdf36455826ae966522a2b8b2db14dc2eab04ec4035d98119060ee6622a38bbed2f960000733f3e1062b6b931e8b8a16a285069ae36ca13d1ef84b86c93caa6792a0e25a695abe4e8d725ab32adab65e3ad25b504f8e115427ca03b7d95c488b29708e1df90ab015812a9f98afedd9d7a3602e36dcd9275a8308d63d584321a1b5bc68f0cb3ff7ed554eb2d645860"], 0x200900) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000340)={{0x1, 0x1, 0x18, r0, {0x5985}}, './file1\x00'}) setsockopt$inet6_tcp_int(r3, 0x6, 0x11, &(0x7f0000000400)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$setstatus(r2, 0x4, 0xc00) eventfd(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmsg$inet6(r2, &(0x7f00000006c0)={0x0, 0x56, &(0x7f0000000080)=[{&(0x7f00000001c0)="cf", 0x1}, {&(0x7f00000000c0)="9a17e64cdc67bd627708c4", 0xb}, {&(0x7f0000000100)="11fa030674fe5d5c8842559152d3126c4249dfe24d8d98a6439e8cb160e171b641b5cd528f240594de4abf45957c095ea90b68d62f55fc64541601bff7e106fb023db64e8c15f6346c745da761ffee826727bd98b2bffae59c91c021ffc59f6081dbaa196e95a3b173cddce6b01c1e5bac179d6881414edcc12bf994d30576798a19d0f9db5d054e8fdf2821230a23ed81a02369234a399d7115", 0x9a}, {&(0x7f0000000380)="d21e0ed1ee27c972fd2bef67c6a077b239514e0a205b38c982a5a6ca75c562f403f161f541cbc23b2e120f45812688f0de482c2bf16064f11091e836607a0e0217e4ccf2cc1e962d"}], 0x3}, 0x38008004) dup2(r1, r2) readlink(&(0x7f0000000440)='./file1\x00', &(0x7f0000000480)=""/5, 0x5) lchown(&(0x7f0000000000)='./file1\x00', 0x0, 0xee00) 01:14:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32], 0x38}}], 0x1, 0x0) [ 2143.222001] FAULT_INJECTION: forcing a failure. [ 2143.222001] name failslab, interval 1, probability 0, space 0, times 0 [ 2143.223886] CPU: 1 PID: 11016 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2143.224912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2143.226211] Call Trace: [ 2143.226626] dump_stack+0x107/0x167 [ 2143.227179] should_fail.cold+0x5/0xa [ 2143.227758] ? create_object.isra.0+0x3a/0xa20 [ 2143.228444] should_failslab+0x5/0x20 [ 2143.229037] kmem_cache_alloc+0x5b/0x310 [ 2143.229696] create_object.isra.0+0x3a/0xa20 [ 2143.230398] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2143.231152] kmem_cache_alloc_node+0x169/0x330 [ 2143.231837] __alloc_skb+0x6d/0x5b0 [ 2143.232387] netlink_dump+0x735/0x1050 [ 2143.232974] ? netlink_deliver_tap+0xcc0/0xcc0 [ 2143.233705] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2143.234444] ? security_capable+0x95/0xc0 [ 2143.235059] __netlink_dump_start+0x649/0x900 [ 2143.235720] ? xfrm_compile_policy+0x610/0x610 [ 2143.236387] xfrm_user_rcv_msg+0x6b6/0x830 [ 2143.237027] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2143.237820] ? xfrm_compile_policy+0x610/0x610 [ 2143.238504] ? xfrm_dump_policy_start+0x20/0x20 [ 2143.239209] ? lock_acquire+0x197/0x470 [ 2143.239804] ? xfrm_netlink_rcv+0x5c/0x90 [ 2143.240430] ? lock_release+0x680/0x680 [ 2143.241026] ? perf_trace_lock+0xac/0x490 [ 2143.241690] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2143.242462] ? SOFTIRQ_verbose+0x10/0x10 [ 2143.243061] ? __lockdep_reset_lock+0x180/0x180 [ 2143.243759] ? __mutex_lock+0x4fe/0x10b0 [ 2143.244368] ? __lockdep_reset_lock+0x180/0x180 [ 2143.245079] netlink_rcv_skb+0x14b/0x430 [ 2143.245714] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2143.246450] ? netlink_ack+0xab0/0xab0 [ 2143.247039] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2143.247702] xfrm_netlink_rcv+0x6b/0x90 [ 2143.248290] netlink_unicast+0x549/0x7f0 [ 2143.248883] ? netlink_attachskb+0x870/0x870 [ 2143.249593] netlink_sendmsg+0x90f/0xdf0 [ 2143.250207] ? netlink_unicast+0x7f0/0x7f0 [ 2143.250835] ? netlink_unicast+0x7f0/0x7f0 [ 2143.251467] __sock_sendmsg+0x154/0x190 [ 2143.252042] ____sys_sendmsg+0x70d/0x870 [ 2143.252656] ? sock_write_iter+0x3d0/0x3d0 [ 2143.253314] ? do_recvmmsg+0x6d0/0x6d0 [ 2143.253905] ? perf_trace_lock+0xac/0x490 [ 2143.254517] ? __lockdep_reset_lock+0x180/0x180 [ 2143.255208] ? perf_trace_lock+0xac/0x490 [ 2143.255811] ? SOFTIRQ_verbose+0x10/0x10 [ 2143.256423] ___sys_sendmsg+0xf3/0x170 [ 2143.256993] ? sendmsg_copy_msghdr+0x160/0x160 [ 2143.257708] ? lock_downgrade+0x6d0/0x6d0 [ 2143.258350] ? find_held_lock+0x2c/0x110 [ 2143.258958] ? __fget_files+0x296/0x4c0 [ 2143.259564] ? __fget_light+0xea/0x290 [ 2143.260143] __sys_sendmsg+0xe5/0x1b0 [ 2143.260711] ? __sys_sendmsg_sock+0x40/0x40 [ 2143.261384] ? rcu_read_lock_any_held+0x75/0xa0 [ 2143.262082] ? __traceiter_irq_enable+0xc0/0xc0 [ 2143.262770] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2143.263538] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2143.264276] ? trace_hardirqs_on+0x5b/0x180 [ 2143.264920] do_syscall_64+0x33/0x40 [ 2143.265510] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2143.266291] RIP: 0033:0x7f28e3e30b19 [ 2143.266833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.269595] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2143.270706] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2143.271731] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2143.272755] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2143.273840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2143.274868] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2143.297423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2143.298578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2143.300385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2143.300635] EXT4-fs (loop6): invalid first ino: 0 [ 2143.327419] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2143.328860] EXT4-fs (loop4): group descriptors corrupted! [ 2143.346895] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:14:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32], 0x38}}], 0x1, 0x0) 01:14:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xf4010000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:14:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f0000000000000000010000", 0x4f, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2143.413334] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2143.414565] EXT4-fs (loop4): group descriptors corrupted! 01:14:51 executing program 7: r0 = inotify_init1(0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) syz_io_uring_setup(0x42c9, &(0x7f0000000080)={0x0, 0xb5c0, 0x4, 0x2, 0x363, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140)) r2 = inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x2000003) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r4, r3) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = dup2(r6, r5) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r8, r7, 0x0, 0x7ffffff9) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000180)={0x0, r7, 0x101, 0x9, 0xffff, 0x6}) inotify_rm_watch(r0, r2) 01:14:51 executing program 1: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x400) socketpair(0x18, 0x800, 0x20, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$hidraw(&(0x7f0000000240), 0x40, 0x100) vmsplice(r2, &(0x7f0000000340)=[{&(0x7f0000000280)="91065f85779595b925fca3944db1ebbc4f7f98242d2e442583563c8cd7b871c63a70ea941cf8c2c5a372fdbf72c79bcd4e479cece0f6bde04e170e34af6e3ac1c360e0f2842d62e7a2070ecb8e9f1fdae8be252b0bff58309424889900e4afa828edc9d53ffd277c4292aafeb3226fdcb1", 0x71}, {&(0x7f0000000300)="87a08415958cf8610a09a29246ef29ff29ed", 0x12}], 0x2, 0xe) ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000040)={0x0, 0x3ff, [0x575, 0x10000, 0x68, 0x2, 0x8, 0x8]}) r3 = socket$inet(0xa, 0x3, 0xff) sendto(r3, 0x0, 0x0, 0x88fe, &(0x7f0000000140)=@nl=@unspec={0x0, 0xff00, 0x0, 0x80fe}, 0x80) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) sendmsg$NFNL_MSG_COMPAT_GET(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, 0x0, 0xb, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_COMPAT_TYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x800) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x2000, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000540)=[{&(0x7f00000003c0)=""/132, 0x84}, {&(0x7f0000000480)=""/178, 0xb2}], 0x2) [ 2143.452190] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:14:51 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff7f, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:14:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 10) [ 2143.561141] EXT4-fs (loop6): invalid first ino: 0 01:14:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2143.666950] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2143.668429] EXT4-fs (loop4): group descriptors corrupted! [ 2143.692199] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2143.693548] EXT4-fs (loop4): group descriptors corrupted! [ 2143.710674] FAULT_INJECTION: forcing a failure. [ 2143.710674] name failslab, interval 1, probability 0, space 0, times 0 [ 2143.713208] CPU: 0 PID: 11047 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2143.714530] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2143.715965] Call Trace: [ 2143.716449] dump_stack+0x107/0x167 [ 2143.717111] should_fail.cold+0x5/0xa [ 2143.717820] should_failslab+0x5/0x20 [ 2143.718503] __kmalloc_node_track_caller+0x74/0x3b0 [ 2143.719382] ? netlink_dump+0x735/0x1050 [ 2143.720111] __alloc_skb+0xb1/0x5b0 [ 2143.720759] netlink_dump+0x735/0x1050 [ 2143.721456] ? netlink_deliver_tap+0xcc0/0xcc0 [ 2143.722287] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2143.723156] ? security_capable+0x95/0xc0 [ 2143.723894] __netlink_dump_start+0x649/0x900 [ 2143.724692] ? xfrm_compile_policy+0x610/0x610 [ 2143.725489] xfrm_user_rcv_msg+0x6b6/0x830 [ 2143.726265] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2143.727137] ? xfrm_compile_policy+0x610/0x610 [ 2143.727935] ? xfrm_dump_policy_start+0x20/0x20 [ 2143.728766] ? lock_acquire+0x197/0x470 [ 2143.729462] ? xfrm_netlink_rcv+0x5c/0x90 [ 2143.730225] ? lock_release+0x680/0x680 [ 2143.730922] ? perf_trace_lock+0xac/0x490 [ 2143.731659] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2143.732574] ? SOFTIRQ_verbose+0x10/0x10 [ 2143.733288] ? __lockdep_reset_lock+0x180/0x180 [ 2143.734146] ? __mutex_lock+0x4fe/0x10b0 [ 2143.734870] ? __lockdep_reset_lock+0x180/0x180 [ 2143.735694] netlink_rcv_skb+0x14b/0x430 [ 2143.736410] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2143.737286] ? netlink_ack+0xab0/0xab0 [ 2143.738012] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2143.739005] xfrm_netlink_rcv+0x6b/0x90 [ 2143.739760] netlink_unicast+0x549/0x7f0 [ 2143.740641] ? netlink_attachskb+0x870/0x870 [ 2143.741499] netlink_sendmsg+0x90f/0xdf0 [ 2143.742398] ? netlink_unicast+0x7f0/0x7f0 [ 2143.743212] ? netlink_unicast+0x7f0/0x7f0 [ 2143.744124] __sock_sendmsg+0x154/0x190 [ 2143.744829] ____sys_sendmsg+0x70d/0x870 [ 2143.745699] ? sock_write_iter+0x3d0/0x3d0 [ 2143.746495] ? do_recvmmsg+0x6d0/0x6d0 [ 2143.747176] ? perf_trace_lock+0xac/0x490 [ 2143.747912] ? __lockdep_reset_lock+0x180/0x180 [ 2143.748719] ? perf_trace_lock+0xac/0x490 [ 2143.749452] ___sys_sendmsg+0xf3/0x170 [ 2143.750159] ? sendmsg_copy_msghdr+0x160/0x160 [ 2143.750962] ? lock_downgrade+0x6d0/0x6d0 [ 2143.751694] ? find_held_lock+0x2c/0x110 [ 2143.752421] ? __fget_files+0x296/0x4c0 [ 2143.753133] ? __fget_light+0xea/0x290 [ 2143.753834] __sys_sendmsg+0xe5/0x1b0 [ 2143.754662] ? __sys_sendmsg_sock+0x40/0x40 [ 2143.755426] ? __traceiter_irq_enable+0xc0/0xc0 [ 2143.756259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2143.757170] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2143.758089] ? trace_hardirqs_on+0x5b/0x180 [ 2143.758847] do_syscall_64+0x33/0x40 [ 2143.759502] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2143.760389] RIP: 0033:0x7f28e3e30b19 [ 2143.761044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.764190] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2143.765509] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2143.766785] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2143.767989] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2143.769256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2143.770558] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 01:15:09 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') pread64(r1, &(0x7f00000001c0)=""/4107, 0x100b, 0x0) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x1) setresuid(0x0, 0x0, 0x0) creat(&(0x7f0000001200)='./file0\x00', 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = dup2(r3, r2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r5, r4, 0x0, 0x7ffffff9) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x8800, &(0x7f0000001300)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@loose}]}}) r6 = syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)=ANY=[@ANYBLOB='journal_async_commit,grpquota,dioread_lock,barrier=0x0800000000000002,init_itable,resuid=', @ANYRESHEX, @ANYBLOB="2c636f6e746578743d73797361646d5f752c6f626a5f747970653d2a2d2f835d2c7569643e", @ANYRESDEC=0x0, @ANYBLOB=',euid:', @ANYRESDEC=0xee00, @ANYBLOB=',\x00']) ftruncate(r6, 0x8) lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000014c0)={0x0, 0xfb, 0xd4, 0x2, 0xc2, "658bdf3609c1135c8004e42caea56bcb", "e90da70bc01afea45afd5601e95c30607900f08cdf1503d2b942e3580633eef16d90824bad3b860b9c5e3b9d61a36c74c0c024314da3d4fafbec57255cd4c9734999255d101812ab7dd02fafde7d779b7a7dd62f3299c24c752715478e959e8d04a5ddadebf5385e375d17103b7c3aa4c000831ec597623b910f4d45bcd6e2325197086c69cf44e712e6707f43d6c87edeea62a5c3390e4abd77bb32cc0ae15f3068c72cd9abb305121ff1e7e34724f13de46b69a589906d0817e35960aad7"}, 0xd4, 0x1) dup2(r0, r1) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) pipe(&(0x7f00000013c0)) 01:15:09 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f0000000000000000010000", 0x4f, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:15:09 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x90, 0x4) kcmp(0xffffffffffffffff, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000001500)={0x0, 0x8000}, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x200880, 0x0) r3 = socket(0x23, 0x800, 0x8) ioctl$LOOP_SET_FD(r2, 0x4c00, r3) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) getsockopt$inet6_tcp_buf(r4, 0x6, 0x1c, &(0x7f0000000180)=""/36, &(0x7f0000000240)=0x24) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r6, r5) pwritev2(r6, &(0x7f00000003c0)=[{&(0x7f0000000300)="b39be4bf02bc5d747201a1d0bdd7d4adbc82cc17ed664d24d838bf32bf5363439330a0f2a8f5ab0350b3af26f2d95e349c8f471eaf4ab8e916ec664cfd4546b7ef796f767aa2b18470835895c73350a729bee50923bcc1df9c9f59eb58f8750809ee2b4ff58f7fd00e8dfae6509966df59d97712f5114b4ac096c2ac495323849fe61519e39ccf37bdb50589638604fb3fa854b493fefaa37507c50a2a9e409a", 0xa0}], 0x1, 0x9, 0x4cbf, 0xa) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x73f}, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x31, &(0x7f0000000540)=[{&(0x7f0000000100)=':\x00', 0xfffffdef}], 0x1}, 0x10044001) 01:15:09 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(0xffffffffffffffff, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:15:09 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff8c, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:09 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 11) 01:15:09 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:15:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xf5ffffff, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2161.498344] FAULT_INJECTION: forcing a failure. [ 2161.498344] name failslab, interval 1, probability 0, space 0, times 0 [ 2161.500317] CPU: 1 PID: 11062 Comm: syz-executor.2 Not tainted 5.10.218 #1 [ 2161.501394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2161.502685] Call Trace: [ 2161.503107] dump_stack+0x107/0x167 [ 2161.503686] should_fail.cold+0x5/0xa [ 2161.504292] ? create_object.isra.0+0x3a/0xa20 [ 2161.505008] should_failslab+0x5/0x20 [ 2161.505606] kmem_cache_alloc+0x5b/0x310 [ 2161.506339] create_object.isra.0+0x3a/0xa20 [ 2161.507033] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2161.507960] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2161.508745] ? netlink_dump+0x735/0x1050 [ 2161.509393] __alloc_skb+0xb1/0x5b0 [ 2161.509983] netlink_dump+0x735/0x1050 [ 2161.510683] ? netlink_deliver_tap+0xcc0/0xcc0 [ 2161.511403] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2161.512296] ? security_capable+0x95/0xc0 [ 2161.512955] __netlink_dump_start+0x649/0x900 [ 2161.513668] ? xfrm_compile_policy+0x610/0x610 [ 2161.514401] xfrm_user_rcv_msg+0x6b6/0x830 [ 2161.515073] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2161.515863] ? xfrm_compile_policy+0x610/0x610 [ 2161.516579] ? xfrm_dump_policy_start+0x20/0x20 [ 2161.517328] ? lock_acquire+0x197/0x470 [ 2161.517955] ? xfrm_netlink_rcv+0x5c/0x90 [ 2161.518622] ? lock_release+0x680/0x680 [ 2161.519249] ? perf_trace_lock+0xac/0x490 [ 2161.519911] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2161.520729] ? SOFTIRQ_verbose+0x10/0x10 [ 2161.521369] ? __lockdep_reset_lock+0x180/0x180 [ 2161.522126] ? __mutex_lock+0x4fe/0x10b0 [ 2161.522762] ? __lockdep_reset_lock+0x180/0x180 [ 2161.523498] netlink_rcv_skb+0x14b/0x430 [ 2161.524140] ? copy_to_user_tmpl.part.0+0x610/0x610 [ 2161.524928] ? netlink_ack+0xab0/0xab0 [ 2161.525559] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2161.526292] xfrm_netlink_rcv+0x6b/0x90 [ 2161.526926] netlink_unicast+0x549/0x7f0 [ 2161.527574] ? netlink_attachskb+0x870/0x870 [ 2161.528284] netlink_sendmsg+0x90f/0xdf0 [ 2161.528936] ? netlink_unicast+0x7f0/0x7f0 [ 2161.529618] ? netlink_unicast+0x7f0/0x7f0 [ 2161.530293] __sock_sendmsg+0x154/0x190 [ 2161.530923] ____sys_sendmsg+0x70d/0x870 [ 2161.531567] ? sock_write_iter+0x3d0/0x3d0 [ 2161.532235] ? do_recvmmsg+0x6d0/0x6d0 [ 2161.532850] ? perf_trace_lock+0xac/0x490 [ 2161.533513] ? __lockdep_reset_lock+0x180/0x180 [ 2161.534246] ? perf_trace_lock+0xac/0x490 [ 2161.534900] ? SOFTIRQ_verbose+0x10/0x10 [ 2161.535545] ___sys_sendmsg+0xf3/0x170 [ 2161.536161] ? sendmsg_copy_msghdr+0x160/0x160 [ 2161.536889] ? lock_downgrade+0x6d0/0x6d0 [ 2161.537551] ? find_held_lock+0x2c/0x110 [ 2161.538214] ? __fget_files+0x296/0x4c0 [ 2161.538861] ? __fget_light+0xea/0x290 [ 2161.539491] __sys_sendmsg+0xe5/0x1b0 [ 2161.540092] ? __sys_sendmsg_sock+0x40/0x40 [ 2161.540769] ? rcu_read_lock_any_held+0x75/0xa0 [ 2161.541504] ? __traceiter_irq_enable+0xc0/0xc0 [ 2161.542265] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2161.543085] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2161.543892] ? trace_hardirqs_on+0x5b/0x180 [ 2161.544573] do_syscall_64+0x33/0x40 [ 2161.545165] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2161.545968] RIP: 0033:0x7f28e3e30b19 [ 2161.546566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2161.549414] RSP: 002b:00007f28e13a6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2161.550600] RAX: ffffffffffffffda RBX: 00007f28e3f43f60 RCX: 00007f28e3e30b19 [ 2161.551715] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2161.552822] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2161.553935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2161.555052] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2161.556541] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:15:09 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2161.580011] EXT4-fs (loop6): invalid first ino: 0 01:15:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfc000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:15:09 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) (fail_nth: 12) [ 2161.702016] 9pnet: Insufficient options for proto=fd 01:15:09 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2161.743023] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2161.744516] EXT4-fs (loop4): group descriptors corrupted! 01:15:09 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d", 0x55, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2161.803247] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2161.804134] EXT4-fs (loop4): group descriptors corrupted! [ 2161.814259] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2161.816745] FAULT_INJECTION: forcing a failure. [ 2161.816745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2161.818927] CPU: 1 PID: 11086 Comm: syz-executor.2 Not tainted 5.10.218 #1 01:15:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfe800000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2161.819996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2161.821398] Call Trace: [ 2161.821833] dump_stack+0x107/0x167 [ 2161.822416] should_fail.cold+0x5/0xa [ 2161.823041] _copy_to_user+0x2e/0x180 [ 2161.823666] simple_read_from_buffer+0xcc/0x160 [ 2161.824420] proc_fail_nth_read+0x198/0x230 [ 2161.825114] ? proc_sessionid_read+0x230/0x230 [ 2161.825847] ? security_file_permission+0x24e/0x570 [ 2161.826654] ? perf_trace_initcall_start+0xf1/0x380 [ 2161.827464] ? proc_sessionid_read+0x230/0x230 [ 2161.828195] vfs_read+0x228/0x580 [ 2161.828763] ksys_read+0x12d/0x260 [ 2161.829335] ? vfs_write+0xa70/0xa70 [ 2161.829942] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2161.830786] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2161.831701] do_syscall_64+0x33/0x40 [ 2161.832327] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2161.833144] RIP: 0033:0x7f28e3de369c [ 2161.833741] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2161.836895] RSP: 002b:00007f28e13a6170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2161.838115] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f28e3de369c [ 2161.839246] RDX: 000000000000000f RSI: 00007f28e13a61e0 RDI: 0000000000000004 [ 2161.840378] RBP: 00007f28e13a61d0 R08: 0000000000000000 R09: 0000000000000000 01:15:10 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff97, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2161.841511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2161.842734] R13: 00007ffe9ff904bf R14: 00007f28e13a6300 R15: 0000000000022000 [ 2161.956431] EXT4-fs (loop6): unsupported inode size: 0 [ 2161.957483] EXT4-fs (loop6): blocksize: 2048 [ 2162.153453] 9pnet: Insufficient options for proto=fd 01:15:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:15:27 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfec00000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:15:27 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) ioctl$DVD_AUTH(0xffffffffffffffff, 0x5390, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000580)=0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) getsockopt$inet6_tcp_int(r3, 0x6, 0x10, &(0x7f0000000040), &(0x7f00000000c0)=0x4) fcntl$setstatus(r1, 0x4, 0x2000) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e20, @private=0xa010101}}, 0x0, 0x0, 0x3, 0x0, "d1e3092eb94018fff573e4cfd2821799ea8563bd475102d18fe15fe2967de5e944721a6b45d580e0fcbc9405653f2d27857f300011e33cd1799fbb2952bb6f8fdd3d3fb79348bd9e7f136d4c15eea87a"}, 0xffffffc3) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty, 0x40}, 0x1c) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x48042) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}}, 0x0, 0x0, 0x0, 0x0, "d1e3092eb94018fff573e4cfd2821799ea8563bd475102d18fe15fe2967de5e944721a6b45d580e0fcbc9405653f2d27857f300011e33cd1799fbb2952bb6f8fdd3d3fb79348bd9e7f136d4c15eea87a"}, 0x10d) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000380)=ANY=[@ANYBLOB="1caa111fd2242a01b371d12bedde1d478391a8a5f149fb6186475193147cfab004544bffd580d23452ff0100006f8d8dc52af209a2819a1545068336b6f91cd6bfc748882fb9aa7e57e916e8b010d0c1a20e5ac8884428cb85b3ec10c92a8e8241181d4994e0bd9e520cc28d921a11f168a928a2f927bf78b1f801661e1bc95c9eed81f7d28abb2f340bba96b6db88c82a7a6640677304ac3a2962b22bef221f0ffbf2456bf242e8b3482fec3238472dd102e015bdb3f49a67558ce8eaf24038ee5aa78fe8b5b9441bb7af40138bca69e102622fd7e691cba57613346074d25d8a8f4892d498ac03fd067c932d853165fe06cc7acd08809e9613d7b96b3bf4fc8e00000000000000", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$LOOP_SET_FD(r4, 0x4c00, r0) clone3(&(0x7f0000000140)={0x11060900, 0x0, 0x0, 0x0, {0x2}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000200)) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 01:15:27 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(0xffffffffffffffff, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:15:27 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d", 0x55, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:15:27 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:27 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb8151cfa9b920890, @perf_config_ext, 0x0, 0xffffffff7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fchmod(0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c53b74be1cc06a8682449c1823", 0x12}, {0x0}], 0x2}, 0x0, 0x4000000}, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)='pids.max\x00', 0x2, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x6000, @fd=r4, 0x8, 0x8, 0x1, 0x0, 0x0, {0x1, r5}}, 0x101) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1000}}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 01:15:27 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2179.327090] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2179.355429] EXT4-fs (loop6): unsupported inode size: 0 [ 2179.356182] EXT4-fs (loop6): blocksize: 2048 [ 2179.393052] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2179.394490] EXT4-fs (loop4): group descriptors corrupted! 01:15:27 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:15:27 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xff000000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:15:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:15:27 executing program 1: syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x5e, 0x0, 0xe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}, 0x0, 0x0, 0x7cb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x1, 0x0) faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x4840, 0x2d) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendfile(r1, r0, 0x0, 0x100000001) 01:15:27 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d", 0x55, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:15:27 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffb, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:27 executing program 7: ftruncate(0xffffffffffffffff, 0x0) open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) lstat(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=@sha1={0x1, "e8d5f13006fecffff8d402b3a3f8acc7d2fa74d0"}, 0x15, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00da001d00210c0000090000000009000000000000000000100000"], 0x1c}}, 0x0) 01:15:27 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01", @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2179.620422] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2179.659186] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2179.672979] EXT4-fs (loop6): unsupported inode size: 0 [ 2179.673892] EXT4-fs (loop6): blocksize: 2048 01:15:27 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d000000", 0x58, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:15:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:15:27 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xff0f0000, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2179.812627] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2179.821665] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2179.871240] EXT4-fs (loop6): unsupported inode size: 0 [ 2179.872431] EXT4-fs (loop6): blocksize: 2048 01:15:28 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:15:28 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:15:28 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffd, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:28 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000340)={0xa9c2, 0x81, 0x0, {0x0, 0x6f5}, 0xcca7, 0x9}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000240)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000100)={0x8000, 0x40, 0xed9, {0x4, 0x5}, 0x2, 0xeb9e}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000080)={0x10001, 0x2, {0x0, 0x3, 0xfffffff8, 0x2, 0x59e}}) openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) unshare(0x48020200) 01:15:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xffffff7f, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:15:28 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:15:28 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d000000", 0x58, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2180.194862] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2180.195722] EXT4-fs (loop4): group descriptors corrupted! [ 2180.199038] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2180.231224] EXT4-fs (loop6): unsupported inode size: 0 [ 2180.231820] EXT4-fs (loop6): blocksize: 2048 [ 2180.234435] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:15:28 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:49 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:15:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xffffff91, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:15:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:15:49 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d000000", 0x58, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:15:49 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000000040)) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) r1 = syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x3, 0x2, &(0x7f0000000540)=[{&(0x7f0000000340)="9c0784415f1a3adc3074a21282997bae8e384767a2f2a5f937582f3874598ab735ba6be04d0a6eeefd0bc0fa668be84b6dcea88848f1d96057841f8f95814d8903db0a6092744e4c83394a50937b3ff34109c66767125dcd914ac6373acb3774af2cbad9c72246595e810497121b1a6bde33a9e2225a7f235b42c10b0af739d83680764c10c29d3759a9231dba2870dd5d12acec19734e239314253d2d4c6471561bc32616a7a613f7d3ab9e80cfb2fecff9d0787ae21c94ec65977a41d409590c87e1ac794f343f8ccf8cac68bddbbfd8b72c12d1f929f26aa3e621e6d8bcc4c23eef43", 0xe4, 0x101}, {&(0x7f00000004c0)="211b57cb360d03331eb2f3cae6d6a40380fb904a4b8de37911ea3a5386137fb47285ccf3c2e7da55dce1b17a87add90a7c600d8e941cf95eadc621f8846f39ca5bbaf9f7408103536cb417ff4f93325c67d1c8893916f4", 0x57, 0x3}], 0x84040, &(0x7f0000001640)=ANY=[@ANYBLOB="636865636b3d72656c617865642c63727566742c636865636b3d72656c617865642c7362736563746f723d3078303030303030303030303030303030342c6e6f636f6d70726573732c63727566742c646d6f64653d30781b3030303030303030303030303030382c6673636f6e746578743d726f6f742c7375626a5f736f6c653d65787434002c6673757569643d04333765620030332d663338331e66322d63536534233763652c7365636c6162656c2c000000f66c89b9fd3933657c54e17d079a872ba7ddef8d0dd81a7c8b5019d3f42d4c34cb0004000093056c163f5179dbfc6d606c1d0a4dc7ca8322035c993d2ace1a786b7224078f4540df446d68d02490af59de7233374003522d8b6d3ce53b60fc24ff59c5d1cc99400c95f8885a48b2d27dfeb0b6abe6a160cd530cf3b4ebb90f92c9e73d24216ecb308bff6a"]) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000640)={{r1}, "5e82db1703fdff98e749154efca6e9b23fcc68dc994efba3759695a500a4f098ea311dd26b786817c6ac88c21c24180604ca30dabba20296cc3d8896e03cdf9146511e2dc799ebea90a189f3997e9f43b5658e86c447cfa1c43697b0e8ed75bd527648aa69ff414548ed48843593ae8283cbf97695b180d67022a96857ccf3772b37483a05369e201c93001f61a4b05b07c386b0a1a2036411c182d68b92e3e73f9ec7ad509c8eeca8fb2afc35acf91ad1faa35f0b871da07da1af9051322c2bf5961b59ed14707c7050f930b99d0b104ba887ae60ab653880ac29c99a326623587bdb5dd4c146bb1e4cc5893accc423938435c6f08ae9870068a8754549fe2c85163e0cca7c7a5f5a7f95628ec4e1cbb3a9cd69fa7d0eead33ad028cdb0196e7e338f50b7ef2bdd55f01d437f0b2150a578c53acbc9252e39be30f8fce780d200fb0ab1de0e0eb7aecc8d1bc83ca4b05ad08b3421600a1eadd2d23985e9d9d0a50dbc7e672ee034c1c824ba07042a19a2de7a1e20daccb775dcd1f843b1e043f8f2a64e6dbd90c05446077ebb00c8d7c6b07599341666e825ef9de93d57cf120e83273b0bf31ab6c27859ddd00af11926239f5fdc3718eaea66f983df81bb15e78db68dbd9b9de1c7e0616968aef1844086ba2e9d8e0ca93bcda693e9dccc971586fd18ef2785ce12331b01831194a7d859df5e777345aed2f5444436f02b67ab2f68a63ceaf49363e61b59d2be41c64d0e8bd89a2958ddf3f3bff29995b77dcb805dfe7fffbe2e44102899d2144abc93aef57f9d491a0dfff809032ee6dbe3477c261c48352c69d3cbcb06d50c15cbdaffc2530d8b76c4653bb64e7d995f033236e88f3221f8f168c220cfe06e9b199d0eea55cd63d256ca576d255ef79c154abfb1e69688f29364fd9eed1c5cb7e40d28cc62f06f545dfedcdce8bb9a910f28e5dd3d332000f689aee33667dd9b85779c0aec83db94dfed5a2941cb46c844906fce095f1e7c60d732eb2f178d043ee0e0044b3f3e720d037148b9365c261dbc88c1c0643cae293c3cec08379a37d35b9b369fbaf28c97909509a69367f9d345a0062ffb055fedaafdf279f12f0afd614e8e732d5a8b713413766d8cffe9375d686879ec0ba6c82eec24788fa5a50225522ebea9e4383edb6ed9c2cc3837a3376e0cca41e3053959c58143cff20a6f677c4317a731bd2dd17b411050d3389ae1190b8ccf88ead143fb9d45125e6512ac009fe30d410ccc2b39ebed80f9dd1a4c2c5ea144f8412747e89aed308047428e10f97dafbcb62b5295f59bd59d2fb8df18daab71ff27022a8bf8a4255f4bece0b41aff9d3d3fadc85ce8682041ad4092341a721a640f56a812143046f55f6a220a8deee42cd5f13ca82a2fe0f7d0fc30872f7109cfffc6530bf004b9fe34edcd3222f5d6ca24d319d9252a6006ad465782d74292d5a94e10e973dab185801ff7e500e36613f04954a380d1fbad44f28b17db4c0fca3b5252957ddf1c7d832abd17960607f9b4e196d47f0e545c3dba88236b1ee52fb34b71f66f5dd460e010fc16cd833d8692d82f9d0ab833fb59b69ecf237f019bc42113edd514ce919986a96df1a6b62766ddc403ed37dacadc30930afe1ee3cb6f51dc54d2bd02cab571c841acfbeb5f05411f50ebc8d30c638ebfb42c41b2dc2689f61d9bcaa8ea6809b7a26be736e7c38d3ee0d9763d84627d22c8434c21952fa770e92bc8d7bb5a4b4f7d89e7d6ecbbdaae15377327e30baa2ad4f02476d6c03aefdb96468b98dcde25fde91fe15d2dfda22ff3ab9e4b0e5dd2ab6f5615d7c0ae82fc0f8d07fb8b25e3626e5b1d27b596a9392b3f217ac9118ec5ef6001e373c77b40d3985fffec25d28f631b8a81d83ec49a4eb33c429b40b37ed7fb42b522f11d83dcb7a88c309856bfc2261071c743e17b9d03c4cd3425b10346c8899c743cd52117fce73ef8bb042d4350da8c0cf9348a5b6113b8c8f6ee11e7ddb25cef94cae97b7ddc7fcc0283c2c9a8031b094bbfb6179ef63a6deddfd50beddff1995f07a193bbbbde7bca0b02cbd3737009f804382dec9ee0844a22c32e3a6f21b90788db25ecd5a2970f7dc1ab508d2d615be15bd7abc1b5d5a678ad1fcee0171402c2490268f46f2599ba2351a0e12c0112cfe5776be4ba51bcf7ffa95b1f086057889bd4180be937ee11ecaa0c935585890a6a652fceb53c1e59fdd588bf2d7e5da8bd6a713580e4ec1c1cb3d38dd7d5b070a66fb49030fc1dac01016cea89472b49b49e08b2702f6972d574aec567893cca43ad3dbd55d2871a2d0255fcb9c0d72c54554e8845ed2b0bb1e6addb79e6c9e056f312a92c3084d3e079531b15df5f8eb26978df97e2860e8418eed7663e85684af7d0d919395525efe0aed8b6677b412f13ebffd64b6a04ac59487472c9c8fc1159c7b615941a9a2f82cd6f38911de5d94cfc7d38672db7146ae461d6fe7d0a7513ffb6b1d32a1a7cdf8f1bfd7f3eafb418da7677269ee824a90a2ee6593352ae12d67558fee44de765037d07b6f82f6bb01f564cc4085e62e7e043e2959e386211119c6e6759b75438cba2c2fdf57236323ceb29018b9ce3e5ab757a082c73e0319155402a0fc00d402aaa4d11c48c06edfb4c6c0e211a9621e3ca1887ea5b3c603d54c1cd0214e22b8a8586150b38dad0b538497ab6ea8988207db2506911589376c851567cf1fa12e8904f416209b4ee52129552021436fb03d4f453a4f9dd65a5bb7ad79505e67f5aa4fa575b084501a05c0ab28f15e815f020a0f948f6de32d8b933fcfc6d4a75e2e5e9af9eea140d4105afd09947de805c597c32c6a7413b5fb4462e553f9ff21c40516ac86785f3f07e83b356ece325e3ab25483ff4c6530e14e3640674f31188fcc74560d4e669cdb4f02309e718bbd97487ffbb305d574e00da96e7cc8c9d5701fce91e7a5d4ee6b4347de51b63a5c6f9041dde5049e1f4f2c1d07939bbb1c6c3897dca76764925017bd9e53211ae2256ab5fe0aa0372d1b59e280521c4f140ec2a6f0f862f556b278bb0dfeebfefbfdf0a0f1f769e0a9f6b7568d4b3bf11484efb10f9277bcac9f7ad3e7298a5ce9fbf6500b10879687e820eb2ff0416a3e68d1c1f9d5898e61816ebe34a6b799445c22e36229fb682bff62f91ccbd183e12aae177269d4c2dbb1ea65e07ae54f7505ccbb28ff4dd27b76e3533a47ac0319b7239dbc17810b91af697cc3dda588dc9837fd6d3125f56cd0ab8d9d945cc92fe9912a08a6f08b252e4604e68b2cd3c86fac59042722eae1fe2490abd3969e52a1206a4e5957d59d48667084efb3670fe2dff7af4948d5d0598875e9862faf2c1c37943cd926924586c1860b89ee2c6dfac1dbdd079884dbe7dff5f26cc98152b290da48f4b5a22c91d7aa6866808a4352382c9a7729841f2d98fe56733278a9182dcff8256a8dbf5c86c0104b7996b87c2562883da590d1f0922bdfe7fd9cf78ecd12a8cb8f574b5eb9130cd9525f96dfe14077adab8d63ad9e4edf82c97031acbd73a6ffd6f6cbb0971e57c554539bbc4fa4a897f31c3f60d74225002c03d889f9e2ebc44e32f394dc03847db76c40690c5ddd59edeb67594cd2dd1235ab332c4dbdadf1814ffb2d7bc48efc25bbdb29e935b9769a2e16b85e05dbcb327b0216fa9637a56806fb3cfb3e2529cb9c63fa644cc4b26d0dc0d1bb5bc48edee53b14f97c8e17a877edc884bdd4b7b88de9de70cb83894e577393cd11ed4acaf6bc2a7f27d91b7e25502afa009473f877289b229c8d5eca3a923a4b4617312055fa5310da04305c17ff526577400cad9ee8496a0ba50cc379dcdb798e53bc0685f2f1040219efa237e0e9ae207f0102dfb26244bb1d5902bc62a53139651918766e6986e248eaa2f24fec589c3dcb71c56e324dbf7b00e070fd7317145993c678d87b7d4f4720449fabaa44be7bbf5d060fceea0503636ac62b24700bf3c5e7e5c5223af63366d84f7cc607818984ab79f7560fbfd7a959bd3f6e269890507006d689315baf8e4965dff12e4e80c10aa780ced223958577d37dde902575c13ce5538788105455ce0ead2a5e7f297a17bb8d630266adb40d0558894622523180d8677b08896274046375c998a3ad1a1e83666873734efc06502374bb95e42b024b2848f570e5d524678308aac035daa83038da5ab0135d162c6177c85efd7fbbd9ab1fed96d4db9f09009e61750831e86480c4ccd109a2647e2fc0dfa08d48825592533c8dbfd2fb3f4e4a4fa9afe5a36bc8a6861159626eb22fd8dabf1f70342aed8bf245d4d58e9fdd7443276fc33a7ef50dde058cecb116903dd614a6794c4494cce182c082cab624d4378cd556257ec5b672b2a3def44bed1b04d70452f4ed16b4d9a6bfae90257dc67c7e5de4a41bc3163de9f392aa78d6a733534ebcd4d3218ab1bde7e3b87b7849e214a32d2d7d4e5fe5656a42412557fa0d2b815f154ad7cb10b0583ef40822c44dd51e77ed5c0240b0b1fffc922b2bd3df746edf9510aa510ebb28b6f2f19d1eb2d0cfafb766359c95ca3352d2f5393e647f5f14bfd3453246d8c7bbd4f3f4f625ad06b5fd95a82beb71101323129ccda04ecfd338948effeca5fc77d7c49929d1741475cfaaf0c4efc9ec7a1d9d69899066dad04badbee9709a41b57a5e0485402abbcd0f2c744787a742985f5b7b4702a6e366592d7ff90ff7e52f24a2003e5e5515a9590ea6d9880eebc34f2d5b561dac95fddc93d84c98bb9d46d1342845b732a28618632f647454a7902f8d9884eac602146d8c873065751a383256232b65bf02abc2d4a20b8fb52152a9d3afe845d5ea8b12f2af895618dc4291bdfb5f7b86a03cd91c90e77ae859b1fc3366495cde259e8eb3e543ac60403962721c5a126035798725ef8c74a430a09a70d02d4428a1fc850afdcdbcea1ff161802f97ad8de966c03d3657a8f49cd4b12d7d3b1887de878e5510b0a54df52486a8dc35614d68de66af0d02733ba1f2c7fb4954cfb59f26c0e7f3f635d59f10d190960459c63183008478099993f767d1ebc5dcd44d9a6796ba3c51ee6c72e1a16ff9dccc0ae8cbcae9f23cda199a59ad4462efeeeb9da7feeb51e36737e1e7029d77aaffbd924959a53a6e5df22e0c09011cf2f4c6a2e6a0f5ef11aa492a362ffd01ebbc4a994c93528a6535e251db5ec28409300c285ee057a1939e5047ec08ceb7d7752b3c1009d8a9123bf9f7c09e7ec900368fe9a529efc17a8e2a96f9e76a09d2c7bac2d9aa41da132d9002eab239295fad611d0a5ca8a0914a6c87f92c02cab241f745df69d36ad333172c5126b97a2cb33eecfeb1a8084708013380dce3f1cb1036ffcbe390a5c162954a974fb27cbba9d01d0dff00f00bbd9bf2a4f45519fc358f65569d067489b0692872061acefa73b8dae15655b6cee2514fcc5bc6d1fb89eaf397fd4ed627c30e7f95f43e2d9a2b9bee215059e9eee2c681621e467e345403615d52ffb041ad43b1ff746c170801da9ddde7188ebb08afb7a85a1d866d2db083b203154d76c8fce189919b4404829fb0e27a035b9a5d2b01767d5f00e25e55a5715d972139927a2387196424c5840b2908a3e21541ddd940d8f4b6c47032e905f208494435cf35bab6878ffee4a8d9df305631823f9847d83530e5648f0ea00cdfef0eb430566bbf31dccbfb00882c7258c2196cb0ec0f69ce1f1218e5b3537bb60b429f733f61c32fc4333d4e9935c58e7fc8d45221a2debd095c0c8f1bdf499423ee9d74affe3c8"}) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = dup2(r3, r2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r5, r4, 0x0, 0x7ffffff9) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000002200)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000001e00)={r6, 0x7ff, 0x1ff}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000100)='.\x00', 0x0, 0x0, &(0x7f0000000580), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="64696f72656164f198e037409744bdb8a5e1bd0e18e90c54de279500"]) 01:15:49 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xedc000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:15:49 executing program 7: socket$inet_udp(0x2, 0x2, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x5) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x383303, 0x106) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, r0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xa, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, r3, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000007780)={0x0, 0x0, 0x0}, 0x0) 01:15:49 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) [ 2201.664381] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2201.676153] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2201.707922] EXT4-fs (loop6): unsupported inode size: 0 [ 2201.708899] EXT4-fs (loop6): blocksize: 2048 01:15:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:15:49 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d00000000", 0x59, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2201.763697] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2201.765258] EXT4-fs (loop4): group descriptors corrupted! 01:15:50 executing program 7: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8}, 0x11010, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0x0, 0x3) r0 = pkey_alloc(0x0, 0x1) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000200)=0x33e0, 0x4) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x2, &(0x7f0000ffc000/0x4000)=nil) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, &(0x7f00000001c0)=0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="800000002000210c00100000fdd1df25020000006200968008005c000500000039c2762ff9ba46040893b659739bb5f96c60227a0b25e7c17b70044109bafde0897a78eb44338cbef63dc05050f0f35fc2e0bb0800000000000000cc7191a1cd49de05002c00000000000c00ff00cc99000000000000000008000f00ac1414aa"], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x20004004) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f0000000040)=0x81, 0x4) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x8, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, r0) sendfile(r2, r1, 0x0, 0x9bbb) 01:15:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0xfffffff5, @loopback}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2201.855027] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2201.856618] EXT4-fs (loop4): group descriptors corrupted! [ 2202.082364] EXT4-fs (loop6): unsupported inode size: 0 [ 2202.083472] EXT4-fs (loop6): blocksize: 2048 01:16:08 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:16:08 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:16:08 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000001a00)="030000000400000005000000d4000f1c833f54cfc1060625f163cb9dd0e9a7f376a124e51a969610d844233d042aaefadc5aa119548d00009e63b3279b3a6c1058928611465093435de37e1f0382257565f90e393779f14904c7f2d1c88cd072c4d7a71c4ce52e02e65b5f2e4597e5096ff70c63c9852fc3b5da1214437d4108c4303abbbb06136e249333f7d7c10cc8170ed7287d871eaf9cd9cba5d9cb7684cdffd296305c48d96e245144939237d56f77cac8170c399ee9de92604bdc083f743220f3f7a4", 0xc6, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0x40}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000001340)='./file1\x00', 0x8, 0x2, &(0x7f0000001840)=[{&(0x7f0000001740)="627b6243f730f5dde21218431700a82d66be24f3488db08b34a9fad011e6ca4d038e1c16eb96e1da725318c3d7ae5807813865d19c28ce82184db59ef878d76fdf4112660644b4af430952d365e5f1727e3101ff0397d11e1e374332e6cdc02f75fc80290f8ac713ae6205439fdc85240613904f9ef1c0cc3c2b45a85221342b0d794fe7f55034119d4d1e128abd1cf05d5a394ad7c49bd890ba6f23bf04dc6a8c4aee3eff080ba163e5ca88fa98ad9b92085a424bd4eb10fd972c35fadc79935516d6491cbb4c5a51c0ecf5ab03f6780600", 0xd2, 0x3}, {&(0x7f00000015c0)="4eb8e571c70d6f099c6ed117f7365a0b67074828367aa6a827ba9636c86cb46e912a304f5f32b3c9df94e14cee7f1600d3e0349368ea307e2f724259e354e01fae8ff59971276fde64a75491b58d3e11cd8a44e58b281cc64ca727dd45e62fc08f5cbed355622b7f441d84011b96719cb58635a9e7b1eecbc079bbf251bee391ddd24d859a4b1b2139988ac0e0f4624e845cb07622cde305fe8f3af5845d934f0a5fabbae4645426e3f6884d01270619230d8e4d81838a8b6ae2633fc75e1b", 0xbf, 0x82b}], 0x2000000, &(0x7f0000001880)=ANY=[@ANYBLOB='usrjquota=,min_batch_time=0x0000000000000007,init_itable=0x00000000000009e7,mblk_io_submit,nodelalloc,norecovery,max_dir_size_kb=0x0000000000000080,uid<', @ANYRESDEC=0xee01, @ANYBLOB="2c730161636b66737472616e736d7574653d5d2c6673757569643d31396435346234612d646235372d316534312d653734612d61323062393361342c6d61736b3d5e4d41595f415050454e44b43d55f3b2d32c61756469742c7375626a5f757365723d212c6673636f6e746578743d756e636f6e66696e65645f752c646f6e745f686173682c736d61636b66737472616e736d7574653d65"]) r1 = openat(r0, &(0x7f0000000080)='./file1\x00', 0x100, 0x5e7270a966ef3db7) creat(&(0x7f0000000280)='./file0/file0/file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x20000, 0x0) mknod$loop(&(0x7f00000002c0)='./file0\x00', 0x20, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001380)) openat(r2, &(0x7f0000000300)='./file0\x00', 0x446c84, 0x4a) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f0000000240)="01", 0x1) openat(0xffffffffffffffff, 0x0, 0x404100, 0x0) write$P9_RREADLINK(r1, &(0x7f0000001b00)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="fe4e6c036a75e557e7058833679325c74cb7acec2defc2021558ebe1b054392accb8e55c8084d90fc20599f6da760f2a5626d44e9a547c3884010000001e88d772c4e7193f3ec42715", @ANYRES64, @ANYRES16=r3, @ANYRESOCT, @ANYRESHEX=r1], 0x10) r4 = openat(0xffffffffffffffff, 0x0, 0x0, 0x120) getdents(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xfef) fstatfs(0xffffffffffffffff, &(0x7f00000000c0)=""/65) sendfile(r1, r2, 0x0, 0x20d315) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000001580)=ANY=[@ANYRESDEC=r4], 0x1c) futimesat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0/file0\x00', &(0x7f00000001c0)={{0x0, 0x2710}, {0x77359400}}) 01:16:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x2}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:16:08 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:16:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:16:08 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d00000000", 0x59, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:16:08 executing program 7: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d2f4655fd2f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33313930313834363600"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000005566cbb705fc4d7ea1c5dfc95b00bfe3010000000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffd2f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000d1f4655fd1f4655fd1f4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000d1f4655fd2f4655fd2f4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000d1f4655fd1f4655fd1f4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000d2f4655fd2f4655fd2f4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f00000000000000000000000000000000000000000000000000000000000000000000000000000027951c99000000000000000000000000000000000000000000000000ed8100001a040000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af30100040000000000000000000000020000002700000000000000000000000000000000000000000000000000000000000000000000000000000077475a5c000000000000000000000000000000000000000000000000ffa1000026000000d2f4655fd2f4655fd2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3331393031383436362f66696c65302f66696c6530000000000000000000000000000000000000000000002247ea9f000000000000000000000000000000000000000000000000ed8100000a000000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000401f9fd3200000000000000000000000000000000000000000000000ed81000028230000d2f4655fd2f4655fd2f4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a0000000000000000000000000000000000000000000000000000000000000000000000000000001dd000b4000000000000000000000000000000000000000000000000ed81000064000000d2f4655fd2f4655fd2f4655f00000000000001000200000000000800010000000af3010004000000000000000000000001000000330000000000000000000000000000000000000000000000000000000000000000000000000000006b8b381d00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800)) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x84c}}, './file0\x00'}) sendfile(r0, r1, &(0x7f0000000080)=0xfffffffffffffffd, 0x80000001) [ 2220.657855] perf: interrupt took too long (12320 > 12281), lowering kernel.perf_event_max_sample_rate to 16000 [ 2220.673743] perf: interrupt took too long (15430 > 15400), lowering kernel.perf_event_max_sample_rate to 12000 [ 2220.695010] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2220.702113] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:16:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2220.765846] EXT4-fs (loop6): unsupported inode size: 0 [ 2220.766928] EXT4-fs (loop6): blocksize: 2048 01:16:08 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) [ 2220.771642] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2220.773393] EXT4-fs (loop4): group descriptors corrupted! 01:16:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:16:09 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:16:09 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d00000000", 0x59, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2220.841128] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2220.842564] EXT4-fs (loop4): group descriptors corrupted! 01:16:09 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$setstatus(r2, 0x4, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000640)) r3 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000600)) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRESOCT=r2, @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf25040000004404004e24000014000300000000000000000000000000000000000c0007003000000004000000080005000400000008000b0e73697000060002005a00000038000280060002004e2100000800090000000000080006f54f00000014000100e000000200000000000000000000000008000900090000001c00038008000300000000000800010001000000080001000200001c08000400200000004c000280080006000300000005000d00010000000800050000001c283171ff89dec201000800070086000000080009007c000000080004000900000006000f0002000078e00006000b58c26e59133e7418440506c3f92bcc7e000a00422ba433acbe55dc2a76e556149d2dbd169af5868df2dce4ac72d3f99a6ee2fdc653e5831ff30561f376901833b8edeeedb47214bfba014e55ea1ea3a5477a2bd8adbfca637b47d085ca6188d90060b9583315289671e54ccc68c660f75810894a"], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x44) sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x118, r3, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3169}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7fff}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x800}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x101}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xef}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x40840}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001280)=@updsa={0x160, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private1}, {@in=@loopback, 0x0, 0x32}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x70, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x120, 0x40, "976ae46d07d1812fd0664e95dee18314b91df2e10ff98153074f6a02e3550c030000001b"}}]}, 0x160}}, 0x0) [ 2220.972703] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2220.979915] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2221.017270] EXT4-fs (loop6): unsupported inode size: 0 [ 2221.018144] EXT4-fs (loop6): blocksize: 2048 01:16:25 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:16:25 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:16:25 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) (fail_nth: 1) socket$inet_icmp(0x2, 0x2, 0x1) 01:16:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:16:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:16:25 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00"/35, @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:16:25 executing program 7: r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000fffffdfd0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017d7a6258ba56c75d1e95a5538c93e59db033c4af0e0faf85460245a626153664a6036ecdfa290eee9866bd122047a2328b14ce99a3cf3f9c2679b8daf9f3ddb73219a2abcecc0c21721e09464a8fab2d8d7"]) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) flock(r4, 0x6) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x4, 0x0, 0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x14e6}, 0x40002, 0x0, 0x0, 0x4, 0x5, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000300)={{}, "12852ee246b149ec4e0bc7bacf27cc444919aed26cef0ed88e61066a2602f8b898227884075400e6ab7a433f83d5130151c8dfae7fda7925d882d1bd49a816dbab08b93bc75cce1eda46d097976f4cc5f7cfe4dd50fbe285d8a564d752c42884c08f575250fcab04f62046484c523856295705a3047913d8c70f81ebe9a44583b3145d4883b5d8f4519f7bd1adba5a5fdf31732e2a606019faeb23344939796b3e16ccb29260de78997bc36cf68b66466bd25729dd0b7cde53f76be436e6bdc3bd6a575438acd24472bd98686376edad168e5c9a521d13390910b5093adc504ab0a0c63a5eda15bb29a3b805a6ddd7090f667725c83dd9bb290c2eabd26ca0a95bcd0770bbaeae50ae9dc5ec60a2db6e7d8ccf0cf11d86ab92e95c9859e57b7d6c77e4e80a4f5de84c49423d82065a91198987d5b28a2cf937a12ad1d16e21eba16e6f570b26c2fca9096f252b4ca6d594817141de6bc9ee612f89425037ee314296f7aaa6aa2eabcc3e3739ba934a7ed2f42651f9a3ad30a26b8bd96cac538d080741fafcfd3f384ed555e4b8690f92714a60526787b61756be8f7012d5fb6684b0176ec30eea403c5dde29a01465404a49f63fa29348bf2b125c5ae83e5c71eca9e1517a03c7a624702069d26e08ad61cbbe1098198eef3dbe0f4ab9b5fab5e80940054a62cfdcf624225fa414fbe9e13f5346fbdf9c289888d6e1b9d0dd2a6af4a58c9a466b8e1f3c394950ab04513e8e70bfbbecd5ca92eb58e5ca96c61817bdf3865fd87851da4bb522903939c2e667168cc4f45499db14e4400f984ebf141fbb324f0b1f79b10c352b870bb5230b5762f57562bdcc7e54e6ecbd0fa2b95ac263b7f3275717f928e958691d7c384bf169649ab482bd0dd2a85e3bb34ce3a04a782da6fa8a58abe6aa0fae7faea555e7b6c1d4762217bb1f929f8dcf45bb9b2a8627ae35a6905d275526df5e9bf336688d6769a594c3e6a13531edc89826d0a19c473c4e973fe0725ba9ac219586c8f24ce5cb8ddb8fb5a65c090e17f1bbc2bf1442c5710ee08eb88fbc041415dae75b376a66ab7ccac819596c991d7f39ffaef1e6a6d95735a35bf4cc6d201649fcc11e82981624be868a216f2f0e6fc1bc95e3a96b8e3148872b54bb5bb743dda6735846a3731282628f55effee084ea63aca27466d9af7e3c931a8b1de6a15e268c45846f28c74986e0b8089827b411f112c71da323b26c694441478f997d1f452ace55d47ad2e90156c1433ee49ae9af2fda73b3f89dce074f102a649545656c28202ab7d2f3c1fad6b77c7dd06b4f13c53ec2e79772cb212a45bdeb33a5d93d0c6c6493782407bfe669a55ece90dd8a2e133312985161011ddaf0c537476a1af6f396ebea7f39aa6b4bc75600ae9d8e09ed49e30ac62a640b8b15721eaa620622117bca7b89649e1e29a192ff7b998bffcafb7950ebb928a743fa80fe5eca83f6ee9479ef99834800b6dd0bca9103f2de13998560bd492fa6f4f4de37bcd18d7aa67bc3fa7d6f0696750e71566d2be7e779a2a9734f08a784eff904faca662ab7f39d53030247061375d35bfb110c52cb19dfcadab7e685bf2909b39c79f3a061d2820a79ed4557c2290bdd56b194dd38b02e2e4dcbad35b779517d77a78051c5bb9e68089178e2ec9020c2b3555985285b6f36d74ca5ce30013e8732f376a775bab324a463f020071703cc8eedff9ca0c45f8cea901e30a93fd3c2db06dbcef392aee894565f34aa7b15a3111ae8b59324999075432b1f557af94704a5048444cac1bf0622824af6ab18e4b8d9468d8d4abfb1700ce68bf34509002df3b101186734a00e14d15a5dd830c319242e6b1f3d2be2102e7af5a3a962ffa0505af53ec3de2761ef72f08baf030cd0f37f90a2bc6bedd1da0b2895537922863054871f51df4d253d182200f088178434c9141c9d9977ab39a5a3fadfe3f471440dcd714eb1f6ef993d71a72f5818225e3589830b3e113bc17570ab7d85c321335708357f54a140d02d3c8aa7783201610a2df33a22781786ce0cfd77ad0664117be6caaccb98fd20d285873899663c44e4896e935ed7d710cd35614fa79c4aad322a6af698d95ed49174f1ec7db75dc5b60ba86746a685625daf44d4e0abe8778711d5bedb6c84373e01d7d1f7cab254b8c9c306b25932d143ad90b4964c89911652f9f2dd38d577cbcdf599a4d8900b7ddf154c79ccf26f15ef344e9d680a843f255eb52815614ad9e5406b0062ad3ede64e287a7e8ee8b547e7ba12221b632f9a2a11e86e77635782a5136e6799d1fbb54511acb3039de65bf65fa7187754eb7bf02b01688112e81a559d8eaad867536ebe00bd411b339c9e3659b0d8fd5f3ecaf2fffce388eabc70ce6b9efdc304d1a3f81d828c7f14977b22c84ab72fc678cc120918e267a5f8de182d1d2a818706447ffaa77a650e4a692ae91eb36df2fe4465bf19ed7c41d688f5e6d2dfd4edf8b6adb9924e6a50c0a48ee4369f55edd167cc647cf4f37fe454a3f6497940042fdb06c45f4b3b929066e0315592abd29fb2e84772b56bc23f24bc493812439892db716597ec8c8f3a8750dc85b7fdf6cd97072c3350d2351a3bf6a4af1af83f339d349f8469e588c692f603ab20408b2c3222fa447ad0a70d54b299386dafafcc087ec61cff7f35dc16c6f5a37146c4f21d4bb85bad9440a38c39796be8baca4bad6fd2e9327b68b24254fbcd78bfde06a75afbf3235012529559369a7dd8354848e6c9aeca0139ad35c605fdc750d85d4399061264d05096b78a3b49b2fa6c67ca85eb908395f1f0288c165c544ed253ed696b0a0673f8d554dc206a90e9414b867519902da983a8e140de4314e31a6e8c0e92f3a64b6d34895ef66756b57690a0ab6e9c0e7d5050a43c1ec6bfca67c28c75c37ddf2d48baf8ea69d7c956fa1b36ac2e34e03678a58539a6c30cbd26bb498adaf33dd9c596899618b80b844957782d7b86abb708101e8944bf5da260b040f912564cad6968e410057046558c07c8629e1fd7a7f4e1d66ffc0e0106c104fb979c999a56fbf2bb6051332c71fe92e37213452ad485af96c1135ffc80febca188c2643f471907065904f1f85c9dc454dfd57a720c156a4a5f6b58a5e107df625acf38162d58cc4249346d97a95c9d926545c915f2c6bc8d173153c117e5d857f5975421968e1c55c60ac124cb923111fe16ac253a00971bbe9d0967e0281c4e76720d29185604774cefcc0619b4ce5699912f72bad2e8674199bd972d2e32a2a9b44103a4763e78c149495836c0ac42771d4dd2dd67a1e5d1f92d35cc553e80f5b60ba1320cf19b7c1c76a7faa5ed68f31d195d8e9a7a257ddcb81df965b113ec9a707a1b9b6cb404d2cdff61c23bb715485d81df4dc0491575a82c28e53ef01fe5438ba9e7199e2f981e5199a9ac86513f79261991734387e61931133f85aa1fa574275feec1a64b703e582bc48be1410d2c49c81dbbfd09f435327378cff74f24404b29097a1cd397c90845ad104e2867cea75c097f8347fca5a45c9b79e95ac0e35d56a642e606731a0e8b6383483adec9df9a58c0714183737102c2498c1de139fc479ca5e042490ae19d3860f318253c0e62c58bca7d4aa71cde7708676cbbf5ffc3519a72929b4ca7f384f8c89e4a37e6f5a4aeba8f2d9d982a9abe05ad8123b1dbb2bc8e064c9a068717ebb39a95e3b534eaee3269cf2169b25921ec0bf6c364cab323c92be5237d848a165c828898edda7c4f98d2db928857245eb18a93278ada9a36aab2fd3f0f16441bdb2e44c57a044f7c5344e2a4cb7854e32751546d52ebb02b196c4ff1ad8a7ab7b315a6512b3f7ffd4afb0acdd0c8ec0585039759d9a33101cc028a4a8ace8b4132955efbf8400aefda18d198cfc95aa8b7dac20215934eb4dfd47b1927a2ff8eebfc9ffbc7e2f63d1409666faafd48050c1a9f0e10e8915f2986337bc01ec727295198634611a1d6f55baaeeebf96c9acbc2404b69672f07d50eead240796c197dad25c1e8b67feea1a3f65c549ddbecee5ff26bde65120a64b54042693a6bbcbc1c49b65dc262de7b1b1fb47a3e93566225a7bf0c0b39523b1235d54b2e80afcb8d2b798e47a32a7552d97c50abc73cc000c38c4d5418f510d21c23d9590366d5ded87604e27c801893d022fb5454c5019129e60786f5eae86fbb8a9f7155bde6447aa1ebed65e598e6245deb033b8e945d96106cc6ac24021db90a2fa304a31add61293927738a2731aab673700d7b5117d8eaa5df59a90f622723326975d0f9e753e82bb716824cc5edbc3c6728999e9170c75ba6a4ac888447ce9b6f8929461946e8c63ea49e691dbb75ef48eece664da1e39c4f8bceaa8d14a3349909bab33380e79762d6a25fc1b49f3eebe345644e9073288f0965f524bdf4e7b8112417bd29c1f62735834be838c1553b73e7da9d5645fdea685320b415f151a29f966e8761a621c18703cf75c952a3c226f80c77732b4cdfd215bd00af717fd5948fdb0a48ba71f1f2c3743e7fa45e6407190466f28a41c7aefa96652de6ba0330085f9784df2ae2753854b791254ce89341c9ed07df7caf012f017e1991e2651998011cf673fae9064506dda031615401b63dbdf4ebf3d36e2e3d1470a9ccb78bd89995ed52eef55bbcedf216e2ab875cad325e44b6d3ebd22ffe8cb79b36a71eebbf34e29c06cba3ef978342288777651e3ced73109c073060a0f36846347a8a1153c549aa23a73f55d78c15e47c8f31b1958535a68ad617a686daeadc322e6adf42043a58562ecc1d7f5b9468f22fcd2d3eb6cb4aba97865f098f6408d02c52ad4963009c57afb16daedba301eace4d6b58bec2cb0d40d96c12aa4819cc1fdba49522495be1ccbe83c9a36cf40f5bc272efcd76172f83fc5788b480e8deba20c3355e1d405cb4961a05a619a8255d69923e075690ea6434a05a8a8cdc43dd986ecee55686172fd97671dafa6a3da991d998d49933d803de17271301798a64bad795062409ce705376b21d477c0e117c9d79c38bf4e9e4d0442ca98cb654014532e1acf0309439c16b1612ea929e6235b33945555f52b2ffb5fd409d71cb8c2a8feb9e16bc480f8157a24ba9dbb631e5db393cafef897d404ec7feaf585de2603b98f96d515d9168547c748717436ac7f970b2db860f0acb44a1b72a2fc88b590346759f91795f25ff7cb4f55341beeab8eafb469cebd36e5beac37ed79ae479009ee9965a2de3f3292dc73976f5bf653fe335a561daeb22a3a887a844bc207fea30198f6c4e5507484fb185d61452a20b508b941b2ac517c6ce2b977b5ac4e3d8299fad78527168041623ed30ae7ac594e642109365f9458687115c6a4fc2396ce3e19f1b35cad7525596c75fed918dcf3e879065c16d7ae9ebeff4018f4e29cc350ea2a6d75f2d34fbbdced9aef7530f1ff97c7cefa558c2e92fa4cd07b7fa46c02fc9504868f7f683ad81fec5dd42584de07a1a8fa62dbe7c22f57683421a8f71269f9ed4d52a3e30dee15adfaa9f9289eda0414d3fc156e1340fbdce5246773e535ed241b2ea52d7f3dfa1a73d9985f0b9962b98b9cfc6e2e50b39cddbd04e7e24a56a341b2935e800b7fb66dc960e85c4902130459a89f408a36ba5509eb7341d8e0b80a708a20f3ce09a64794dbe90fb5439f3c4b410c7a3ca55f266fffb6e6127fbcaec22b692712d723998204c86fc5abac93bdd8aae6e3da9507a1f5ac72f9df250247d0f39f4156bb61245193a59f8beaf2222501"}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000100)={0x101, 0x0, 0x0, 'queue0\x00'}) fcntl$dupfd(r3, 0x406, 0xffffffffffffffff) sendfile(0xffffffffffffffff, r2, 0x0, 0x8) unshare(0x48020200) r6 = fsmount(r0, 0x0, 0x1) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x8, 0xcd, 0x7, 0x0, 0x9, 0x61100, 0x8, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x5, 0x5, @perf_bp={&(0x7f0000000080), 0xc}, 0x400, 0x100, 0x323c, 0x2, 0x0, 0x1, 0x30e1, 0x0, 0x3ff, 0x0, 0x2f52491}, 0x0, 0x0, r6, 0x0) socket$netlink(0x10, 0x3, 0x5) 01:16:25 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2237.830169] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2237.846701] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2237.866608] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:16:26 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00"/35, @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2237.895697] FAULT_INJECTION: forcing a failure. [ 2237.895697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2237.896981] CPU: 1 PID: 11290 Comm: syz-executor.5 Not tainted 5.10.218 #1 [ 2237.897599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.898330] Call Trace: [ 2237.898584] dump_stack+0x107/0x167 [ 2237.898959] should_fail.cold+0x5/0xa [ 2237.899432] _copy_from_user+0x2e/0x1b0 [ 2237.899794] __copy_msghdr_from_user+0x91/0x4b0 [ 2237.900397] ? __ia32_sys_shutdown+0x80/0x80 [ 2237.900910] ? __lock_acquire+0xbb1/0x5b00 [ 2237.901294] sendmsg_copy_msghdr+0xa1/0x160 [ 2237.901678] ? do_recvmmsg+0x6d0/0x6d0 [ 2237.902032] ? perf_trace_lock+0xac/0x490 [ 2237.902399] ? SOFTIRQ_verbose+0x10/0x10 [ 2237.902777] ? __lockdep_reset_lock+0x180/0x180 [ 2237.903196] ? perf_trace_lock+0xac/0x490 [ 2237.903573] ___sys_sendmsg+0xc6/0x170 [ 2237.903921] ? sendmsg_copy_msghdr+0x160/0x160 [ 2237.904332] ? __fget_files+0x26d/0x4c0 [ 2237.904687] ? lock_downgrade+0x6d0/0x6d0 [ 2237.905066] ? lock_downgrade+0x6d0/0x6d0 [ 2237.905436] ? __fget_files+0x296/0x4c0 [ 2237.905803] ? __fget_light+0xea/0x290 [ 2237.906158] __sys_sendmmsg+0x195/0x470 [ 2237.906518] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2237.906907] ? lock_downgrade+0x6d0/0x6d0 [ 2237.907290] ? ksys_write+0x12d/0x260 [ 2237.907638] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2237.908071] ? wait_for_completion_io+0x270/0x270 [ 2237.908501] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2237.908993] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2237.909480] ? rcu_read_lock_any_held+0x75/0xa0 [ 2237.909891] ? __traceiter_irq_enable+0xc0/0xc0 [ 2237.910308] ? fput_many+0x2f/0x1a0 [ 2237.910635] ? trace_rcu_dyntick+0x2f/0x170 [ 2237.911035] __x64_sys_sendmmsg+0x99/0x100 [ 2237.911412] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2237.911873] do_syscall_64+0x33/0x40 [ 2237.912208] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2237.912663] RIP: 0033:0x7f3415471b19 [ 2237.912995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2237.914609] RSP: 002b:00007f34129c6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2237.915296] RAX: ffffffffffffffda RBX: 00007f3415585020 RCX: 00007f3415471b19 [ 2237.915926] RDX: 03fffffffffffdca RSI: 0000000020001040 RDI: 0000000000000005 [ 2237.916556] RBP: 00007f34129c61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2237.917184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2237.917807] R13: 00007fff6f80412f R14: 00007f34129c6300 R15: 0000000000022000 [ 2237.919833] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2237.921360] EXT4-fs (loop4): group descriptors corrupted! 01:16:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x5}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:16:26 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:16:26 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2238.008729] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2238.010343] EXT4-fs (loop4): group descriptors corrupted! 01:16:26 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00"/35, @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:16:26 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2238.111507] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2238.155109] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2238.197212] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:16:26 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2238.253663] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2238.255207] EXT4-fs (loop4): group descriptors corrupted! 01:16:26 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00000000000000000000000800", @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2238.281599] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2238.283202] EXT4-fs (loop4): group descriptors corrupted! [ 2238.401905] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:16:44 executing program 1: clone3(&(0x7f0000000140)={0x3040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x5135c0, 0xb8) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000080)={0x3, 0x9, 0x1, 0x7fff, 0x1, [0x5, 0x400, 0x6, 0xc240]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc4}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, 0x0, 0x4, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r3}, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x14000891) r5 = syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x400000) r6 = syz_io_uring_setup(0x22d6, &(0x7f00000003c0)={0x0, 0x1519, 0x1, 0x3, 0x390, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000440)) sendfile(r6, r2, &(0x7f0000000480)=0x4, 0x7) splice(r2, &(0x7f0000000280)=0x1, r5, &(0x7f0000000340)=0xfffffffffffffffd, 0xaf, 0x0) fcntl$getown(r2, 0x9) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000004c0)=0x100000fffff) getsockopt$inet_int(r1, 0x0, 0x12, &(0x7f0000000500), &(0x7f0000000540)=0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x200000c, 0x4000010, r1, 0x0) 01:16:44 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) (fail_nth: 2) socket$inet_icmp(0x2, 0x2, 0x1) 01:16:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7ffffffffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:16:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00000000000000000000000800", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:16:44 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:16:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x6}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:16:44 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x9, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:16:44 executing program 7: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) unlink(&(0x7f00000000c0)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$unix(0xffffffffffffffff, &(0x7f0000000240)="74cfc15afb06965fc1fcce0f19696af47b69a64053f3a5ee625ec368856fcec6ff81a3167e43b654db806f0bcb4105db9e980f4f9de47bd3bf856f8c627a313f799f0eb03101254c2b7ec1aeacf2508709dcef6700c6b6572424aa6460503ca971ca427a0d19bbded91c5dc4faef08bd48aabc4e03002896f35600c80fd7b96fe5a8c0163eadb2c128783a1c45ef9551c80bec26b382aadd003e69bf8c85b205430e4123e2500420c961109e46226ee95c297e931a2da8516997a3c0eb94671c6229ba41942aa4c2478d55424064ee9400", 0xd1, 0x20000000, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) setxattr$security_evm(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), &(0x7f0000000380)=@md5={0x1, "1338ceb76623722d350c74c2be6a9c3c"}, 0x11, 0x2) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000000080)=ANY=[]) [ 2256.145229] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2256.164762] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2256.175002] FAULT_INJECTION: forcing a failure. [ 2256.175002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2256.176611] CPU: 1 PID: 11339 Comm: syz-executor.5 Not tainted 5.10.218 #1 [ 2256.177542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2256.178651] Call Trace: [ 2256.179020] dump_stack+0x107/0x167 [ 2256.179526] should_fail.cold+0x5/0xa [ 2256.180052] _copy_to_user+0x2e/0x180 [ 2256.180578] simple_read_from_buffer+0xcc/0x160 [ 2256.181215] proc_fail_nth_read+0x198/0x230 [ 2256.181803] ? proc_sessionid_read+0x230/0x230 [ 2256.182419] ? security_file_permission+0x24e/0x570 [ 2256.183090] ? perf_trace_initcall_start+0xf1/0x380 [ 2256.183782] ? proc_sessionid_read+0x230/0x230 [ 2256.184400] vfs_read+0x228/0x580 [ 2256.184879] ksys_read+0x12d/0x260 [ 2256.185368] ? vfs_write+0xa70/0xa70 [ 2256.185881] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2256.186597] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2256.187301] do_syscall_64+0x33/0x40 [ 2256.187807] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2256.188499] RIP: 0033:0x7f341542469c [ 2256.189002] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2256.191438] RSP: 002b:00007f34129c6170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2256.192458] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f341542469c [ 2256.193416] RDX: 000000000000000f RSI: 00007f34129c61e0 RDI: 0000000000000006 [ 2256.194371] RBP: 00007f34129c61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2256.195329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2256.196279] R13: 00007fff6f80412f R14: 00007f34129c6300 R15: 0000000000022000 01:16:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x7}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2256.233739] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2256.235546] EXT4-fs (loop4): group descriptors corrupted! 01:16:44 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:16:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c00000000000000000000000800", @ANYRES32=r3], 0x38}}], 0x1, 0x0) [ 2256.347339] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2256.348993] EXT4-fs (loop4): group descriptors corrupted! 01:17:01 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:17:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xa, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:17:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x8}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:01 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:17:01 executing program 1: r0 = syz_mount_image$ext4(&(0x7f00000008c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000002000001000000000000000b0000000001", 0xfdd7, 0x400}, {0x0}, {&(0x7f00000006c0)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00a6321b4ba65b08b796990a57eaf4128c8c9f44617427f7cb7bdeb224e13f3a662e7f4a7a96a971b608ce139a762ecffecd53e21fcf97db9c4d802d8b91f24c967a40e27c48d1cd4d4c204c07fa990240c8accb5949d975856eea3770ca9a1c01935e05112424826c25cf37ff3789a8d87e8a41d97c7721b803aa"]) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000140)) pipe2(&(0x7f0000000340), 0x4000) 01:17:01 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000000000000000080000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:17:01 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:01 executing program 7: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1}) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[], 0x26c) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000001c0)={r1, 0x3ff, 0x7f, 0x6}) ioctl$INCFS_IOC_FILL_BLOCKS(r4, 0x80106720, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0x5, 0x2d, &(0x7f0000000300)="dfc11fcafcc095265d61ba12e32765d3e2ce298e1d05a02f650c61c776e961e093ee1c1370e465385722157ff5", 0x0, 0x1}]}) perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x0, 0x5, 0x80, 0x7, 0x0, 0x100, 0x10420, 0x6, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x2}, 0x800, 0xffffffff, 0x7fffffff, 0x7, 0x1000, 0x3, 0x5, 0x0, 0x6}, 0xffffffffffffffff, 0x7, r1, 0xf) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="01000700000008000300000b000000000000c119713d02e03f4aff0e34b25b50c5a685ac30650628fd2b005475d8e3ddb8966bb4fa7152d6da33a4ee442a9d40a0181ad6e371243b161ecf7b61d1d185431581b1fc90cd4d3cc96e0c7ad86e1a41dff8621271b09562e2a4f51452c49f6dba8674e5bf15852c0a92d2526752b7802cd5bb470ab1afe9cdda955e559adc88", @ANYRES32, @ANYRESDEC], 0x40}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x62, &(0x7f0000000280)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x4, 0xda}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, {[@nop, @md5sig={0x13, 0x12, "c481afb4b5239c576ed53b2d20550e10"}, @exp_smc={0xfe, 0x6}, @eol, @mptcp=@mp_join={0x1e, 0x3, 0x7}, @window={0x3, 0x3, 0xcf}, @exp_fastopen={0xfe, 0x6, 0xf989, "f2d3"}, @eol, @eol]}}}}}}}, 0x0) clone3(&(0x7f0000000200)={0x46004000, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 2273.132901] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2273.141695] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2273.215037] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2273.217039] EXT4-fs (loop4): group descriptors corrupted! 01:17:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2273.265681] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2273.267610] EXT4-fs (loop4): group descriptors corrupted! 01:17:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:01 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(0x0, 0x1) 01:17:01 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000000000000000080000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:17:01 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:01 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x0, 0x16}, &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = gettid() pidfd_open(r5, 0x0) r6 = gettid() pidfd_open(r6, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r7, 0x0, 0x0) kcmp(r5, r6, 0x5, r4, r7) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x4f, 0x7, 0xa3, 0x7, 0x0, 0x0, 0x20000, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x20, 0xffffffff, 0x9, 0x2, 0x6, 0x3, 0xf2, 0x0, 0x92, 0x0, 0x98}, r6, 0x6, 0xffffffffffffffff, 0xa) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2273.355813] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2273.359948] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x48, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2273.480027] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2273.490067] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:17:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x54}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2273.524664] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2273.526166] EXT4-fs (loop4): group descriptors corrupted! [ 2273.556823] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2273.557716] EXT4-fs (loop4): group descriptors corrupted! [ 2273.561077] Module has invalid ELF structures [ 2273.581786] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2273.584116] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2273.725271] Module has invalid ELF structures 01:17:18 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x4) socket$inet_icmp(0x2, 0x2, 0x1) 01:17:18 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c0000000000000000000000080000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) 01:17:18 executing program 7: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x44c00) r1 = syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000000c0)='./file1\x00', 0x14) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="7472616e733d66662c7266646e6f3da9110648edca807c21708253cb21f4ed9b23a99405bb10c0a5564b8dd5fb799028b4cbeeaaca8ad975cee81d7ce4ab86152f62dbe06f004495a3fc6fa2e766b1518c7c6e0735860361953c1ecc394b46c571d262defaec3932d9ade34ea03079c62fdf", @ANYRES64=r2, @ANYBLOB='Lufdno=', @ANYRESHEX, @ANYRESHEX=r0]) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000240)='nomand\x00', 0x0, 0x0) 01:17:18 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(0x0, 0x1) 01:17:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4c, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:17:18 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x62}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000700)={'syztnl2\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @mcast2, @private1, 0x0, 0x0, 0x3, 0x12d}}) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00'}) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8004) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, 0x0, 0x2406c4d5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x10, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000100)=0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000002e00)={{}, r6, 0x6, @unused=[0x3, 0x0, 0x2, 0xfe], @devid}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000440)={{}, r6, 0x0, @inherit={0x68, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000000400000000000000a23b0000000000000600000000000000000000723c0000000000000200000000000000000001000000000001040000000000007fffffffffffffff00000000000000000600000000000000ff7f00"/104]}, @subvolid=0x80000000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4, 0x8}, 0x0, 0xffffffffffffffff, r5, 0x0) r7 = getpgrp(0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x8, 0x5, r7}) sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) [ 2290.439848] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2290.453195] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2290.478051] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2290.479478] EXT4-fs (loop4): group descriptors corrupted! [ 2290.495760] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2290.504998] 9pnet: Could not find request transport: ff 01:17:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x68, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2290.537036] 9pnet: Could not find request transport: ff [ 2290.540283] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2290.541855] EXT4-fs (loop4): group descriptors corrupted! [ 2290.551759] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2290.557038] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 01:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfc}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:18 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0xc3) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200600, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r1, &(0x7f0000000100)={0x24, @none={0x4}}, 0x14) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000a, 0x13, r0, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r0, 0x30, 0x81, 0x0) write$binfmt_elf64(r3, &(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRES64=r0], 0xfdef) syz_io_uring_complete(r2) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000380)=ANY=[]) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7f) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r5, r4) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r4, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=@generic, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/50, 0x32}, {&(0x7f0000000280)=""/183, 0xb7}, {&(0x7f0000000480)=""/92, 0x5c}], 0x3, &(0x7f0000000400)=""/58, 0x3a}, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) 01:17:18 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2290.661016] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2290.674162] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:18 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(0x0, 0x1) 01:17:18 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f00000009c0)="5fd22ce5b63ff6312b736a99f1bd2a8e55990eaddf86bbb9f0a93f3a9fb752b71dda98fa92b0ac9b921151e4dcd5f85fa7f26ba359e016df3b98fe31ceb5fa976bf24ed96d5df095ac6881f26b3374dafa6cbfa16619b9f1b87163be45d26598a700d521cc10df0879c9d61bc424c7641220e64ee07d61c5c054d26a9c8b84b39083f029", 0x84}, {&(0x7f0000000bc0)="3c826fc36b9be645553b25555f8114d4caf80f36bd22e78332ef60f340a8f8a1e0356aebdc1b4349b5516c913612b152a8dee4c672eee10afe76acf03e8daf511e89b692b171cd5a14057994b675ae19b5719196703022c10464881cd48396712ab3221fa1a133b4665522edbdb363f26171a4ec2e132c8288f324c07ef2cc0abd7b05ee4328c7567f08c5abdf85cfe6c1bc4a764e80cde05af7ab3e7ae5cbdabd13191e3fb55da01e71573c2bc76b708d4dac94df10f4ddd0fe544a151f6d50f75dc8f7bb4cc7f103186c0458521139c7954de52801be527426ab15512b3a", 0xdf}, {&(0x7f0000000cc0)="07e09d03fa1a55ba775ae646d67221d20986898815c862e349b28584a15e32dfc1908c5ab6396428fd290271001d9849c5e038a78f1f36e2394fe46b149a0ba0dc9e730e1f964739b4fe8daa5c93f6ccc01d32a33d25ceba97c1cd2d58cd5312a9e5e220a4fb955c5a846ad81c87b33aececb1c0ef7c2c8bec3aff774884bc57bc3fcc83c5db10a063693fa0901f446afecdd59e46cbe0fa1b4b504fe9b31a4d04761281d69461754fdd3d4ed9b43b6477faddc85922e175c88466f67c5a3067a1a5a990963a4e5bd95c31690803964611bb3b73ff5dafddd0ab662c2e8ac7721546e273ee23768be0ab608179584bda26e65ce42f4b50", 0xf7}], 0x3) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'lo\x00'}) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000180)) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, 0x0, 0x80) fallocate(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000b40)={'ip6tnl0\x00'}) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000080)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x4000006}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000b80)={'sit0\x00', &(0x7f0000000ac0)={'ip6gre0\x00', 0x0, 0x29, 0x7, 0x9, 0x2302b984, 0x49, @private0={0xfc, 0x0, '\x00', 0xff}, @loopback, 0x10, 0x80, 0xfffffffd, 0x3}}) dup2(r4, 0xffffffffffffffff) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000140)) pwritev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f00000002c0)="7687bd0d0b7cd9c6a85d1a9b578bf294b25f3c838014a2ca52ea40cd89d52e0e62fc76c305af0aee9f65dbef7a155836b25088bdf53fa0ac91eeb52684da2275d3c59ae8657cb4c4a526a9951a2e74767b15e182963bf9e28833d728bf1992d196892a0bc09491e61d9e1ae5131b829b035e6a940b264e522c5632a33b75a3ab6dd649b91f5254e8b8e79386d5d315de512505cc239b9f3bbe86bafc11568a169d077f47b4194255e3c314294231220a0ea123bd9e0ce8b7253b3d7f1ac4abba871f183be5c0509725b14f03705728e994b35494423ac8285059d3ce6c0ac440fe9c898f2807c94db26538df0366b8a54f12a912e66800333417be254e5646dbff68b825fb30f4a8484de31b39c2d056f36c6cf0a8b79a4c4263269d93423c81bcd123f2e9fd398a6f5b712aa7ea26adcdfffac6a7576b03a32ac82bca2f44a11aa489075e5752509f3d92b670224df8352a813b0c6a7a0e0d1aeb4b897f5aa4940e9e6187ce9fcee0f498d966dfcb6257f7515d63b37514d4b979cd4ce1584ac5a47acff94510b06675297cc8915d24b91b9e9b9e2febbfc7dabe44393ef56248ef1674282d412c7c6aeb50e8effe2dae50ab9f2b7a5378f1bf7d7c24597cb7586704b3c916544f4a268f07eeb592e3a482abbd112ebd0e6a802d00a33e4f4807e3dbb9dae47d230b224af546ff7503e94889cd7b716a0a1301bcc7d2f39c054259d74cd6e477ca6df693246fcd15bfe99fbab39003869fc3c8c7e1e06023605e829eb56c1eb3c50a989bd8e740c0323ac2ff3dc6d93ca930e32bd15d37955d861bcbb2cc792a3b1bfb36cbe4a5dcb86f68a534852e5a0b61e292b78e7fecc380f3378db7e631236c27b642d77b130d03d1921e752a99f2b920c222af94ee2e5ecdba560d6ea21479b0a8f3e2a4180a9a4e626f0e99f1a19e1b9bae57eb0730ea5303031852f390e6716fd873aeb570772971adb0210fc9605492aa6a7bc194b7d85c6c33bc6071170ca59098a7f58015c2fb0fda186980a67dcaca7d926100b9ee3bca10651775f6fe0602d3b91ca06e0daffe54791f3ca9c61e5b4bd115130b698f3ee7bec64dce272afef9f5fdaba665177659bf9b9c06ab76ade91a879ddf02db9f73e09aab5012cb3739084ab813b317e1f03447041fdd6708e3ac81bfcfc45227449027ef0e69c32e3815dce5702f2eb21bccac5e52d92084222a81db20288da1657ad7a35845fdcc7a5ed5e030ece3e0445233738692c44a8513fdcfdf27c47b1cafb4094d2a4b690cd541bc2e599462ae7972453f42db7323274533ae2455c0c661e991df30d10cd0a4e33d5b6c8f106e936101abd1bdf957ce524a7f168af87b50f0efbef92ef98935dd188b0836c020a8d0352a90d9f171f0f1bb248f92f454ebc8cff6cff9935bdab71b1b578ad9f9fc25df4fb4424041c81b658f8582d82b95a59ca69517074b49ffc463b709bab83b36b80d4ba34f5875ac5612ab19e08cae0fe6c295b264637bfd2c208ac0ecce31ee052c7e136f768851529bee6df1c66d57532769d2ae0758af6b075991cd99af9a3af1cb319521d51b1e3f477c059792971a55e6fd905238ea6a7bdbdc1da4eb199a6b2027de2d9dbe3462cfa24ffff7183d0c226bac8a45463792de658b545958e5ec79fca9a0a232c7d8f90b60dbd8b48d41750ebf18ffdfb59b5459dbef216d4b7371e8608cbc68633092f947f69fb6ce28621494756bdb551b113500221442a910801bdd8d78643ce5465f432ec2bd49e5d384bb9589fb8c0987ffa18e468d67eb927d507e630ba16f1e5ba22ced8c0c50bf8cb5eef639938e013232f93b5f06f0393f81820ddeb79dc0233c7619ac4dc4b2db3cf74ef5c2180ebbf3f8f52fb5638d6030f7c57cb71b5b55d152e6a7e4033280e6289329bf5f4aecc16be5a9011a46c51e7f1d6bbad49697798b60fc68611bc92a8a1f80c28456bdd5c4322e9ec5cb93e7aadad5c96d567b50fd3f976aad365760e67756d2e87ab0928446fc371a732a4e580b0516fbe506a91b7b48664eafa734bf7d88a2f706ac272d8837076661f930ea99da00de28f6be56c7c4c690713e62be629c985013723d9929133d60edac9aa8723bbb7ddf8d51afd71d90d35cea27b2ce3492957aa90ebca108fc8bc146a7e3dbbdaab05f48c60377d76c97bd9e4ef562a0670dfe2ec9358dee38de0db8e4834040b9a919f9ae82ea2a1eff1f32c9b760256ac0d48043e5474ed7dd9da34d2ce9091a52aa030fdec1c525845d20bc0baee0970ea5354ecd78c5f6984572c2af44f8b844e122185711824f96314d10687fe1cf72dd5050b4c21809b3056b229f3775936d9d374a83d319f1347830f762a806f6542e434a82ec44c3e8c1a6cee838c9f1c1556b7600dc9923a1ed2131a708760c6f8db29f59b6b539318045c809db9bc7ea730b43b9c5a28ced64f14b69d40456dbbb469baa6f6230e6b74f6b007d97ff67f3627135b1661f5fcc9a36e0efaace9ae26be1aa08bc0a09cf068acae5960c", 0x700}, {0x0}, {0x0}, {0x0}], 0x4, 0x1, 0x4) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x2308, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 01:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x1f4}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2290.796045] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2290.797589] EXT4-fs (loop4): group descriptors corrupted! 01:17:19 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6c, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2290.937303] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2290.944271] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2290.950263] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2290.963043] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:17:36 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x4000) socket$inet_icmp(0x2, 0x2, 0x1) 01:17:36 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 01:17:36 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 1) 01:17:36 executing program 7: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4c20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000000)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x101) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000001d00210c00000000120000000400020010001180809801a7b0d7dba09475f251"], 0x24}}, 0x0) 01:17:36 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x300000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:36 executing program 1: ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000040)) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000005a00)={0x0, 0x0, 0x0}, 0x84c00) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0xc040, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x2000003) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0x30000002) ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f0000000140)=0x1) dup3(r2, r1, 0x0) mkdirat(r2, &(0x7f0000000080)='./file0\x00', 0x50) io_uring_setup(0xf88, &(0x7f00000001c0)={0x0, 0x913b, 0x4, 0x1, 0x0, 0x0, r0}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@private1, @in6=@mcast1}}, {{@in=@broadcast}, 0x0, @in6=@private0}}, &(0x7f0000000180)=0xe8) 01:17:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x218}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:36 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x74, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2308.414216] FAULT_INJECTION: forcing a failure. [ 2308.414216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2308.416660] CPU: 0 PID: 11489 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2308.418042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2308.419799] Call Trace: [ 2308.420341] dump_stack+0x107/0x167 [ 2308.421058] should_fail.cold+0x5/0xa [ 2308.421825] _copy_from_user+0x2e/0x1b0 [ 2308.422610] __copy_msghdr_from_user+0x91/0x4b0 [ 2308.423537] ? __ia32_sys_shutdown+0x80/0x80 [ 2308.424428] ? __lock_acquire+0xbb1/0x5b00 [ 2308.425278] sendmsg_copy_msghdr+0xa1/0x160 [ 2308.426137] ? do_recvmmsg+0x6d0/0x6d0 [ 2308.426908] ? perf_trace_lock+0xac/0x490 [ 2308.427725] ? SOFTIRQ_verbose+0x10/0x10 [ 2308.428549] ? __lockdep_reset_lock+0x180/0x180 [ 2308.429471] ? perf_trace_lock+0xac/0x490 [ 2308.430300] ___sys_sendmsg+0xc6/0x170 [ 2308.431076] ? sendmsg_copy_msghdr+0x160/0x160 [ 2308.432000] ? __fget_files+0x26d/0x4c0 [ 2308.432787] ? lock_downgrade+0x6d0/0x6d0 [ 2308.433633] ? __fget_files+0x296/0x4c0 [ 2308.434425] ? __fget_light+0xea/0x290 [ 2308.435215] __sys_sendmmsg+0x195/0x470 [ 2308.436021] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2308.436879] ? lock_downgrade+0x6d0/0x6d0 [ 2308.437720] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2308.438713] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2308.439708] ? perf_trace_preemptirq_template+0x266/0x400 [ 2308.440769] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2308.441654] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2308.442547] ? __traceiter_irq_enable+0xc0/0xc0 [ 2308.443288] ? fput_many+0x2f/0x1a0 [ 2308.443897] ? trace_rcu_dyntick+0x2f/0x170 [ 2308.444601] __x64_sys_sendmmsg+0x99/0x100 [ 2308.444624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2308.444640] do_syscall_64+0x33/0x40 [ 2308.444659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2308.444672] RIP: 0033:0x7fe4a84d7b19 [ 2308.444691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2308.444702] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2308.452217] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2308.453362] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2308.454507] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2308.455649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2308.456797] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2308.474521] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2308.485522] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2308.497181] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2308.498364] EXT4-fs (loop4): group descriptors corrupted! [ 2308.541746] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2308.543203] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2308.544477] EXT4-fs (loop4): group descriptors corrupted! 01:17:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x240}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:36 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 2) 01:17:36 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7a, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2308.586291] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:17:36 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 01:17:36 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:36 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x9071}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001000010400000000000000000000000005000000ff7f000000000000040014"], 0x24}}, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f00000001c0)=""/254, 0xfe}, {&(0x7f0000000600)=""/253, 0xfd}, {&(0x7f0000000700)=""/236, 0xec}, {0x0}, {&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/32, 0x20}], 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="10c8f05d5a0000000100000001000000"], 0x10}, 0x40000105) move_pages(0x0, 0x0, 0x0, &(0x7f0000000540)=[0x0, 0x0], &(0x7f00000005c0), 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) io_setup(0x3e3, &(0x7f0000000580)=0x0) io_submit(r1, 0x0, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0xc855}, 0x80c4) [ 2308.718242] FAULT_INJECTION: forcing a failure. [ 2308.718242] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2308.720267] CPU: 0 PID: 11510 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2308.721391] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2308.722737] Call Trace: [ 2308.723178] dump_stack+0x107/0x167 [ 2308.723785] should_fail.cold+0x5/0xa [ 2308.724412] _copy_from_user+0x2e/0x1b0 [ 2308.725069] move_addr_to_kernel.part.0+0x31/0x110 [ 2308.725874] __copy_msghdr_from_user+0x3e1/0x4b0 [ 2308.726638] ? __ia32_sys_shutdown+0x80/0x80 [ 2308.727371] ? __lock_acquire+0xbb1/0x5b00 [ 2308.728077] sendmsg_copy_msghdr+0xa1/0x160 [ 2308.728782] ? do_recvmmsg+0x6d0/0x6d0 [ 2308.729415] ? perf_trace_lock+0xac/0x490 [ 2308.730094] ? SOFTIRQ_verbose+0x10/0x10 [ 2308.730761] ? __lockdep_reset_lock+0x180/0x180 [ 2308.731519] ? perf_trace_lock+0xac/0x490 [ 2308.732203] ___sys_sendmsg+0xc6/0x170 [ 2308.732843] ? sendmsg_copy_msghdr+0x160/0x160 [ 2308.733580] ? __fget_files+0x26d/0x4c0 [ 2308.734225] ? lock_downgrade+0x6d0/0x6d0 [ 2308.734919] ? __fget_files+0x296/0x4c0 [ 2308.735579] ? __fget_light+0xea/0x290 [ 2308.736226] __sys_sendmmsg+0x195/0x470 [ 2308.736889] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2308.737590] ? lock_downgrade+0x6d0/0x6d0 [ 2308.738280] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2308.739092] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2308.739920] ? perf_trace_preemptirq_template+0x266/0x400 [ 2308.740818] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2308.741711] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2308.742614] ? __traceiter_irq_enable+0xc0/0xc0 [ 2308.743360] ? fput_many+0x2f/0x1a0 [ 2308.743966] ? trace_rcu_dyntick+0x2f/0x170 [ 2308.744678] __x64_sys_sendmmsg+0x99/0x100 [ 2308.745372] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2308.746203] do_syscall_64+0x33/0x40 [ 2308.746812] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2308.747637] RIP: 0033:0x7fe4a84d7b19 [ 2308.748250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2308.751176] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2308.752427] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2308.753585] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2308.754746] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2308.755910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2308.757069] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2308.814974] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2308.842007] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x300}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2308.920284] device wlan1 entered promiscuous mode [ 2308.964018] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2308.965559] EXT4-fs (loop4): group descriptors corrupted! 01:17:37 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2308.987974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11520 comm=syz-executor.1 [ 2309.042121] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2309.043184] EXT4-fs (loop4): group descriptors corrupted! [ 2309.043473] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2309.059395] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:56 executing program 7: syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='autofs\x00', 0x0, &(0x7f0000000240)='\x00>\xd7C\xbeom6%\xe2\xb1\x8dU\x93\xd3@\xe0\xe2\xdaJb#\xadMGxb\xd8[8\x16\xff\xa3%\xb1\xc3\x8b\x99J\xc2\xf5\t\x1b\x97W\xf0]\x97842') 01:17:56 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 01:17:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3e8}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:17:56 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0xff03) socket$inet_icmp(0x2, 0x2, 0x1) 01:17:56 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x500000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:56 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 3) 01:17:56 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x2f0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:17:56 executing program 1: symlinkat(&(0x7f0000000080)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00') r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000000, 0x13, 0xffffffffffffffff, 0x8000000) recvmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000340), 0x6e, &(0x7f0000001640)=[{&(0x7f00000003c0)=""/213, 0xd5}, {&(0x7f00000004c0)=""/101, 0x65}, {&(0x7f0000000540)=""/236, 0xec}, {&(0x7f00000000c0)=""/61, 0x3d}, {&(0x7f0000000140)=""/41, 0x29}, {&(0x7f0000000640)=""/4096, 0x1000}], 0x6, &(0x7f0000001840)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001400000000000000010083eb2641be277926000004000000", @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x80}, 0x22) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/class/drm', 0x970c7917c8cb9e10, 0x2) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_WRITEV={0x2, 0x1, 0x2007, @fd_index=0xa, 0x7f, &(0x7f0000000500)=[{&(0x7f0000000480)="bb024c69755e206d05b31065900010df58e4974e35dcf2a087a40e184899f3d6047a35b7253f48f6ce6594cd14a3018e3a7e86a44e06f1dbc01761bcd7a4ec3339c0768e7539014e60bf987583afa915b1", 0x51}, {&(0x7f0000000640)="5e8569ab6f02a7d5e01d991aa886eb33d57eb743219a7adff177dd0974a1e56944f84e80be535418540ae96f90d13a1fa5fbecfe3a47f7fde121708514c638d88ac95e763e64a2a2c2121e7e524716a0e94ff2abf9d37384a697a5359ac207ed5ca6a9a4b7483f0582598fd03a6bad682529b6e2f3ed37ef5ceeb4638e6448558c8b91a829f7b81f879bdb0d947fe06807d4a7c14c988bc70aa93340412d5925c4ef1ddc90d1da165e91742f3e1cb1ba278311eb729b6fb361bb2537ebcc0a7e", 0xc0}, {&(0x7f0000001780)="ff52023991a4f9811c9af4301173db45a53d393b4bdc9e2e55ff441f8dffb1af526a90b00ddbb87afedc0bcc766bd0bb9ca6ede2512c5d66cf05da27aa5465a3ee4f3d47fcd49accee97caedc17878ad2f56a30b4d6e4cca91111ba823b067fed613868f2def5919c8654c0d1179680e08f68340b502e4798e16546e48f1433cb93a6490bfe1c264cef4d98246f0957e2446bccdbb4cc2fa1bac65105c75246438a93d", 0xa3}, {&(0x7f0000000200)="54dbb557609a966157ee8e4fd3346f2138c9cc3dd861dba9376e818ed13ac73e42fb86f43e30e2", 0x27}], 0x4, 0xe, 0x1, {0x2, r3}}, 0x5) syz_io_uring_submit(r0, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4, 0x0, r1, 0x0, &(0x7f0000001740)="c8db33b7b866b35c6e2765b2d1cb8e5fca1e90fc6b5e445a0ef676169b4b5e9e2c8b37d451c86a0f243aae54158024d78a7e0affafb14e67a4c68644534caf3fc0b2a407fcb775f7ddf574238f6b7d39580780bfb0c603fe583c5173c49f640b78b592de63c1993f26335766115bcf29a799292a17e5f3b90abe9091c5b7f306f0ef13fc5a5ca29ede61c971b4a1f51da210ab3817462c64f71fcd8581a0266a43a9c1fe4f39716e39a7098089424ff58faa51a2ce0236ff18b83c28f1a1c4b7d0ae57b3596a0188814a4e32806f214e6ecb383c14cc897e263db7b6b30e58", 0xdf, 0x40002100, 0x0, {0x0, r3}}, 0x0) r4 = syz_io_uring_setup(0x512b, &(0x7f00000002c0), &(0x7f0000ff3000/0xd000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000040)={0x0, 0x0, 0x6}, &(0x7f0000000100)='./file0/../file0\x00', 0x18}, 0x0) io_uring_enter(r4, 0x25f8, 0x0, 0x0, 0x0, 0x0) [ 2328.291141] FAULT_INJECTION: forcing a failure. [ 2328.291141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.293198] CPU: 1 PID: 11547 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2328.294211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2328.295414] Call Trace: [ 2328.295819] dump_stack+0x107/0x167 [ 2328.296374] should_fail.cold+0x5/0xa [ 2328.296968] _copy_from_user+0x2e/0x1b0 [ 2328.297550] iovec_from_user+0x141/0x400 [ 2328.298153] ? move_addr_to_kernel.part.0+0xc8/0x110 [ 2328.298907] __import_iovec+0x67/0x590 [ 2328.299467] ? __ia32_sys_shutdown+0x80/0x80 [ 2328.300144] import_iovec+0x83/0xb0 [ 2328.300705] sendmsg_copy_msghdr+0x131/0x160 [ 2328.301343] ? do_recvmmsg+0x6d0/0x6d0 [ 2328.301924] ? perf_trace_lock+0xac/0x490 [ 2328.302529] ? __lockdep_reset_lock+0x180/0x180 [ 2328.303217] ? perf_trace_lock+0xac/0x490 [ 2328.303842] ___sys_sendmsg+0xc6/0x170 [ 2328.304440] ? sendmsg_copy_msghdr+0x160/0x160 [ 2328.305136] ? __fget_files+0x26d/0x4c0 [ 2328.305734] ? lock_downgrade+0x6d0/0x6d0 [ 2328.306354] ? lock_downgrade+0x6d0/0x6d0 [ 2328.306998] ? __fget_files+0x296/0x4c0 [ 2328.307626] ? __fget_light+0xea/0x290 [ 2328.308255] __sys_sendmmsg+0x195/0x470 [ 2328.308890] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2328.309543] ? lock_downgrade+0x6d0/0x6d0 [ 2328.310191] ? ksys_write+0x12d/0x260 [ 2328.310779] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2328.311489] ? wait_for_completion_io+0x270/0x270 [ 2328.312215] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2328.313033] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2328.313850] ? rcu_read_lock_any_held+0x75/0xa0 [ 2328.314522] ? __traceiter_irq_enable+0xc0/0xc0 [ 2328.315212] ? fput_many+0x2f/0x1a0 [ 2328.315761] ? trace_rcu_dyntick+0x2f/0x170 [ 2328.316415] __x64_sys_sendmmsg+0x99/0x100 [ 2328.317054] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2328.317818] do_syscall_64+0x33/0x40 [ 2328.318359] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2328.319142] RIP: 0033:0x7fe4a84d7b19 [ 2328.319722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2328.322415] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2328.323548] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2328.324635] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2328.325683] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2328.326728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2328.327771] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2328.331701] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x500}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2328.353653] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2328.359082] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2328.367843] autofs4:pid:11545:autofs_fill_super: called with bogus options [ 2328.370659] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2328.372064] EXT4-fs (loop4): group descriptors corrupted! [ 2328.404187] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:17:56 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:17:56 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x40086602, 0xfffffffffffffffd) chdir(&(0x7f0000000040)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2, @in_args={0x4}}, './file1\x00'}) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3}, 0x0, 0x0, 0xffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000440)=ANY=[@ANYBLOB="52cb8eb114963d367ea394997be3b7e0260902b22a5ff45ea61ad4f3a6a70bae11c3bff9ed62410bb5c8e0d69c43591b563415832ce84309dec7f09d85af2809821bfae3dc0fdada23bf7c23f9c973884c62ad7eeba3abf522606cee9d2df31c7eaf9feed3ae9394ca49b038dc513401fb34f37e3cc04d9f7f640cbf7e45fe0b505400f8850648934077fe8aebaf790a6fe8d7ebda54dd25c2957f25e32f0957171992c431dca05c4d78b6517d528fe863ecbe1fb9af5954ba907f2a3b5d05425dc0c95326f2fce8ff5a586e06cd621a8cabab97901fbf41f057d507cce1e4c60ebdb5b94f8fcb2bc318dc57b12ab2bfdc534872dc3b8fcc2a2ca8f004f65e5ec8ab91df65dc8f65e6fc82a974c358585311f18e92f4dd6687", @ANYRESOCT]) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = openat(r4, &(0x7f00000001c0)='./file1\x00', 0x2480, 0xb) sendfile(r5, r6, 0x0, 0x100000001) r8 = openat2(r6, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x800, 0x10b, 0x1e}, 0x18) fstatfs(r8, &(0x7f0000000580)=""/221) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000200)={0x0, r7, 0x3ff, 0x1d0, 0x400, 0x10001}) [ 2328.467581] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2328.469066] EXT4-fs (loop4): group descriptors corrupted! [ 2328.505671] autofs4:pid:11560:autofs_fill_super: called with bogus options 01:17:56 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 4) 01:17:56 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x600000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:17:56 executing program 7: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000002000210ce5468b7ee600000000000000000200000008000000", @ANYRES32=0x0, @ANYBLOB="0c0011000000000000000000"], 0x28}}, 0x0) perf_event_open(&(0x7f0000001400)={0x2, 0x80, 0x73, 0x87, 0x2, 0x81, 0x0, 0x0, 0x4200, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffb, 0x0, @perf_bp={&(0x7f00000013c0), 0xd}, 0x4000, 0x4, 0x9, 0x9, 0x3, 0x7ff, 0x8000, 0x0, 0x101, 0x0, 0x7}, 0x0, 0xf, 0xffffffffffffffff, 0x9) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) r2 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='syscall\x00') preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x8001, 0x4) r5 = add_key$keyring(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r3) syz_open_procfs(0xffffffffffffffff, 0x0) add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000001300)={'fscrypt:', @desc4}, &(0x7f0000001340)={0x0, "0ce94ebfc19fc575b93c20195346a8fb6080faea883e9ae1cc2b0a1280631112901f85624f2c82f1a8b311a4f8467203c7df81e370ac047d7dfeb0605831ddcc", 0x1d}, 0x48, r3) add_key$keyring(&(0x7f0000000040), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r5) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x1c7a02, 0x0) unshare(0x48020200) 01:17:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x600}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2328.615745] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2328.622055] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:17:56 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x500, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2328.714501] FAULT_INJECTION: forcing a failure. [ 2328.714501] name failslab, interval 1, probability 0, space 0, times 0 [ 2328.716325] CPU: 1 PID: 11570 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2328.717357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2328.718585] Call Trace: [ 2328.719066] dump_stack+0x107/0x167 [ 2328.719610] should_fail.cold+0x5/0xa [ 2328.720205] ? sock_kmalloc+0xae/0x100 [ 2328.720793] should_failslab+0x5/0x20 [ 2328.721345] __kmalloc+0x72/0x390 [ 2328.721890] sock_kmalloc+0xae/0x100 [ 2328.722439] ____sys_sendmsg+0x665/0x870 [ 2328.723049] ? sock_write_iter+0x3d0/0x3d0 [ 2328.723686] ? do_recvmmsg+0x6d0/0x6d0 [ 2328.724276] ? perf_trace_lock+0xac/0x490 [ 2328.724905] ? __lockdep_reset_lock+0x180/0x180 [ 2328.725583] ? perf_trace_lock+0xac/0x490 [ 2328.726212] ___sys_sendmsg+0xf3/0x170 [ 2328.726815] ? sendmsg_copy_msghdr+0x160/0x160 [ 2328.727490] ? lock_downgrade+0x6d0/0x6d0 [ 2328.728142] ? lock_downgrade+0x6d0/0x6d0 [ 2328.728774] ? __fget_files+0x296/0x4c0 [ 2328.729365] ? __fget_light+0xea/0x290 [ 2328.729966] __sys_sendmmsg+0x195/0x470 [ 2328.730549] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2328.731202] ? lock_downgrade+0x6d0/0x6d0 [ 2328.731850] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2328.732572] ? wait_for_completion_io+0x270/0x270 [ 2328.733285] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2328.734097] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2328.734899] ? rcu_read_lock_any_held+0x75/0xa0 [ 2328.735566] ? __traceiter_irq_enable+0xc0/0xc0 [ 2328.736273] ? fput_many+0x2f/0x1a0 [ 2328.736841] ? trace_rcu_dyntick+0x2f/0x170 [ 2328.737477] __x64_sys_sendmmsg+0x99/0x100 [ 2328.738100] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2328.738862] do_syscall_64+0x33/0x40 [ 2328.739400] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2328.740173] RIP: 0033:0x7fe4a84d7b19 [ 2328.740739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2328.743403] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2328.744581] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2328.745653] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2328.746687] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2328.747716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2328.748994] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2328.820944] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2328.822721] EXT4-fs (loop4): group descriptors corrupted! [ 2328.831983] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2328.854349] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2328.866844] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2328.868365] EXT4-fs (loop4): group descriptors corrupted! 01:18:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 5) 01:18:13 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) (fail_nth: 1) 01:18:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x4a890}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) writev(r2, &(0x7f00000003c0), 0x2) 01:18:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x40086602, 0xfffffffffffffffd) chdir(&(0x7f0000000040)='./file0\x00') fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00') open_tree(r0, &(0x7f0000000340)='./file1/file1\x00', 0x9001) openat(r0, &(0x7f0000000240)='./file1\x00', 0x0, 0xa4) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x4) rmdir(&(0x7f0000000280)='./file1/file0\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3}, 0x0, 0x0, 0xffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000fd7c49151b38ae4a010000005c8b11f5", @ANYRES32=r1, @ANYRES32=r2, @ANYRESDEC]) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/stat\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000140), 0x4) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000400)=ANY=[@ANYBLOB="0100c97d33b777a05ee5c900", @ANYRES32, @ANYBLOB="04000000000000002e2f66696c65312f66696c65302f66696c653000"]) sendfile(r2, r3, 0x0, 0x100000001) 01:18:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x700000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:18:13 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x600, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:13 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x40000) socket$inet_icmp(0x2, 0x2, 0x1) 01:18:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x700}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2345.422582] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2345.433161] FAULT_INJECTION: forcing a failure. [ 2345.433161] name failslab, interval 1, probability 0, space 0, times 0 [ 2345.435117] CPU: 0 PID: 11602 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2345.436304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2345.437716] Call Trace: [ 2345.438187] dump_stack+0x107/0x167 [ 2345.438813] should_fail.cold+0x5/0xa [ 2345.439471] ? create_object.isra.0+0x3a/0xa20 [ 2345.440254] should_failslab+0x5/0x20 [ 2345.440910] kmem_cache_alloc+0x5b/0x310 [ 2345.441634] create_object.isra.0+0x3a/0xa20 [ 2345.442382] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2345.443238] __kmalloc+0x16e/0x390 [ 2345.443847] sock_kmalloc+0xae/0x100 [ 2345.444513] ____sys_sendmsg+0x665/0x870 [ 2345.445204] ? sock_write_iter+0x3d0/0x3d0 [ 2345.445916] ? do_recvmmsg+0x6d0/0x6d0 [ 2345.446589] ? perf_trace_lock+0xac/0x490 [ 2345.447299] ? __lockdep_reset_lock+0x180/0x180 [ 2345.448091] ? perf_trace_lock+0xac/0x490 [ 2345.448832] ___sys_sendmsg+0xf3/0x170 [ 2345.449499] ? sendmsg_copy_msghdr+0x160/0x160 [ 2345.450288] ? lock_downgrade+0x6d0/0x6d0 [ 2345.451021] ? __fget_files+0x296/0x4c0 [ 2345.451703] ? __fget_light+0xea/0x290 [ 2345.452379] __sys_sendmmsg+0x195/0x470 [ 2345.453062] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2345.453808] ? lock_downgrade+0x6d0/0x6d0 [ 2345.454511] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2345.455369] ? perf_trace_preemptirq_template+0x266/0x400 [ 2345.456309] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2345.457236] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2345.458173] ? __traceiter_irq_enable+0xc0/0xc0 [ 2345.458959] ? fput_many+0x2f/0x1a0 [ 2345.459571] ? trace_rcu_dyntick+0x2f/0x170 [ 2345.460311] __x64_sys_sendmmsg+0x99/0x100 [ 2345.461032] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2345.461891] do_syscall_64+0x33/0x40 [ 2345.462523] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2345.463393] RIP: 0033:0x7fe4a84d7b19 [ 2345.464018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2345.467108] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2345.468399] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2345.469606] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2345.470812] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2345.471963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2345.473165] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2345.476363] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2345.497787] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2345.499013] EXT4-fs (loop4): group descriptors corrupted! [ 2345.545058] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2345.548121] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2345.549568] EXT4-fs (loop4): group descriptors corrupted! [ 2345.585261] FAULT_INJECTION: forcing a failure. [ 2345.585261] name failslab, interval 1, probability 0, space 0, times 0 [ 2345.586806] CPU: 1 PID: 11618 Comm: syz-executor.6 Not tainted 5.10.218 #1 [ 2345.587615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2345.588593] Call Trace: [ 2345.588915] dump_stack+0x107/0x167 [ 2345.589348] should_fail.cold+0x5/0xa [ 2345.589802] ? getname_flags.part.0+0x50/0x4f0 [ 2345.590348] should_failslab+0x5/0x20 [ 2345.590800] kmem_cache_alloc+0x5b/0x310 [ 2345.591283] getname_flags.part.0+0x50/0x4f0 [ 2345.591939] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2345.592700] user_path_at_empty+0xa1/0x100 [ 2345.593348] __x64_sys_umount+0xf8/0x190 [ 2345.593824] ? path_umount+0x1170/0x1170 [ 2345.594313] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2345.595046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2345.595729] do_syscall_64+0x33/0x40 [ 2345.596170] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2345.596781] RIP: 0033:0x7f17b20d5b19 [ 2345.597219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2345.599382] RSP: 002b:00007f17af62a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2345.600400] RAX: ffffffffffffffda RBX: 00007f17b21e9020 RCX: 00007f17b20d5b19 [ 2345.601351] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000200000c0 [ 2345.602448] RBP: 00007f17af62a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2345.603266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2345.604307] R13: 00007fff795c125f R14: 00007f17af62a300 R15: 0000000000022000 01:18:13 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x700, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:13 executing program 7: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$9p(r0, &(0x7f0000000080)="f4", 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x3f, 0x0, 0x80, 0x7c, 0x8}) ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x6, 0x7fff, 0xcff7}) ioctl$FS_IOC_GETFLAGS(r0, 0x40086602, &(0x7f0000001200)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000140)={0x0, 0x20000000000}) 01:18:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe00}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x800000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2345.643327] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:18:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 6) [ 2345.765689] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2345.783994] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:18:13 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) (fail_nth: 2) [ 2345.834918] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2345.835871] EXT4-fs (loop4): group descriptors corrupted! 01:18:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x1802}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x900, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2345.872223] FAULT_INJECTION: forcing a failure. [ 2345.872223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2345.874163] CPU: 0 PID: 11631 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2345.875257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2345.876627] Call Trace: [ 2345.877057] dump_stack+0x107/0x167 [ 2345.877658] should_fail.cold+0x5/0xa [ 2345.878276] _copy_from_user+0x2e/0x1b0 [ 2345.878926] ____sys_sendmsg+0x6c6/0x870 [ 2345.879584] ? sock_write_iter+0x3d0/0x3d0 [ 2345.880289] ? do_recvmmsg+0x6d0/0x6d0 [ 2345.880921] ? perf_trace_lock+0xac/0x490 [ 2345.881584] ? __lockdep_reset_lock+0x180/0x180 [ 2345.882313] ? perf_trace_lock+0xac/0x490 [ 2345.883009] ___sys_sendmsg+0xf3/0x170 [ 2345.883616] ? sendmsg_copy_msghdr+0x160/0x160 [ 2345.884378] ? lock_downgrade+0x6d0/0x6d0 [ 2345.885045] ? __fget_files+0x296/0x4c0 [ 2345.885697] ? __fget_light+0xea/0x290 [ 2345.886309] __sys_sendmmsg+0x195/0x470 [ 2345.886949] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2345.887623] ? lock_downgrade+0x6d0/0x6d0 [ 2345.888300] ? perf_trace_run_bpf_submit+0xf5/0x190 [ 2345.889079] ? perf_trace_preemptirq_template+0x266/0x400 [ 2345.889945] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2345.890792] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2345.891668] ? __traceiter_irq_enable+0xc0/0xc0 [ 2345.892386] ? fput_many+0x2f/0x1a0 [ 2345.892965] ? trace_rcu_dyntick+0x2f/0x170 [ 2345.893775] __x64_sys_sendmmsg+0x99/0x100 [ 2345.894449] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2345.895222] do_syscall_64+0x33/0x40 [ 2345.895800] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2345.896594] RIP: 0033:0x7fe4a84d7b19 [ 2345.897162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2345.899903] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2345.901068] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2345.902149] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2345.903250] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2345.904360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2345.905461] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2346.060319] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2346.065956] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2346.078023] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2346.090246] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2346.105521] FAULT_INJECTION: forcing a failure. [ 2346.105521] name failslab, interval 1, probability 0, space 0, times 0 [ 2346.106558] CPU: 1 PID: 11638 Comm: syz-executor.6 Not tainted 5.10.218 #1 [ 2346.107130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2346.107818] Call Trace: [ 2346.108047] dump_stack+0x107/0x167 [ 2346.108362] should_fail.cold+0x5/0xa [ 2346.108687] ? create_object.isra.0+0x3a/0xa20 [ 2346.109072] ? create_object.isra.0+0x3a/0xa20 [ 2346.109455] should_failslab+0x5/0x20 [ 2346.109901] kmem_cache_alloc+0x5b/0x310 [ 2346.110251] create_object.isra.0+0x3a/0xa20 [ 2346.110618] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2346.111042] kmem_cache_alloc+0x159/0x310 [ 2346.111395] getname_flags.part.0+0x50/0x4f0 [ 2346.111760] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2346.112230] user_path_at_empty+0xa1/0x100 [ 2346.112585] __x64_sys_umount+0xf8/0x190 [ 2346.112925] ? path_umount+0x1170/0x1170 [ 2346.113270] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2346.113710] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2346.114138] do_syscall_64+0x33/0x40 [ 2346.114450] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2346.114872] RIP: 0033:0x7f17b20d5b19 [ 2346.115179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2346.116678] RSP: 002b:00007f17af64b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2346.117306] RAX: ffffffffffffffda RBX: 00007f17b21e8f60 RCX: 00007f17b20d5b19 [ 2346.117888] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000200000c0 [ 2346.118470] RBP: 00007f17af64b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2346.119049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2346.119631] R13: 00007fff795c125f R14: 00007f17af64b300 R15: 0000000000022000 01:18:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 7) 01:18:32 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x900000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:18:32 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x40000000) socket$inet_icmp(0x2, 0x2, 0x1) 01:18:32 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) (fail_nth: 3) 01:18:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:32 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xa00, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) fstatfs(r0, &(0x7f0000000000)=""/46) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @loopback}, &(0x7f00000000c0)=0xc) r2 = socket$inet(0x2, 0xa, 0xffffe8ba) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r4, r3) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x1}}, 0x0, 0xffffffffffffffff, r3, 0x0) dup3(r2, r1, 0x0) 01:18:32 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000033c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000200)={0x0, 0x54, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000002500000008000300", @ANYRES32=r3, @ANYBLOB="0000990000000000000000000a0006005050505050500000080035000000000075b4562b9897332148ed9a0ec02fda20db4e00660ba75b38c266704ebace287f4fb1d382ca9578723db7074b9e767e14856f6ab50216187e92f6749f9982c99e09fd2f7bddb02a9a1fd85ba167f02d779712ed12131b82c74852b47e7d92402e7247cf2ffe05206d855e35502fa2f8173db8a1c616087e0c4c811e4561b53ddf07417e8abf066db581da48a89f4f619d009dd855c15784e2024e3320389c4f0abf917c44051b9fa401f5c169108149769ad38001f3da5537f0db53e624567a6720d40c4d85cd74b27d03aec92ec976724ece0800f23b46625a9300"/263], 0x30}}, 0x0) [ 2363.949878] FAULT_INJECTION: forcing a failure. [ 2363.949878] name failslab, interval 1, probability 0, space 0, times 0 [ 2363.951497] CPU: 1 PID: 11660 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2363.952485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2363.953705] Call Trace: [ 2363.954055] dump_stack+0x107/0x167 [ 2363.954524] should_fail.cold+0x5/0xa [ 2363.955014] ? ip_options_get+0xa5/0x430 [ 2363.955540] should_failslab+0x5/0x20 [ 2363.956035] __kmalloc+0x72/0x390 [ 2363.956494] ? __is_insn_slot_addr+0x123/0x290 [ 2363.957097] ip_options_get+0xa5/0x430 [ 2363.957600] ? unwind_next_frame+0x13ef/0x1a90 [ 2363.958188] ? ip_options_undo+0x460/0x460 [ 2363.958737] ? arch_stack_walk+0x99/0xf0 [ 2363.959258] ? mark_lock+0xf5/0x2df0 [ 2363.959739] ip_cmsg_send+0x888/0xa50 [ 2363.960219] ? arch_stack_walk+0x99/0xf0 [ 2363.960760] raw_sendmsg+0xc0a/0x29d0 [ 2363.961264] ? dst_output+0x170/0x170 [ 2363.961752] ? __lock_acquire+0x1657/0x5b00 [ 2363.962320] ? perf_trace_lock+0xac/0x490 [ 2363.962851] ? SOFTIRQ_verbose+0x10/0x10 [ 2363.963374] ? __lockdep_reset_lock+0x180/0x180 [ 2363.963962] ? sock_has_perm+0x1ea/0x280 [ 2363.964480] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2363.965317] ? find_held_lock+0x2c/0x110 [ 2363.965840] ? trace_hardirqs_on+0x5b/0x180 [ 2363.966388] ? dst_output+0x170/0x170 [ 2363.967034] inet_sendmsg+0x11d/0x140 [ 2363.967660] ? inet_send_prepare+0x540/0x540 [ 2363.968220] __sock_sendmsg+0x13c/0x190 [ 2363.968730] ____sys_sendmsg+0x334/0x870 [ 2363.969251] ? sock_write_iter+0x3d0/0x3d0 [ 2363.969785] ? do_recvmmsg+0x6d0/0x6d0 [ 2363.970285] ? perf_trace_lock+0xac/0x490 [ 2363.970808] ? __lockdep_reset_lock+0x180/0x180 [ 2363.971395] ? perf_trace_lock+0xac/0x490 [ 2363.971925] ___sys_sendmsg+0xf3/0x170 [ 2363.972430] ? sendmsg_copy_msghdr+0x160/0x160 [ 2363.973049] ? lock_downgrade+0x6d0/0x6d0 [ 2363.973577] ? lock_downgrade+0x6d0/0x6d0 [ 2363.974102] ? __fget_files+0x296/0x4c0 [ 2363.974620] ? __fget_light+0xea/0x290 [ 2363.975121] __sys_sendmmsg+0x195/0x470 [ 2363.975634] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2363.976183] ? lock_downgrade+0x6d0/0x6d0 [ 2363.976740] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2363.977354] ? wait_for_completion_io+0x270/0x270 [ 2363.977958] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2363.978649] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2363.979347] ? rcu_read_lock_any_held+0x75/0xa0 [ 2363.979932] ? __traceiter_irq_enable+0xc0/0xc0 [ 2363.980530] ? fput_many+0x2f/0x1a0 [ 2363.980999] ? trace_rcu_dyntick+0x2f/0x170 [ 2363.981565] __x64_sys_sendmmsg+0x99/0x100 [ 2363.982097] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2363.982760] do_syscall_64+0x33/0x40 [ 2363.983231] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2363.983882] RIP: 0033:0x7fe4a84d7b19 [ 2363.984356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2363.986606] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2363.987554] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2363.988446] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2363.989330] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2363.990210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2363.991087] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2363.995703] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2364.006060] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2364.015104] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2364.030820] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2364.031977] EXT4-fs (loop4): group descriptors corrupted! [ 2364.033103] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2364.039767] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.7'. 01:18:32 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x105142, 0x153) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x400) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x80040, 0x148) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r4, 0x0, 0x0, &(0x7f0000000100)={0x5618, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}}, {{0x2, 0x0, @broadcast}}}, 0x108) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000080)) dup2(0xffffffffffffffff, r3) write(r2, &(0x7f0000000240)="01", 0x1) openat(r1, &(0x7f0000000380)='./file1\x00', 0x20800, 0x1ab) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x10) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r0, r1, 0x0, 0x20d314) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000400), 0x12800, 0x0) [ 2364.072724] FAULT_INJECTION: forcing a failure. [ 2364.072724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2364.074360] CPU: 1 PID: 11676 Comm: syz-executor.6 Not tainted 5.10.218 #1 [ 2364.075360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2364.076342] Call Trace: [ 2364.076679] dump_stack+0x107/0x167 [ 2364.077117] should_fail.cold+0x5/0xa [ 2364.077587] strncpy_from_user+0x34/0x470 [ 2364.078145] getname_flags.part.0+0x95/0x4f0 [ 2364.078744] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2364.079385] user_path_at_empty+0xa1/0x100 [ 2364.079887] __x64_sys_umount+0xf8/0x190 [ 2364.080364] ? path_umount+0x1170/0x1170 [ 2364.080854] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2364.081466] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2364.082068] do_syscall_64+0x33/0x40 [ 2364.082511] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2364.083104] RIP: 0033:0x7f17b20d5b19 [ 2364.083542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2364.085657] RSP: 002b:00007f17af62a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2364.086544] RAX: ffffffffffffffda RBX: 00007f17b21e9020 RCX: 00007f17b20d5b19 [ 2364.087403] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000200000c0 [ 2364.088234] RBP: 00007f17af62a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2364.089075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2364.089898] R13: 00007fff795c125f R14: 00007f17af62a300 R15: 0000000000022000 01:18:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4002}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:32 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xec0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:32 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2364.161719] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:18:32 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="34000000100001000600000000000000000000000500000000000000150000809be149f8326500000ad022cea3b5906ed71efbac71604114ae634a1d3f5b42332fdb1ddff6c996d594f336ad93897a4c7c7d052c951ff3b19a2ae8dfe7daae4433b91e5be24f079e43a9060d92545b09e4564c5100107341e4376c1319a3cb91015718c602f3acaab637ceb7852dafdf71f385cfa97aa0b4888bc38b88bda6372e3e68ad38b7f74f5579af15595a0c30cb611c48d698f5ab174fbc688112a84bc0f1ed5b30c703ba82fe7b97990c195cdd6e5a3ec6986122d762e9182637b26db43c04d57f6347516027"], 0x34}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_io_uring_setup(0x3167, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) r6 = io_uring_setup(0x3, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x3, 0x31f, 0x0, r1}) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco}, 0x0) r7 = eventfd2(0x8, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000000040)={0x3, 0x2}) io_uring_enter(r1, 0x76d3, 0x80, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffda, 0x6}, 0x4202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = fsmount(r5, 0x0, 0x8) execveat(r8, &(0x7f0000000180)='./file0\x00', &(0x7f00000005c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000bc0)='\x00\x80C\x107\xa64\xee\xbd*\xd4o\x8a?[\x98\xf29\xee\xc7\x90\x97\xaa\xc3\xc8Zq\xf3\x91\x04[S\\B2m=V\x89\x99\x96Q\xcaA\x18\xaf\xaf:\xf1\xab\x80\"\x7f\xb3\x18\xfe\xd7\xbd\xcd\xcdIf\xae\xb5\x87\xb8#\xe1\xbe\xec\xf0\t\xa1\xf7\xa7\xb1\x9d\xc7\xc2\xf0\x02\xaf\xc4\xd0@\xc2\x12\'\xb9\x9a\xea\x90e%\xe6\xd2E\x19E\x83\f\x1fe\xf3\x1d\xfd0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 8) [ 2364.310287] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2364.350241] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2364.350957] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 01:18:32 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.pending_reads\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x0) openat(r0, &(0x7f0000000100)='./file0\x00', 0x270f01, 0x49) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x101, 0x5, 0x42, 0x7, 0x3f}) r3 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) close(r3) perf_event_open(0x0, 0x0, 0xc, r3, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) write(r0, &(0x7f0000000200)="6e91949e6986d6f9d1ad772df216b114fbf1320ff0f3f0fd36c0545249a43323b6b98e9510c80fc21aa5ad1d2eb62300d9fa9788e5a3724fef182ce0b8d2db36a7933bb505dbdd5327e1f9909c080ba6ab5786fcd33fff3cfa4d4cc6306662d534c4c4b6ba3d00d3e8a463da875cf6dda0291876d8f66806ac3ce5521d885416a0ea6c5d003c508fcf8a806675e9f38f4134c802a6a60a95224781b5f7bf31ae121dfdd15cd32d717ff8ef8782", 0xad) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000340)) lseek(r2, 0x0, 0x2) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x128) copy_file_range(r4, 0x0, r2, 0x0, 0xffff, 0x0) [ 2364.452158] FAULT_INJECTION: forcing a failure. [ 2364.452158] name failslab, interval 1, probability 0, space 0, times 0 [ 2364.454789] CPU: 0 PID: 11698 Comm: syz-executor.6 Not tainted 5.10.218 #1 [ 2364.455915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2364.457234] Call Trace: 01:18:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x5400}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2364.457662] dump_stack+0x107/0x167 [ 2364.458372] should_fail.cold+0x5/0xa [ 2364.458965] ? __d_alloc+0x2a/0x990 [ 2364.459558] should_failslab+0x5/0x20 [ 2364.460155] kmem_cache_alloc+0x5b/0x310 [ 2364.460835] __d_alloc+0x2a/0x990 [ 2364.461442] d_alloc_parallel+0x111/0x1bc0 [ 2364.462187] ? __d_lookup_rcu+0x6d0/0x6d0 [ 2364.462876] ? SOFTIRQ_verbose+0x10/0x10 [ 2364.463543] ? lockdep_init_map_type+0x2c7/0x780 [ 2364.464308] ? lockref_get_not_dead+0x66/0x80 [ 2364.465096] ? lockdep_init_map_type+0x2c7/0x780 [ 2364.465893] __lookup_slow+0x193/0x490 [ 2364.466597] ? do_raw_spin_unlock+0x4f/0x220 [ 2364.467323] ? lookup_open.isra.0+0x1270/0x1270 [ 2364.468139] ? inode_permission+0xa4/0x380 [ 2364.468842] walk_component+0x41e/0x6a0 [ 2364.469528] ? handle_dots.part.0+0x15c0/0x15c0 [ 2364.470284] ? walk_component+0x6a0/0x6a0 [ 2364.470967] path_lookupat+0x1ba/0x860 [ 2364.471610] filename_lookup+0x1b1/0x570 [ 2364.472263] ? may_linkat+0x230/0x230 [ 2364.472904] ? __check_object_size+0x319/0x440 [ 2364.473686] ? strncpy_from_user+0x9e/0x470 [ 2364.474428] ? getname_flags.part.0+0x1dd/0x4f0 [ 2364.475173] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2364.476081] __x64_sys_umount+0xf8/0x190 [ 2364.476748] ? path_umount+0x1170/0x1170 [ 2364.477417] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2364.478269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2364.479136] do_syscall_64+0x33/0x40 [ 2364.479739] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2364.480581] RIP: 0033:0x7f17b20d5b19 [ 2364.481186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2364.484167] RSP: 002b:00007f17af64b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2364.485406] RAX: ffffffffffffffda RBX: 00007f17b21e8f60 RCX: 00007f17b20d5b19 [ 2364.486557] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000200000c0 [ 2364.487706] RBP: 00007f17af64b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2364.488869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2364.490020] R13: 00007fff795c125f R14: 00007f17af64b300 R15: 0000000000022000 [ 2364.496844] FAULT_INJECTION: forcing a failure. [ 2364.496844] name failslab, interval 1, probability 0, space 0, times 0 [ 2364.498720] CPU: 0 PID: 11699 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2364.499843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2364.501204] Call Trace: [ 2364.501642] dump_stack+0x107/0x167 [ 2364.502243] should_fail.cold+0x5/0xa [ 2364.502872] ? create_object.isra.0+0x3a/0xa20 [ 2364.503619] should_failslab+0x5/0x20 [ 2364.504243] kmem_cache_alloc+0x5b/0x310 [ 2364.504918] ? unwind_next_frame+0x13ef/0x1a90 [ 2364.505670] create_object.isra.0+0x3a/0xa20 [ 2364.506388] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2364.507219] __kmalloc+0x16e/0x390 [ 2364.507799] ? __is_insn_slot_addr+0x123/0x290 [ 2364.508648] ip_options_get+0xa5/0x430 [ 2364.509381] ? unwind_next_frame+0x13ef/0x1a90 [ 2364.510125] ? ip_options_undo+0x460/0x460 [ 2364.510809] ? arch_stack_walk+0x99/0xf0 [ 2364.511460] ? mark_lock+0xf5/0x2df0 [ 2364.512068] ip_cmsg_send+0x888/0xa50 [ 2364.512689] ? arch_stack_walk+0x99/0xf0 [ 2364.513357] raw_sendmsg+0xc0a/0x29d0 [ 2364.513988] ? dst_output+0x170/0x170 [ 2364.514596] ? __lock_acquire+0x1657/0x5b00 [ 2364.515311] ? perf_trace_lock+0xac/0x490 [ 2364.515979] ? SOFTIRQ_verbose+0x10/0x10 [ 2364.516664] ? __lockdep_reset_lock+0x180/0x180 [ 2364.517422] ? sock_has_perm+0x1ea/0x280 [ 2364.518078] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2364.518895] ? find_held_lock+0x2c/0x110 [ 2364.519569] ? trace_hardirqs_on+0x5b/0x180 [ 2364.520272] ? dst_output+0x170/0x170 [ 2364.520896] inet_sendmsg+0x11d/0x140 [ 2364.521516] ? inet_send_prepare+0x540/0x540 [ 2364.522229] __sock_sendmsg+0x13c/0x190 [ 2364.522876] ____sys_sendmsg+0x334/0x870 [ 2364.523537] ? sock_write_iter+0x3d0/0x3d0 [ 2364.524219] ? do_recvmmsg+0x6d0/0x6d0 [ 2364.524858] ? perf_trace_lock+0xac/0x490 [ 2364.525534] ? __lockdep_reset_lock+0x180/0x180 [ 2364.526284] ? perf_trace_lock+0xac/0x490 [ 2364.526958] ___sys_sendmsg+0xf3/0x170 [ 2364.527593] ? sendmsg_copy_msghdr+0x160/0x160 [ 2364.528340] ? lock_downgrade+0x6d0/0x6d0 [ 2364.529034] ? __fget_files+0x296/0x4c0 [ 2364.529685] ? __fget_light+0xea/0x290 [ 2364.530327] __sys_sendmmsg+0x195/0x470 [ 2364.530973] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2364.531671] ? lock_downgrade+0x6d0/0x6d0 [ 2364.532349] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2364.533169] ? perf_trace_preemptirq_template+0x266/0x400 [ 2364.534052] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2364.534939] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2364.535823] ? __traceiter_irq_enable+0xc0/0xc0 [ 2364.536579] ? fput_many+0x2f/0x1a0 [ 2364.537170] ? trace_rcu_dyntick+0x2f/0x170 [ 2364.537877] __x64_sys_sendmmsg+0x99/0x100 [ 2364.538559] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2364.539386] do_syscall_64+0x33/0x40 [ 2364.539991] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2364.540815] RIP: 0033:0x7fe4a84d7b19 [ 2364.541419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2364.544338] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2364.545580] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2364.546734] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2364.547885] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2364.549025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2364.550169] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2364.582461] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 01:18:50 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:18:50 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0xff030000) socket$inet_icmp(0x2, 0x2, 0x1) 01:18:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x6200}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:50 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 9) 01:18:50 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf00, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:50 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) (fail_nth: 5) 01:18:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0xa0040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) dup2(r0, r4) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='autofs\x00', 0x0, 0x0) 01:18:50 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x40086602, 0xfffffffffffffffd) chdir(&(0x7f0000000040)='./file0\x00') fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time\x00', 0x0, 0x0) fstatfs(r1, &(0x7f0000000300)=""/196) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x40, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3}, 0x0, 0x4, 0xffffff7f, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000c80)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000cc0)='./file0/../file0\x00', 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x100200, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0xb, 0x8) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={0x0, @initdev, @broadcast}, &(0x7f0000000280)=0xc) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRESOCT=r0, @ANYBLOB="8caf738e3748b056c6e66aefd7db7bc1d2df2a081ab7732589f79844f798a646f0bd588d3f5b68955e6ebdfb2bf977c096997c71f918df6e7c74c9e27e82fa838dbfe59925cc4fe84bd464b098194e56d521fa10bf58bd31474520c39b550f24958a567b49c6d2df2555c7868f862c19f86f6f0603de14f1713c013ed6b542264a96bf933922cf8e8ea6d9402f69fbda8ec76133e8946ebc6fecd037fe19731b9fda4c61a0b0a9404ac1ccf17c55aef00ce34b3d1f34075aadb06c17fce6a9865b94508ce4bc1d5147dd3a5e2915175105aa23ece287a9a6bb49268e3e35ff787b86daf263a89698c060eaf194a03480658d", @ANYRESDEC=0x0]) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, @out_args}, './file1/file0\x00'}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000140), 0x4) open_tree(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x901) sendfile(r2, r4, 0x0, 0x100000001) [ 2382.853850] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2382.857146] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2382.860582] FAULT_INJECTION: forcing a failure. [ 2382.860582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2382.862453] CPU: 1 PID: 11726 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2382.863502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2382.864723] Call Trace: [ 2382.865158] dump_stack+0x107/0x167 [ 2382.865758] should_fail.cold+0x5/0xa [ 2382.866447] _copy_from_iter_full+0x201/0xa60 [ 2382.867118] raw_sendmsg+0x1d0f/0x29d0 [ 2382.867744] ? dst_output+0x170/0x170 [ 2382.868293] ? __lock_acquire+0x1657/0x5b00 [ 2382.868936] ? perf_trace_lock+0xac/0x490 [ 2382.869540] ? SOFTIRQ_verbose+0x10/0x10 [ 2382.870124] ? __lockdep_reset_lock+0x180/0x180 [ 2382.870899] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2382.871794] ? find_held_lock+0x2c/0x110 [ 2382.872452] ? trace_hardirqs_on+0x5b/0x180 [ 2382.873130] ? dst_output+0x170/0x170 [ 2382.873724] inet_sendmsg+0x11d/0x140 [ 2382.874273] ? inet_send_prepare+0x540/0x540 [ 2382.875075] __sock_sendmsg+0x13c/0x190 [ 2382.875736] ____sys_sendmsg+0x334/0x870 [ 2382.876365] ? sock_write_iter+0x3d0/0x3d0 [ 2382.877126] ? do_recvmmsg+0x6d0/0x6d0 [ 2382.877745] ? perf_trace_lock+0xac/0x490 [ 2382.878365] ? __lockdep_reset_lock+0x180/0x180 [ 2382.879120] ? perf_trace_lock+0xac/0x490 [ 2382.879822] ___sys_sendmsg+0xf3/0x170 [ 2382.880469] ? sendmsg_copy_msghdr+0x160/0x160 [ 2382.881252] ? lock_downgrade+0x6d0/0x6d0 [ 2382.881940] ? lock_downgrade+0x6d0/0x6d0 [ 2382.882539] ? __fget_files+0x296/0x4c0 [ 2382.883223] ? __fget_light+0xea/0x290 [ 2382.883920] __sys_sendmmsg+0x195/0x470 [ 2382.884561] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2382.885205] ? lock_downgrade+0x6d0/0x6d0 [ 2382.885860] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2382.886585] ? wait_for_completion_io+0x270/0x270 [ 2382.887273] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2382.888050] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2382.888843] ? rcu_read_lock_any_held+0x75/0xa0 [ 2382.889505] ? __traceiter_irq_enable+0xc0/0xc0 [ 2382.890167] ? fput_many+0x2f/0x1a0 [ 2382.890697] ? trace_rcu_dyntick+0x2f/0x170 [ 2382.891331] __x64_sys_sendmmsg+0x99/0x100 [ 2382.891938] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2382.892676] do_syscall_64+0x33/0x40 [ 2382.893225] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2382.893958] RIP: 0033:0x7fe4a84d7b19 [ 2382.894501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2382.897100] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2382.898178] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2382.899191] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2382.900214] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2382.901258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2382.902292] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2382.920509] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2382.922014] EXT4-fs (loop4): group descriptors corrupted! [ 2382.923760] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2382.925058] autofs4:pid:11730:autofs_fill_super: called with bogus options [ 2382.927675] FAULT_INJECTION: forcing a failure. [ 2382.927675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2382.929862] CPU: 1 PID: 11732 Comm: syz-executor.6 Not tainted 5.10.218 #1 [ 2382.930890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2382.932113] Call Trace: [ 2382.932523] dump_stack+0x107/0x167 [ 2382.933089] should_fail.cold+0x5/0xa [ 2382.933677] _copy_from_user+0x2e/0x1b0 [ 2382.934286] kstrtouint_from_user+0xbd/0x220 [ 2382.934951] ? kstrtou8_from_user+0x210/0x210 [ 2382.935642] ? lock_acquire+0x197/0x470 [ 2382.936246] ? ksys_write+0x12d/0x260 [ 2382.936863] proc_fail_nth_write+0x78/0x220 [ 2382.937519] ? proc_task_getattr+0x1f0/0x1f0 [ 2382.938184] ? __fget_files+0x296/0x4c0 [ 2382.938806] ? proc_task_getattr+0x1f0/0x1f0 [ 2382.939468] vfs_write+0x29a/0xa70 [ 2382.940019] ksys_write+0x12d/0x260 [ 2382.940573] ? __ia32_sys_read+0xb0/0xb0 [ 2382.941200] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2382.941994] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2382.942778] do_syscall_64+0x33/0x40 [ 2382.943341] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2382.944103] RIP: 0033:0x7f17b20885ff [ 2382.944678] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2382.947376] RSP: 002b:00007f17af62a170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2382.948519] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17b20885ff [ 2382.949584] RDX: 0000000000000001 RSI: 00007f17af62a1e0 RDI: 0000000000000005 [ 2382.950634] RBP: 00007f17af62a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2382.951691] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2382.952751] R13: 00007fff795c125f R14: 00007f17af62a300 R15: 0000000000022000 01:18:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x80fe}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:18:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 10) [ 2383.055342] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:18:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4800, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:18:51 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:18:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:18:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xc0fe}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2383.243600] FAULT_INJECTION: forcing a failure. [ 2383.243600] name failslab, interval 1, probability 0, space 0, times 0 [ 2383.245317] CPU: 1 PID: 11739 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2383.246330] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2383.247546] Call Trace: [ 2383.247959] dump_stack+0x107/0x167 [ 2383.248513] should_fail.cold+0x5/0xa [ 2383.249104] ? dst_alloc+0x9e/0x5d0 [ 2383.249661] should_failslab+0x5/0x20 [ 2383.250233] kmem_cache_alloc+0x5b/0x310 [ 2383.250855] dst_alloc+0x9e/0x5d0 [ 2383.251376] ? trace_hardirqs_on+0x5b/0x180 [ 2383.252030] rt_dst_alloc+0x73/0x440 [ 2383.252597] ip_route_output_key_hash_rcu+0x93d/0x2a90 [ 2383.253402] ip_route_output_key_hash+0x18d/0x340 [ 2383.254123] ? ip_route_output_key_hash_rcu+0x2a90/0x2a90 [ 2383.254960] ? _copy_from_iter_full+0x27c/0xa60 [ 2383.255674] ip_route_output_flow+0x23/0x150 [ 2383.256340] raw_sendmsg+0x930/0x29d0 [ 2383.256944] ? dst_output+0x170/0x170 [ 2383.257519] ? __lock_acquire+0x1657/0x5b00 [ 2383.258190] ? perf_trace_lock+0xac/0x490 [ 2383.258812] ? SOFTIRQ_verbose+0x10/0x10 [ 2383.259428] ? __lockdep_reset_lock+0x180/0x180 [ 2383.260138] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2383.260909] ? find_held_lock+0x2c/0x110 [ 2383.261546] ? trace_hardirqs_on+0x5b/0x180 [ 2383.262200] ? dst_output+0x170/0x170 [ 2383.262777] inet_sendmsg+0x11d/0x140 [ 2383.263349] ? inet_send_prepare+0x540/0x540 [ 2383.264004] __sock_sendmsg+0x13c/0x190 [ 2383.264607] ____sys_sendmsg+0x334/0x870 [ 2383.265227] ? sock_write_iter+0x3d0/0x3d0 [ 2383.265862] ? do_recvmmsg+0x6d0/0x6d0 [ 2383.266451] ? perf_trace_lock+0xac/0x490 [ 2383.267094] ? __lockdep_reset_lock+0x180/0x180 [ 2383.267792] ? perf_trace_lock+0xac/0x490 [ 2383.268429] ___sys_sendmsg+0xf3/0x170 [ 2383.269037] ? sendmsg_copy_msghdr+0x160/0x160 [ 2383.269734] ? lock_downgrade+0x6d0/0x6d0 [ 2383.270369] ? lock_downgrade+0x6d0/0x6d0 [ 2383.270999] ? __fget_files+0x296/0x4c0 [ 2383.271618] ? __fget_light+0xea/0x290 [ 2383.272218] __sys_sendmmsg+0x195/0x470 [ 2383.272839] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2383.273490] ? lock_downgrade+0x6d0/0x6d0 [ 2383.274138] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2383.274871] ? wait_for_completion_io+0x270/0x270 [ 2383.275593] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2383.276416] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2383.277245] ? rcu_read_lock_any_held+0x75/0xa0 [ 2383.277939] ? __traceiter_irq_enable+0xc0/0xc0 [ 2383.278635] ? fput_many+0x2f/0x1a0 [ 2383.279199] ? trace_rcu_dyntick+0x2f/0x170 [ 2383.279858] __x64_sys_sendmmsg+0x99/0x100 [ 2383.280493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2383.281274] do_syscall_64+0x33/0x40 [ 2383.281838] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2383.282603] RIP: 0033:0x7fe4a84d7b19 [ 2383.283162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2383.285841] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2383.286970] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2383.288021] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2383.289085] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2383.290141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2383.291199] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2383.319367] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2383.333273] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2383.491136] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2383.525515] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2383.711163] autofs4:pid:11754:autofs_fill_super: called with bogus options 01:19:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe803}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:19:08 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80001}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x158, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3f}}, {0x6}}]}, 0x158}, 0x1, 0x0, 0x0, 0x808}, 0x20008000) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(r1, 0x0, 0x622040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x2000, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000002c0)) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000040)=0x40, 0x4) copy_file_range(r3, 0x0, r2, 0x0, 0x10001, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0) sendfile(r2, r4, 0x0, 0x20d315) 01:19:08 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x2) 01:19:08 executing program 7: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000400)={0xffffffffffffffff, 0x100, 0x100, 0x4}) ioctl$HIDIOCGRAWPHYS(r0, 0x80404805, &(0x7f0000000440)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') readv(r1, &(0x7f0000000280)=[{&(0x7f0000001e00)=""/4098, 0x1002}], 0x1) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000040)='.\x00', 0x2000003) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) dup3(r3, r2, 0x0) sendmsg$IPSET_CMD_DEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x120, 0xa, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x9}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_ADT={0x90, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="b139c3e4ee22"}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e24}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x3}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x9, 0x1a, 'uname'}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010100}}}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x401}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x50, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x40}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x2}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x3f}}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x48e0}, 0x80) syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2410d0, &(0x7f0000000100)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@uname={'uname', 0x3d, '.'}}, {@access_user}, {@debug={'debug', 0x3d, 0xfff}}, {@noextend}], [{@euid_eq={'euid', 0x3d, 0xee00}}]}}) fcntl$getown(0xffffffffffffffff, 0x9) fsmount(r4, 0x0, 0x70) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 01:19:08 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4c00, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:19:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 11) 01:19:08 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0xffffff7f) socket$inet_icmp(0x2, 0x2, 0x1) 01:19:08 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2400.475869] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2400.488251] FAULT_INJECTION: forcing a failure. [ 2400.488251] name failslab, interval 1, probability 0, space 0, times 0 [ 2400.490238] CPU: 1 PID: 11773 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2400.491365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2400.492826] Call Trace: [ 2400.493274] dump_stack+0x107/0x167 [ 2400.493881] should_fail.cold+0x5/0xa [ 2400.494510] ? create_object.isra.0+0x3a/0xa20 [ 2400.495250] should_failslab+0x5/0x20 [ 2400.495872] kmem_cache_alloc+0x5b/0x310 [ 2400.496544] ? lock_acquire+0x197/0x470 [ 2400.497219] create_object.isra.0+0x3a/0xa20 [ 2400.497949] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2400.498608] kmem_cache_alloc+0x159/0x310 [ 2400.499296] dst_alloc+0x9e/0x5d0 [ 2400.499857] ? trace_hardirqs_on+0x5b/0x180 [ 2400.500560] rt_dst_alloc+0x73/0x440 [ 2400.501183] ip_route_output_key_hash_rcu+0x93d/0x2a90 [ 2400.502053] ip_route_output_key_hash+0x18d/0x340 [ 2400.502834] ? ip_route_output_key_hash_rcu+0x2a90/0x2a90 [ 2400.503724] ? _copy_from_iter_full+0x27c/0xa60 [ 2400.504489] ip_route_output_flow+0x23/0x150 [ 2400.505212] raw_sendmsg+0x930/0x29d0 [ 2400.505839] ? dst_output+0x170/0x170 [ 2400.506454] ? __lock_acquire+0x1657/0x5b00 [ 2400.507168] ? perf_trace_lock+0xac/0x490 [ 2400.507839] ? SOFTIRQ_verbose+0x10/0x10 [ 2400.508360] ? __lockdep_reset_lock+0x180/0x180 [ 2400.509125] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2400.509947] ? find_held_lock+0x2c/0x110 [ 2400.510619] ? trace_hardirqs_on+0x5b/0x180 [ 2400.511323] ? dst_output+0x170/0x170 [ 2400.511942] inet_sendmsg+0x11d/0x140 [ 2400.512556] ? inet_send_prepare+0x540/0x540 [ 2400.513185] __sock_sendmsg+0x13c/0x190 [ 2400.513660] ____sys_sendmsg+0x334/0x870 [ 2400.514144] ? sock_write_iter+0x3d0/0x3d0 [ 2400.514645] ? do_recvmmsg+0x6d0/0x6d0 [ 2400.515113] ? perf_trace_lock+0xac/0x490 [ 2400.515610] ? __lockdep_reset_lock+0x180/0x180 [ 2400.516160] ? perf_trace_lock+0xac/0x490 [ 2400.516689] ___sys_sendmsg+0xf3/0x170 [ 2400.517182] ? sendmsg_copy_msghdr+0x160/0x160 [ 2400.517728] ? lock_downgrade+0x6d0/0x6d0 [ 2400.518230] ? lock_downgrade+0x6d0/0x6d0 [ 2400.518732] ? __fget_files+0x296/0x4c0 [ 2400.519217] ? __fget_light+0xea/0x290 [ 2400.519693] __sys_sendmmsg+0x195/0x470 [ 2400.520169] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2400.520680] ? lock_downgrade+0x6d0/0x6d0 [ 2400.521312] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2400.521934] ? wait_for_completion_io+0x270/0x270 [ 2400.522632] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2400.523290] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2400.524112] ? rcu_read_lock_any_held+0x75/0xa0 [ 2400.524741] ? __traceiter_irq_enable+0xc0/0xc0 [ 2400.525464] ? fput_many+0x2f/0x1a0 [ 2400.525924] ? trace_rcu_dyntick+0x2f/0x170 [ 2400.526596] __x64_sys_sendmmsg+0x99/0x100 [ 2400.527198] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2400.527921] do_syscall_64+0x33/0x40 [ 2400.528484] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2400.529124] RIP: 0033:0x7fe4a84d7b19 [ 2400.529651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2400.532102] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2400.533198] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2400.534164] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2400.535035] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2400.536055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2400.536937] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2400.546514] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2400.555845] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2400.567539] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2400.568915] EXT4-fs (loop4): group descriptors corrupted! 01:19:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xf401}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2400.574346] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2400.633968] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2400.635176] EXT4-fs (loop4): group descriptors corrupted! 01:19:08 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x3) 01:19:08 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6800, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:19:08 executing program 7: r0 = openat(0xffffffffffffffff, 0x0, 0x2, 0x200) openat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x14) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=""/255) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x65) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0x2, 0x3}, 0x6) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r4, 0x406, 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r5) write$bt_hci(r1, &(0x7f0000002d00)=ANY=[@ANYRES64=r6], 0x6) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r7, 0x40086607, &(0x7f0000000040)={0x80000}) 01:19:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfc00}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:19:08 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1004000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2400.817372] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2400.875810] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2400.887835] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2400.926794] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2400.927667] EXT4-fs (loop4): group descriptors corrupted! [ 2400.940631] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2400.960482] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2400.961346] EXT4-fs (loop4): group descriptors corrupted! 01:19:25 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1100000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:19:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfe80}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:19:25 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x4000000000000) socket$inet_icmp(0x2, 0x2, 0x1) 01:19:25 executing program 1: r0 = syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='romfs\x00', 0x40000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x82040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x8000, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x107100, 0x0) read(r3, &(0x7f0000000000), 0x1b4000) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000180)={@loopback, 0x0, r6}) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r7, 0x29, 0x41, &(0x7f00000000c0)={'security\x00', 0x39, "2e61a3327d7ddab4d485d3e248d23102301fd90c51e443935d348d067f8abc99b6387b60b76ea3258b8fd6345b7a8a8a5a7e3511e2fee09c89"}, &(0x7f00000001c0)=0x5d) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private2, 0xfffffc01}, 0x1c) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5e, 0x1000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x0, 0xfff}, 0x0, 0x7, 0x1004, 0x0, 0xfffffffffffffffe}, 0x0, 0xb, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8914, &(0x7f0000000140)={'lo\x00'}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000018c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd, 0xe0, 0x0, 0x1, 0x2, 0x1}, 0x3) 01:19:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6c00, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:19:25 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x4) 01:19:25 executing program 7: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x10000, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x1) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$CDROMRESET(r0, 0x5312) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) r1 = openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CDROM_DISC_STATUS(r0, 0x5327) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffffff9) mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1800000, 0x20010, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x802, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) finit_module(r2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100004030000000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="ee01000200f2aff0712374e8d68f911915732e6d800b27588ccecd00"/40]) read$eventfd(r3, &(0x7f0000000100), 0x8) r4 = creat(&(0x7f0000000000)='./file0\x00', 0x8) write$P9_RUNLINKAT(r4, &(0x7f0000000040)={0x7}, 0x7) fallocate(r4, 0x20, 0x0, 0x8000) 01:19:25 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 12) [ 2417.522123] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2417.530833] FAULT_INJECTION: forcing a failure. [ 2417.530833] name failslab, interval 1, probability 0, space 0, times 0 [ 2417.533210] CPU: 1 PID: 11828 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2417.534423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2417.535784] Call Trace: [ 2417.536187] dump_stack+0x107/0x167 [ 2417.536715] should_fail.cold+0x5/0xa [ 2417.537299] ? ip_setup_cork+0x6ea/0x930 [ 2417.537989] should_failslab+0x5/0x20 [ 2417.538624] kmem_cache_alloc_trace+0x55/0x320 [ 2417.539332] ? lock_release+0x680/0x680 [ 2417.539924] ip_setup_cork+0x6ea/0x930 [ 2417.540515] ? raw_destroy+0x30/0x30 [ 2417.541069] ip_append_data+0x167/0x1a0 [ 2417.541668] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2417.542447] raw_sendmsg+0xaa6/0x29d0 [ 2417.543035] ? dst_output+0x170/0x170 [ 2417.543711] ? __lock_acquire+0x1657/0x5b00 [ 2417.544547] ? perf_trace_lock+0xac/0x490 [ 2417.545264] ? SOFTIRQ_verbose+0x10/0x10 [ 2417.545863] ? __lockdep_reset_lock+0x180/0x180 [ 2417.546558] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2417.547320] ? find_held_lock+0x2c/0x110 [ 2417.547947] ? trace_hardirqs_on+0x5b/0x180 [ 2417.548599] ? dst_output+0x170/0x170 [ 2417.549174] inet_sendmsg+0x11d/0x140 [ 2417.549737] ? inet_send_prepare+0x540/0x540 [ 2417.550392] __sock_sendmsg+0x13c/0x190 [ 2417.550988] ____sys_sendmsg+0x334/0x870 [ 2417.551591] ? sock_write_iter+0x3d0/0x3d0 [ 2417.552211] ? do_recvmmsg+0x6d0/0x6d0 [ 2417.552793] ? perf_trace_lock+0xac/0x490 [ 2417.553420] ? __lockdep_reset_lock+0x180/0x180 [ 2417.554114] ? perf_trace_lock+0xac/0x490 [ 2417.554714] ___sys_sendmsg+0xf3/0x170 [ 2417.555287] ? sendmsg_copy_msghdr+0x160/0x160 [ 2417.555968] ? lock_downgrade+0x6d0/0x6d0 [ 2417.556592] ? lock_downgrade+0x6d0/0x6d0 [ 2417.557223] ? __fget_files+0x296/0x4c0 [ 2417.557832] ? __fget_light+0xea/0x290 [ 2417.558431] __sys_sendmmsg+0x195/0x470 [ 2417.559027] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2417.559667] ? lock_downgrade+0x6d0/0x6d0 [ 2417.560309] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2417.561036] ? wait_for_completion_io+0x270/0x270 [ 2417.561765] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2417.562579] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2417.563398] ? rcu_read_lock_any_held+0x75/0xa0 [ 2417.564190] ? __traceiter_irq_enable+0xc0/0xc0 [ 2417.565070] ? fput_many+0x2f/0x1a0 [ 2417.565693] ? trace_rcu_dyntick+0x2f/0x170 [ 2417.566480] __x64_sys_sendmmsg+0x99/0x100 [ 2417.567356] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2417.568172] do_syscall_64+0x33/0x40 [ 2417.568839] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2417.569799] RIP: 0033:0x7fe4a84d7b19 [ 2417.570426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2417.573732] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2417.575009] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2417.576280] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2417.577598] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2417.578847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2417.580034] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:19:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfec0}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2417.589157] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2417.606256] Module has invalid ELF structures [ 2417.613764] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2417.615210] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2417.616793] EXT4-fs (loop4): group descriptors corrupted! [ 2417.641747] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:19:25 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/packet\x00') dup3(r3, r2, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)={'L+', 0x7fffffff}, 0x16, 0x0) r4 = syz_mount_image$ext4(0x0, &(0x7f00000002c0)='./file0/file0\x00', 0x10000000000, 0x0, 0x0, 0xc0000, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) getdents64(0xffffffffffffffff, &(0x7f00000000c0)=""/149, 0x95) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000400)=ANY=[@ANYBLOB="001800001cf4d4447646b37bb9ab2b3b8d7d4ebbce54cdb6a46100008bfca0642cf5010100000000000074c740080d8836cc2100ada6b9397961091969756aef14a8673fa1ff20091748b7a93ee050ba01fce41747b1d0c478b26a8cf4a3d10c128e090499d6b7a2c7d853cbc539556410313c9d9adcdce087d7a4bac9d20f094728a0e7e3421d17d84cadda33dcd71483e2f4a2ecd2b9070a655c862b8220de8a5b388a48068270221820a47488219ba25005cde7e5e06d00"/208, @ANYRESDEC=r1, @ANYRESOCT=r4]) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000280), 0xc20, 0x0) ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1000ffff, 0x0, "0489fdc1843fc745ea52a5fff7962e807836db"}) open(&(0x7f0000000080)='./file0/file0\x00', 0x50000, 0x0) read(0xffffffffffffffff, &(0x7f0000000540)=""/250, 0xfa) unshare(0x48020200) 01:19:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7400, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2417.694293] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2417.695258] EXT4-fs (loop4): group descriptors corrupted! 01:19:25 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 13) [ 2417.724944] Module has invalid ELF structures 01:19:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xff00}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:19:25 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x5) [ 2417.783725] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2417.794727] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:19:26 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000100)=0x6e, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0xf0540, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) r2 = perf_event_open(&(0x7f0000000240)={0x3, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff7}, 0x2800, 0x80000, 0xfffffffd, 0x0, 0x6, 0x8, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffbfff, r1, 0x0) fchmod(0xffffffffffffffff, 0x54) r3 = dup(r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fdatasync(r4) sendmsg$nl_generic(r3, &(0x7f0000001a00)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001e00)=ANY=[@ANYBLOB="0c160000210000022bbd7000fcdbdf2508000000080090000000f8ff08007000", @ANYRES32=r2, @ANYBLOB="ea01608008002a00ffffff7f7b2d3354d24f8908a964ed4aa2aa4661f51df2bd71bd79a8efd7b62c1bdadd7f342b3f3076c736b5526df70e13e620d185bbbd20f5068f2cac29fd5794e9e269a72c263b6f14f3593f3a324af3a27d0d61b319c4a2e16d5b76d48badd2b03ceedb1c3332348d5736c6b0e4f215065e0b30d55059dca6af7695149e41ee1cbcbdf345c4987ed2b6521a3c4c85d7967f3604fa2f186ebec9120cdce3f429e41e1270ac4ee01c437ed4a7ee74636e2c227499831ed48ca67bc7d343768cf8be77082e896afe557012b92914eb107e891e55211ba7dbeef63ded6768a9b7fcf7f164cd238775ba8bd80c00070003000000000000000800210064010102b1cfde25e8fb3c5d37b8e1ba91c9fee1d902a340df5aa6b54b08009000ac1414bb0c006700ff07000000000000e9308747fbebdf0735b255933bd153bc0c14629208f546c6a4ee4dcd7bbee48eac327f4ff0503330fb81b21ba884a51d8f861f3b1cc5b5e796c8f966dfdf091c5a3c693eb74066c76910f39689a66dbb8c2b0dd7bea805297ad3d0c30b19b12fc75191c3b4ec45e52722539bb1e78629ab6ed38228c2c6726f728774bbcc8941a3ab3ec8bab527bffc20380ec4cf9101dcf9a469adf5ac590385ce8d12bb4f3b7148c87bff2face762fed31c3137c232119b624eb4fd000008001800eb0c00007e130480814ce8f3102595667bd26e90408994847524e6c7fb218a6d2cbe3adc7b17a8f577ddada2f17e641f193fdb9b667c2441c80ab398f21802752f3fb157bebafef8291cf667527658affbb2b8841e973da432eb00698ab2b37a3081a9f731370589a092b804af58a4f6d9e6aaee25f4a590dc379d063c99d9a263a4aecc33c007a3423e892c237a1d4044d17a9f15609f4f5e7d96bc56a00be485c4f742447bacd80646b0b746915981bf2d5fcf713d088415c862d7884634e86fd7478c6c7ad9386cbde55b4ec705d728bdd86bbebe66e0690c004200010000000000000008002300", @ANYRES32=r4, @ANYBLOB="6ca795c913e88f2bf3d6081e80f24336ff2cea4e5dd0b3bed222a04bbaa18979db0f003087862f14a2fa8dd9d7cf0ba3da0f3cfaeb4a0ed446c4f7c45c276157573326ce9831aff759d84dceae331208a7f688585c1eb5683c6c5ffea365bdf7eb370d28e5d3205fb7f56b531ba589c9abeda9e4d247d1777ab5d4ee07d6b65097d5b990a3ae67660cd18388227a0480b20740774bb91c08bbbc01a3960061a11f09721a042f13107040ef659769d80d1e205980f4c0200f922055a459825021958831824a82a5dbe120ce656e77f49ad9b1aaa800910069c8505d24570b764795ccc7dd1458feb600d8ea780b840303536a8f91f03ea313922a3f6070f86c08e73c94bdfbac573635b1c2d2e2b82a92e38d3e18db92bcdc2b5cf9c4b058b5383fe367e1155a43c332a2708368e7fba7ad22366a8b48f12e318f1b7f21e037bc5a6c2ed15cb6cf40e19f085af8a393b788de4191f8482f924ce2c7feab625f6ba784b832a84a348e4b01f2d2985bc92fc8d41557ba12f57184344a110701de78553e4128cdb5a0c9cbbab5e30ef94000633b56f4f2c7e1d3694ea76d07ed587ae15c92dc01ffe6801c994d8477385b9b4e9c12e9b6002084d7ba9cf20df3bba29214fdf48561c6ad98d8de4a8313042de75632fafdd415dad6a308b264999f5c65e7493b15f18518a0deb9076d17b38376b6b9ca18d690793585e0ff01087c7abe368c411562ebc6f288b0d18626d728d082d95c78dd9461c3e3330fade426887cbd83b5bf0fa7cc579497eddb2bf1a3b65ee90417ed8615ab2e185eb8d43e8955d520a7012fa5b55a4804f72153aaaa893be776681c4288cffdc2833b7e2ebf363125ce5f20328e47d073d431c40f9e4c327a58c7706b2956aeed26c5b5d081c12f35c895ce43dcd5d6642840cfac7267f666e74fc1249303b2bd2c53090b31de4d4ee6963ba6bb066cab521671cd939f04e6d206e0d48eb8d792dde565f989bbcd8947f1fc517071e115ca71f22aeab78428102d13a4a962d2a68e08ae995e7371498d32e391600955fb9901fe85f1bb5519219928101fa86d05818b9095d7134b0c96b189c8a635a35b8bcc9c54bfbdc460e591a2d4a87f37f49eccc2aa3484faf330294e461c6f59cf1fcaf1450ee1d9161b1d13ed605ecbf084f059b637d47c22718a18ff99a8f0a812e29de8006008722712bd428499b41c0001e1bfeda9494bd56d1ab213cba9d8544018aa8ab8fbe27e84976015f529e5cd17f5f6b20ecf9a61546f1e8e60c0393517f3e75f9c405016ff5128af0ba7331af880b14b7bc1ef0a7a064902d495aa055be555edf9ddf8b14602e32b733914f686a4bdce85719c429b35a8a8a41092a5d256e92ed33a54834309da637872bf8e1fb03452b76c24f2dbe8c988b85b13a7f243048d513b521df7808bff67f6ad757b5d9061f2ba3b9a3d32769596e0c9a1cf27a37e8d136b916e6b25bbb3295ffd1ee19a48441f8a0d7d69801e2c933b228522f5a432580fce06cc56f98109f92b85b23b8023d25f2ebbfbccf4ce767e73faa713814fab0d9ca70ff9fe9bb06d23d118292a15c2f3381a9b6e130bbf8c45d184bb1c6687deac98514ec2c1afd061d1fe9b5f49c7a2aed5192f4df1201b898376defbcafb56b00d83887c4634ffc38bed148e61cbe6057147551fd15f51dea4336727b4970477d90094db009619e6838aa48c1e1eac57d178912bfbe60d46ba96420901ffca64b2075ffe569136575ba3d7ab5d0902e95287e6b039dd9a005dcc229b491d5474b3ff7bcc3a758866b0fd75e3dba021e9589e3b926b1249c3e748f02f66d98d427a11c02f6c29beae06c9b15f4c175b5c8dbfdb969cc9f4d0f048cb51cc6d2fb8212113e3f1d32144d01e8168157be642b1972c604e7ca3fa2a0aa3f6d63df4f957cc1a7562d4f80a048f7e26cc5c42be256fb52ea2f63c39c025d7e7ee76a784daee44ee4b005e59077bb83f1659b707fbdf6dbd1b91cf9a53170d7c395fe2c0c2c2798e18e1a40be23aadb377ec6ce0c80c1c306def47e16174ee7497d3f3f9c3b3cceed4ee5f52bf63211171ff6d72928c145f84d8eb5afe2e145d87019c30ef328d8655e0b4253bb04851d99c611ed4d095bfbf90c74e4b420273ecae1f023a7b36f1576df793800f179d5d3827ce7afd024f62e47ae44c06eb6ec0d35168ec3cc9afcb7f09cf68a41776a1031b297723ba653ffece9005f0f88599a09b9f66682354095c571381249b83bef1600aa0eaa9cb3e047b1388d5acd2a46899dec33d969456fcf21e57ba6c95b111d7312bce61b1562c75c831a70d0c3a38eeb02a4a2b695801f45a1b5a6e1c06798324ed5b0d707cae91945052ddcc982627bdd352d8efc615bd544d8e98304f998e9ebc8fb7480597549fb2f6bcfd5e858814f0c10bb7e1da1319f98a9e04368a0b0e9432c7d8ae613331d67a8087984fac05c3e04fd60f553abd58998d5e2429af724a1e807ea77069389b1aab124c2f4c6fa15d4ddcf4be54533c5fd1643fd3b4904a8f9a0750a84b9cc6e836cc3562b001cf0fd803e67bcafe6ef0920a8d6c2b23e07d68c496d9c5c366abae19766b68cd31d62211f776562934dd9b568f9c89ed264c185d31a45cb5dfa3bfe4a11266130a1bb6e441c76b2c11fdb88872c552f17cffcf01a79fc0d96748ead26e3f535243ecfdcdda14db7b91e3065a2395947b7006e1c7324cd2e4a3e7ac3a8a3531a446013efe44a3cbf302fc6536677f68d95500b2276b690fe75ff0856e6e4392e56ad7051a1cfda1592e301d885aa144ad83a6f0adad1d14d33fd1728c7ade0ee6fcd82012d80cba3aad8fba96e04f57a8e5319e6a67def08dd46616c7bd07ea7235c3ac99604c7c4c7249cd23ffb910157cbd8dbacb3b9fb5c72bd4683833cc7844177e6ff5b0fb0a00e8f9a8cca2d4428ee46e5ddcd1d5c82c834d190b299d1b556e03bda54bff0074aefc87b5d8893c9ec696e2a1bec4a26c37508804ae9ec3685c3e6fca2937dcc4f7411d1dc9e1e0110d6b19c8bcacb732fc6b795cc32e3e2e45af9b81b06f297e7ebf8bd58a68cb76fe513dcca8a5e06b8a69a0fabe35fbe3935aeb23895f53093f6b6a2cea40d28ef0cc7d03bfb753c8afcf099e005d2b16eb9408245e8866a2cb8637804675bdb3cb885b4692c5d3003c3c57c048516ef8ae0f48aea2782f2daded7906fe02fc420a49a299faf03637cd7b52bc080d2afabd20657f25333d1c6c9665614ca6a601ed0cb130b5eb2e432e472ca987cd00d687746e94de559940652f0af2444161aa0cef2dd129e2d285806f92f778a89723ddbb7eb2168f2e62bae17243bb9ce739d5edab2d0f839a1b20c048b601482b99eba38aa0f61201013d9b905bb93fe85303648e1815c5fec4fac3767fcdcab1f0e910519493ba1ba8c406f8e687e70fbb960945744773d5d42c9835f63e5899a2990f48b323d2d9bd07e0f83c83ac5b47fbf08b8f7f3e3ff7c9230c7d92fe4aed45d40e456febc850813741cff0f2d92be6ed3ba8e537efaf8c9df476d498b9aab1996270220d57b6079660ed55c3c274da76419480861c17d9e777af37a349fe80088e4564eef3339c03e2d125e2622bace58ccf8f0c922da1db04a8f331107d060829afd10e1a5f60b7a1cded3551a6c734228ca8b1946bb3f2aae8012a3e3acb1ec83a8c638f623f1650e24e208dc9c248225da3a3649478829f7a2d2dd2abe66e4ef7aa5bf5e4e843bf02c717c4e827a66ec640abd92cd5a5d3c328318400d2735a3f1420c5e6bea39019531058965e47ec236a5ce79ef6de112283a23d7dbf53af907347e784d0b34d0e7f7af660387bb00778c53e100e8fe5a7db4715b8856bbbb4c75c023738e641d55f730f57585e9dcaf1271dc4bbfa9305fd2f201fda816feb180eb66e6e17737fdf9f0fb7fbee650b150279e11fa8901f2350a755cfc699cbf4d48f5b82441461ef093239cafe0c4dfcb7b6a202a5a2e22f51f94ec0b509ea57f6ae5db3d95b4a1eb1e5db05624fbb74a50f569cb878e91f5c2e00b60fe3c404d8df41582cf8a8ebfe6c48846db8c32ac29a5ddd92d358ef791a4aea27c84890e0c0d12bdde3eb20d42fbfb7989f03e2d89e242b15ed47d0c7ed4c5d963a4d1bdaec3e5ce09717058adc90f0ff458321e6a54656509b09c1eb343651ddf902b298bea27f6922ccbf6bdc126b6a81be140e620744196a4f56ab14e203c31ba71979c77cac9eea9ee6c49a191d1483d07ac521fdfbaf650fa01163f868a9f330850ccfe2cbb4e01bec0ceab72920f6b65feee2e206a483f164f95e889d99a189ddeec080c218e414cb7f98a2465a55190934cb587f8ec1a7603af7780ed9437b38c40838da447593d4097cdf3cfb5def2247a53afba8502fe3cd5b977567d271c8cc5b17ecfca5ceace1d10976f8a4644b21efb929d0dc304c34fced5112b21db11ef63760bf63f83b51a5c73076f65754230d62ac2f86d71d305136c7e0477112fd38ffdccce3da7d216eb5818022e3ffaf459f3106c9994243c5a8afb83ad1e7b148e55da632e9294eb4f67e743a9ca6162d36241ee350fa9116c281b9612b1909f34b4b041b32661a933b8872895c52f3a69d21806213d06bc46d8c785498f03facdfa08bc9b920f9a7c23f54cd5d8c6caac6c1ddd664be298aa90bd8b06afe4773b39654b28d2cced97b23774c1a4f1cffce10a7bfbf5ce1381e0e010f1d760c6b043fc164211b6f924fd7aba334a25689c3336d4a72c2f5285660abe776fdd8b614526f282fcff28e5785db72e77442ae7bbf7d1bc91f5337a0cf10c39938db7c71fd3d32cb397e6ec7eb5e5fafd567c0f9dc03a2934934a0657c3a614e4d0380c13b087aa488030c5699169bbb162153d4b755b60336ac2224c4644427bcdff09ecc29afb497af8c4915677b6594810e267830ff216344999e1d46bcca7d66e75814080a04242a51ce5a21bd4404b82e1f61384cecf95466f1d1c3c0a4363f32027eb898679dacfbb46cd2fb767e9686022f3b948aa4542ff89f39577ff64b0f2a2fe3aa95cf9a3cf6148c97c579614eb7cc01a3083841b0dd3e3f1e66931698ab6dfa45a683f7fa553291d189e2970967b4a4d005327e68faf9cadc2841723954781389367fadac527657624765dfbbbcb86020ffa8129b549b276450d634c37093a492e748b7f67dfb252acdcd0334fc00bfe5920531f67ca02fd99873dd9f9a3d5196779cc613dc61da298396f33e7c6a8b385e7be49a81be6b88648871383fd15d2362e407b5991c69c89048ac98196ea85afbe9939dde5bc8852c838ab86fe5db283a73090cca15149d10ed8bc994889adf2735766018aea292cf413cb70beb4513c90e6809e871f4a7c0547cdf63094752daab6254ab6ca6a3e227c77ce3a86125bed9594aae6cd9d6fd96238134491334a427e65dbeaf75b8b0ce6cad9abce8330a23cc7c394fc89b71593ab4b92bcf0e1511486487cd8729c2c98e76aaf27d5ef1feda41a74ec6286995eb38fa324f7847600a57b72a27c1608ed89252106aed4dce828dbecce841b36dd603d3175263eec880d6047e0a42a0d9390873bd65e000019880cd2744637ceffda1d20887c4596cc41d74884850265c4c0790eb92bb08510a3b205c3153fca736edf8bdec2642b61ba885a9e002016bc51d9657a174937a585b893cbb775a9343839573886f726e136e88047663eb136e4c049c033f682a42ccf92f4a5ea8f095116f60a1484a76308cce4cb61b639f451aab8db9fce98a38ac6a12e80b386436edf413a883890373f868f428a453647e7c963c531759ce78b4b8e06dbabd69fd8b0ed308d42d5e8abd4efc106dd2b08c3c3272c437abc20dfcd159c9fda8584f91a5e6860803452ed2e0e1a5461eb4a51667dedce548e29d006b44c1ec3ac1dd905f54b473268e7e5fccfdea4ed5ca058270cd5df9e7e6c2d6089650932537e3a0bc188e6a137f69927a97046ca4ee285219e691be4407191793cbea90b6061809bff00b91641aec5ed747c1812a306aa6819c4fd46efaad99a3abd4add0059fc11e553c347ac570d4fbb81654eb3733dec1e70aff0b3882f0cf622dfafade52eab690d461ba4cc4c38b65b7afe61a29d4e2cc84042d522cc9a9371546640f375e8954e7b5f6920f3d0e7d923992de2d1204301b7b4dcf2f91635a723cfcfa21097754e6d2e29568722f43a3d0c14e90ef4679c49ee30e17b86978fdac256fd5323a070b45e15d90dc3ebab8a3dd4236d9607b13800c2e405cb0e1fd72bba76f774c4787be96f20bb8af94995ba80f7ebfae40dc720a2f4a49a490c0125cb4ad8e9339767f69edc011e141bf6d0290262384685fd91e4e5ed141bb8c4a1e8e996a1a2ade5960e6a8ab2abf8974ee00333dbdd4003e9cefd0b218aeed74870a0d127f83363d3612453dfc3f1b9243e8d806e648ac636cd055f67818b3545747e6e2d5494bddb2c488e520bcb9b4571c082292cff2c6bb48fab1738a3a16b1292dcdb62ac87b2f3ed8b053c3abf2a8d247b31a5b3faf510a00974185e17e4d012b32af077083a58f9b29c0aeb81b2d910b9069199c3048132236bfe55e066f7dff75ae291cba82cb518435115b5cc946e28a95485555f9d1675f0c085bbecc15b4926c4f84e2f93c1d9cbadcb9337e4a551cb51d20b05ab4c0016b0000788735172c1ca36d8d686bac455374194279c497c0a1f38688de22a7a78e02604da7bbbc4fca1603a8c70cfb1ff8bece9d04e7de4675a9150e5f3ef483a40b1acde7255fc5d948684112ac6babca2a0ded4abc9fa4c0d500acc0806c3bf2ed7707f06b86e7e9c262a8695b6f50a5d3e1daaf000000000000000000000000000000000000245a4ae7d4fad0fa6f7fdb5c9fece2c284692bcf6a53268e785e9f355766ed5ded1ec98374dccc6dd42bc316a765f29065b55b2b5033c2b5636513f92e02309983c581275792637764a0f2eb356ec3fd302fe03b7f154654ae5a98b4fec2aad23128fe4b8592df9d5890c3ba9c239229f7115c964cd09594a01ab2d840df7f5b7f5e"], 0x160c}, 0x1, 0x0, 0x0, 0x48000}, 0x4080) mmap$perf(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x10, r2, 0x10000) perf_event_open(0x0, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 2417.819043] FAULT_INJECTION: forcing a failure. [ 2417.819043] name failslab, interval 1, probability 0, space 0, times 0 [ 2417.820673] CPU: 1 PID: 11850 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2417.821655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2417.822820] Call Trace: [ 2417.823201] dump_stack+0x107/0x167 [ 2417.823721] should_fail.cold+0x5/0xa [ 2417.824267] ? create_object.isra.0+0x3a/0xa20 [ 2417.824916] should_failslab+0x5/0x20 [ 2417.825468] kmem_cache_alloc+0x5b/0x310 [ 2417.826057] create_object.isra.0+0x3a/0xa20 [ 2417.826682] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2417.827404] kmem_cache_alloc_trace+0x151/0x320 [ 2417.828075] ip_setup_cork+0x6ea/0x930 [ 2417.828631] ? raw_destroy+0x30/0x30 [ 2417.829196] ip_append_data+0x167/0x1a0 [ 2417.829762] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2417.830507] raw_sendmsg+0xaa6/0x29d0 [ 2417.831060] ? dst_output+0x170/0x170 [ 2417.831601] ? __lock_acquire+0x1657/0x5b00 [ 2417.832232] ? perf_trace_lock+0xac/0x490 [ 2417.832816] ? SOFTIRQ_verbose+0x10/0x10 [ 2417.833408] ? __lockdep_reset_lock+0x180/0x180 [ 2417.834071] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2417.834799] ? find_held_lock+0x2c/0x110 [ 2417.835394] ? trace_hardirqs_on+0x5b/0x180 [ 2417.836016] ? dst_output+0x170/0x170 [ 2417.836563] inet_sendmsg+0x11d/0x140 [ 2417.837118] ? inet_send_prepare+0x540/0x540 [ 2417.837737] __sock_sendmsg+0x13c/0x190 [ 2417.838302] ____sys_sendmsg+0x334/0x870 [ 2417.838891] ? sock_write_iter+0x3d0/0x3d0 [ 2417.839487] ? do_recvmmsg+0x6d0/0x6d0 [ 2417.840045] ? perf_trace_lock+0xac/0x490 [ 2417.840645] ? __lockdep_reset_lock+0x180/0x180 [ 2417.841308] ? perf_trace_lock+0xac/0x490 [ 2417.841910] ___sys_sendmsg+0xf3/0x170 [ 2417.842471] ? sendmsg_copy_msghdr+0x160/0x160 [ 2417.843121] ? lock_downgrade+0x6d0/0x6d0 [ 2417.843727] ? lock_downgrade+0x6d0/0x6d0 [ 2417.844327] ? __fget_files+0x296/0x4c0 [ 2417.844907] ? __fget_light+0xea/0x290 [ 2417.845483] __sys_sendmmsg+0x195/0x470 [ 2417.846060] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2417.846674] ? lock_downgrade+0x6d0/0x6d0 [ 2417.847313] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2417.848007] ? wait_for_completion_io+0x270/0x270 [ 2417.848692] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2417.849505] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2417.850285] ? rcu_read_lock_any_held+0x75/0xa0 [ 2417.850980] ? __traceiter_irq_enable+0xc0/0xc0 [ 2417.851636] ? fput_many+0x2f/0x1a0 [ 2417.852177] ? trace_rcu_dyntick+0x2f/0x170 [ 2417.852799] __x64_sys_sendmmsg+0x99/0x100 [ 2417.853451] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2417.854185] do_syscall_64+0x33/0x40 [ 2417.854735] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2417.855462] RIP: 0033:0x7fe4a84d7b19 [ 2417.856016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2417.858582] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2417.859693] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2417.860693] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2417.861700] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2417.862696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2417.863691] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:19:26 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:19:26 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7a00, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2417.982728] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2417.985122] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2418.018104] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:19:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xff0f}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2418.042971] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:19:43 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 14) 01:19:43 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xc00e, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:19:43 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {&(0x7f00000001c0)="201900d07642da921fd6ff11430c6c6b8c0ac5060048065e24ecf3bb8ce311427ac446646b66cda5c391a00fbccd665cde721d7307fdcb6b969016edfcfc7632c1f3819bab23a38c40d2318820e65ef0262cc5dd8b5bc96f21bc84022b67785d6741984f29f705f842bd5a0870925cdb5d80eb689f80ea6ff07d3876a48c6519dad0190710", 0x85, 0x4e0}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x200002, &(0x7f0000000180)=ANY=[]) r0 = syz_open_procfs(0x0, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f00000000c0)={'HL\x00'}, &(0x7f0000000140)=0x1e) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x14) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfdef) pipe2(&(0x7f00000003c0), 0x0) 01:19:43 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2010000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:19:43 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x7) 01:19:43 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x4000000000000000) socket$inet_icmp(0x2, 0x2, 0x1) 01:19:43 executing program 1: sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="d8", 0x1, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000280), 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/2, 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x42, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f0000000100)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/70, 0x46}, {&(0x7f00000002c0)=""/159, 0x9f}, {&(0x7f0000000380)=""/238, 0xee}], 0x3, &(0x7f0000000480)=""/109, 0x6d}, 0xd12}, {{&(0x7f0000000500)=@hci, 0x80, &(0x7f0000002980)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/206, 0xce}, {&(0x7f0000001680)=""/77, 0x4d}, {&(0x7f0000001700)=""/4096, 0x1000}, {&(0x7f0000002700)=""/96, 0x60}, {&(0x7f0000002780)=""/176, 0xb0}, {&(0x7f0000002840)=""/10, 0xa}, {&(0x7f0000002880)=""/75, 0x4b}, {&(0x7f0000002900)=""/48, 0x30}, {&(0x7f0000002940)=""/27, 0x1b}], 0xa, &(0x7f0000002a40)=""/68, 0x44}, 0x400}, {{&(0x7f0000002ac0)=@hci, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002b40)=""/60, 0x3c}, {&(0x7f0000002b80)=""/247, 0xf7}], 0x2, &(0x7f0000002cc0)=""/187, 0xbb}, 0x4}, {{0x0, 0x0, &(0x7f0000003100)=[{&(0x7f0000002d80)=""/230, 0xe6}, {&(0x7f0000002e80)=""/113, 0x71}, {&(0x7f0000002f00)=""/90, 0x5a}, {&(0x7f0000002f80)=""/39, 0x27}, {&(0x7f0000002fc0)=""/19, 0x13}, {&(0x7f0000003000)=""/233, 0xe9}], 0x6, &(0x7f0000003180)=""/45, 0x2d}, 0x2}, {{0x0, 0x0, &(0x7f0000003500)=[{&(0x7f00000031c0)=""/144, 0x90}, {&(0x7f0000003280)=""/7, 0x7}, {&(0x7f00000032c0)=""/127, 0x7f}, {&(0x7f0000003340)=""/149, 0x95}, {&(0x7f0000003400)=""/54, 0x36}], 0x5, &(0x7f0000003580)=""/215, 0xd7}, 0x2f}, {{0x0, 0x0, &(0x7f0000003440)=[{&(0x7f0000003680)=""/89, 0x59}], 0x1, &(0x7f0000003700)=""/144, 0x90}, 0x401}], 0x6, 0x0, &(0x7f0000003940)={0x0, 0x3938700}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2b, &(0x7f00000000c0)=0xffffffff, 0x4) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x26ea, &(0x7f0000003980)={0x0, 0x126b, 0x2, 0x0, 0x1cf}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000003a00)=0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/class/drm', 0x970c7917c8cb9e10, 0x2) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_WRITEV={0x2, 0x1, 0x2007, @fd_index=0xa, 0x7f, &(0x7f0000000500)=[{&(0x7f0000000480)="bb024c69755e206d05b31065900010df58e4974e35dcf2a087a40e184899f3d6047a35b7253f48f6ce6594cd14a3018e3a7e86a44e06f1dbc01761bcd7a4ec3339c0768e7539014e60bf987583afa915b1", 0x51}, {&(0x7f0000000640)="5e8569ab6f02a7d5e01d991aa886eb33d57eb743219a7adff177dd0974a1e56944f84e80be535418540ae96f90d13a1fa5fbecfe3a47f7fde121708514c638d88ac95e763e64a2a2c2121e7e524716a0e94ff2abf9d37384a697a5359ac207ed5ca6a9a4b7483f0582598fd03a6bad682529b6e2f3ed37ef5ceeb4638e6448558c8b91a829f7b81f879bdb0d947fe06807d4a7c14c988bc70aa93340412d5925c4ef1ddc90d1da165e91742f3e1cb1ba278311eb729b6fb361bb2537ebcc0a7e", 0xc0}, {&(0x7f0000001780)="ff52023991a4f9811c9af4301173db45a53d393b4bdc9e2e55ff441f8dffb1af526a90b00ddbb87afedc0bcc766bd0bb9ca6ede2512c5d66cf05da27aa5465a3ee4f3d47fcd49accee97caedc17878ad2f56a30b4d6e4cca91111ba823b067fed613868f2def5919c8654c0d1179680e08f68340b502e4798e16546e48f1433cb93a6490bfe1c264cef4d98246f0957e2446bccdbb4cc2fa1bac65105c75246438a93d", 0xa3}, {&(0x7f0000000200)="54dbb557609a966157ee8e4fd3346f2138c9cc3dd861dba9376e818ed13ac73e42fb86f43e30e2", 0x27}], 0x4, 0xe, 0x1, {0x2, r3}}, 0x5) syz_io_uring_submit(r0, r1, &(0x7f0000003ac0)=@IORING_OP_WRITE={0x17, 0x1, 0x2000, @fd_index=0xa, 0xfffffffffffffffb, &(0x7f0000003a40)="580682d3208defafe712fe4647cac7cc7665c77bade31a512363048650c984905e09d5c0d8373e68fffa4856f573fc33e0ebf31de804a2fdd2d1716e8a3c16b8b062a0769c9ad9b737026a627f5d17ed1a69c8781ab2f50d4716f7748b03b462c2df7ebfc0f6ad", 0x67, 0x4, 0x1, {0x0, r3}}, 0x1) 01:19:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x40000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2435.669455] FAULT_INJECTION: forcing a failure. [ 2435.669455] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.671296] CPU: 0 PID: 11885 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2435.672404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.673731] Call Trace: [ 2435.674164] dump_stack+0x107/0x167 [ 2435.674753] should_fail.cold+0x5/0xa [ 2435.675372] ? __alloc_skb+0x6d/0x5b0 [ 2435.675990] should_failslab+0x5/0x20 [ 2435.676605] kmem_cache_alloc_node+0x55/0x330 [ 2435.677331] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.678194] __alloc_skb+0x6d/0x5b0 [ 2435.678792] __ip_append_data+0x2930/0x3310 [ 2435.679504] ? raw_destroy+0x30/0x30 [ 2435.680129] ? ip_finish_output+0x330/0x330 [ 2435.680826] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.681648] ? memcpy+0x39/0x60 [ 2435.682187] ? raw_destroy+0x30/0x30 [ 2435.682790] ip_append_data+0x114/0x1a0 [ 2435.683443] raw_sendmsg+0xaa6/0x29d0 [ 2435.684072] ? dst_output+0x170/0x170 [ 2435.684686] ? __lock_acquire+0x1657/0x5b00 [ 2435.685405] ? perf_trace_lock+0xac/0x490 [ 2435.686078] ? SOFTIRQ_verbose+0x10/0x10 [ 2435.686746] ? __lockdep_reset_lock+0x180/0x180 [ 2435.687509] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2435.688332] ? find_held_lock+0x2c/0x110 [ 2435.689012] ? trace_hardirqs_on+0x5b/0x180 [ 2435.689728] ? dst_output+0x170/0x170 [ 2435.690345] inet_sendmsg+0x11d/0x140 [ 2435.690959] ? inet_send_prepare+0x540/0x540 [ 2435.691667] __sock_sendmsg+0x13c/0x190 [ 2435.692309] ____sys_sendmsg+0x334/0x870 [ 2435.692980] ? sock_write_iter+0x3d0/0x3d0 [ 2435.693673] ? do_recvmmsg+0x6d0/0x6d0 [ 2435.694299] ? perf_trace_lock+0xac/0x490 [ 2435.694972] ? __lockdep_reset_lock+0x180/0x180 [ 2435.695717] ? perf_trace_lock+0xac/0x490 [ 2435.696393] ___sys_sendmsg+0xf3/0x170 [ 2435.697023] ? sendmsg_copy_msghdr+0x160/0x160 [ 2435.697773] ? lock_downgrade+0x6d0/0x6d0 [ 2435.698463] ? __fget_files+0x296/0x4c0 [ 2435.699118] ? __fget_light+0xea/0x290 [ 2435.699758] __sys_sendmmsg+0x195/0x470 [ 2435.700414] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2435.701114] ? lock_downgrade+0x6d0/0x6d0 [ 2435.701812] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2435.702633] ? perf_trace_preemptirq_template+0x266/0x400 [ 2435.703521] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2435.704400] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2435.705298] ? __traceiter_irq_enable+0xc0/0xc0 [ 2435.706056] ? fput_many+0x2f/0x1a0 [ 2435.706652] ? trace_rcu_dyntick+0x2f/0x170 [ 2435.707357] __x64_sys_sendmmsg+0x99/0x100 [ 2435.708046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.708875] do_syscall_64+0x33/0x40 [ 2435.709490] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.710310] RIP: 0033:0x7fe4a84d7b19 [ 2435.710917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2435.713863] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2435.715098] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2435.716242] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2435.717393] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2435.718538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2435.719687] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2435.753118] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2435.758431] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2435.759583] EXT4-fs (loop4): group descriptors corrupted! [ 2435.788611] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2435.789785] EXT4-fs (loop4): group descriptors corrupted! [ 2435.802333] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:19:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 15) 01:19:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x1000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:19:44 executing program 1: syz_open_procfs(0x0, &(0x7f0000001580)='cgroup\x00') perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:19:44 executing program 7: mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x300b4e2, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'lo\x00'}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000180)={@loopback, 0x0, r3}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet(0xa, 0x3, 0xff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @private=0xa010102}, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe00, 0x400032, r5}) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000200)={'ip6_vti0\x00', r5, 0x2d, 0x6, 0x7, 0x9, 0x41, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x7, 0x5, 0x800}}) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'wlan0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffdfffffffffffd, 0x1004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x74, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="00000006", @ANYRES16, @ANYBLOB="010000000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="6d6e09ca044e459fc78ca27728297fa689f9108b9e5a3e210d9015b22211d6cc3f97cd895030adcb9295ade00853ef288e1fd6d3d8554bb81c3261e804728fab2b560d1dd834a6d24419de9149520b04223af6a5e190"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)={0x74, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x5d}, @void, @val={0xc, 0x99, {0x80, 0x48}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'bond0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}, @mon_options]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 01:19:44 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x8) 01:19:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2803000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2435.886860] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2435.898006] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2435.951622] FAULT_INJECTION: forcing a failure. [ 2435.951622] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.953172] CPU: 1 PID: 11910 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2435.953932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.954927] Call Trace: [ 2435.955230] dump_stack+0x107/0x167 [ 2435.955679] should_fail.cold+0x5/0xa [ 2435.956197] ? create_object.isra.0+0x3a/0xa20 [ 2435.956775] should_failslab+0x5/0x20 [ 2435.957180] kmem_cache_alloc+0x5b/0x310 [ 2435.957634] create_object.isra.0+0x3a/0xa20 [ 2435.958157] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.958771] kmem_cache_alloc_node+0x169/0x330 [ 2435.959377] __alloc_skb+0x6d/0x5b0 [ 2435.959943] __ip_append_data+0x2930/0x3310 [ 2435.960430] ? raw_destroy+0x30/0x30 [ 2435.960836] ? ip_finish_output+0x330/0x330 [ 2435.961302] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.961861] ? memcpy+0x39/0x60 [ 2435.962335] ? raw_destroy+0x30/0x30 [ 2435.962731] ip_append_data+0x114/0x1a0 [ 2435.963297] raw_sendmsg+0xaa6/0x29d0 [ 2435.963816] ? dst_output+0x170/0x170 [ 2435.964332] ? __lock_acquire+0x1657/0x5b00 [ 2435.964809] ? perf_trace_lock+0xac/0x490 [ 2435.965253] ? SOFTIRQ_verbose+0x10/0x10 [ 2435.965693] ? __lockdep_reset_lock+0x180/0x180 [ 2435.966200] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2435.966744] ? find_held_lock+0x2c/0x110 [ 2435.967195] ? trace_hardirqs_on+0x5b/0x180 [ 2435.967653] ? dst_output+0x170/0x170 [ 2435.968063] inet_sendmsg+0x11d/0x140 [ 2435.968465] ? inet_send_prepare+0x540/0x540 [ 2435.968927] __sock_sendmsg+0x13c/0x190 [ 2435.969358] ____sys_sendmsg+0x334/0x870 [ 2435.969787] ? sock_write_iter+0x3d0/0x3d0 [ 2435.970229] ? do_recvmmsg+0x6d0/0x6d0 [ 2435.970641] ? perf_trace_lock+0xac/0x490 [ 2435.971079] ? __lockdep_reset_lock+0x180/0x180 [ 2435.971563] ? perf_trace_lock+0xac/0x490 [ 2435.972003] ___sys_sendmsg+0xf3/0x170 [ 2435.972421] ? sendmsg_copy_msghdr+0x160/0x160 [ 2435.972908] ? lock_downgrade+0x6d0/0x6d0 [ 2435.973454] ? lock_downgrade+0x6d0/0x6d0 [ 2435.973893] ? __fget_files+0x296/0x4c0 [ 2435.974335] ? __fget_light+0xea/0x290 [ 2435.974755] __sys_sendmmsg+0x195/0x470 [ 2435.975198] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2435.975652] ? lock_downgrade+0x6d0/0x6d0 [ 2435.976114] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2435.976631] ? wait_for_completion_io+0x270/0x270 [ 2435.977143] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2435.977724] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2435.978303] ? rcu_read_lock_any_held+0x75/0xa0 [ 2435.978790] ? __traceiter_irq_enable+0xc0/0xc0 [ 2435.979280] ? fput_many+0x2f/0x1a0 [ 2435.979664] ? trace_rcu_dyntick+0x2f/0x170 [ 2435.980124] __x64_sys_sendmmsg+0x99/0x100 [ 2435.980570] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.981109] do_syscall_64+0x33/0x40 [ 2435.981520] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.982061] RIP: 0033:0x7fe4a84d7b19 [ 2435.982456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2435.984353] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2435.985140] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2435.985884] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2435.986627] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2435.987367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2435.988108] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:19:44 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2436.077299] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2436.078474] EXT4-fs (loop4): group descriptors corrupted! 01:19:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x2000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2436.123576] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:19:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2e00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:19:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 16) [ 2436.152967] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2436.158299] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2436.168787] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:19:44 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x62) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x120) faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0) creat(&(0x7f0000000200)='./file1\x00', 0x124) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c5218624229bba6aa30030001"], 0x330}, 0x1, 0x0, 0x0, 0x4}, 0x24000000) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) fsetxattr$security_selinux(r1, &(0x7f0000000140), &(0x7f0000000340)='system_u:object_r:ssh_keysign_exec_t:s0\x00', 0x28, 0x2) pidfd_open(0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r3, 0x0, 0x0) kcmp(0x0, 0x0, 0x5, 0xffffffffffffffff, r3) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000100000018000000cc20db969b12b91ba041d6ff4d80aa4505830c1e29a25cc9650fac637b790d5c7e6a08324b1068c2fa10ad28501a87ab8dedd155db86ba5d2214f7c6c8437ed3a988fcde0b47ad913916259d20df9dc02f9a679742a6c3e85ea4e5491c9c243843921891071cefada39c6ddb76137a28cd8837b6e8d8e837c73c05ed28664ec1a2e62f25ec39b114bf1bc4086a88b5d4126c81a622", @ANYRES32=r2, @ANYBLOB="160b0000000000002e2f66696c653000"]) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x2, 0x2, 0x6, 0x5, 0x0, 0x9, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1800, 0x0, @perf_config_ext={0x7, 0xc2c}, 0x40220, 0x12, 0x1, 0x5, 0x80000000, 0x200, 0x2b, 0x0, 0x1, 0x0, 0xffff}, 0x0, 0x0, r4, 0x3) quotactl(0xfffffffffffffff7, &(0x7f0000000040)='./file0\x00', 0xee01, &(0x7f0000000240)="22905cbe9c2e6a28b8ea92ecd66cedcf5a730691fe3ddf5c2a7c1c7097993dc4054ad955b351400bc4a2048d93c6b3e1306f4376c2f4469f38c669fa2fd5a56d0fd03776380d3ab806df1d39644ce7ce8437732862e902faacfac6d0c53e382eccbc3487d290319329328e672695da56670a3d9e95aead032d77b18cc62c3f785ca61ba81c180325685d05f5aa76b1274a225ba655e27234ed610a353ea236c4ea1e703e907e62eb9f945f76e0c15275546cb70b2da5b463c5fc42c711549426c1baaafb113c6d5f1185c8f6c86c732c03eb5438f428e0ea1ab1b87ed8dfd37336304be55f579948301231fd69") r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x4840, 0x2d) sendfile(r0, r5, 0x0, 0x100000001) 01:19:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x7ffffff9) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000000c0), &(0x7f0000000180)=0x4) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x29, 0x0, &(0x7f0000000140)=0x55) tee(r1, r2, 0x40, 0xf) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x80000, 0x1}, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000200), 0x5}, 0x54016, 0x0, 0x1000, 0x6}, 0x0, 0xfffffffffffff7ff, r3, 0x0) lseek(r1, 0x0, 0x2) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x128) copy_file_range(r4, 0x0, r1, 0x0, 0x200f5ef, 0x0) [ 2436.185522] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2436.203203] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:19:44 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf002, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2436.298662] FAULT_INJECTION: forcing a failure. [ 2436.298662] name failslab, interval 1, probability 0, space 0, times 0 [ 2436.299626] CPU: 1 PID: 11936 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2436.300199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2436.300892] Call Trace: [ 2436.301123] dump_stack+0x107/0x167 [ 2436.301442] should_fail.cold+0x5/0xa [ 2436.301782] should_failslab+0x5/0x20 [ 2436.302109] __kmalloc_node_track_caller+0x74/0x3b0 [ 2436.302541] ? __ip_append_data+0x2930/0x3310 [ 2436.302920] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2436.303376] __alloc_skb+0xb1/0x5b0 [ 2436.303688] __ip_append_data+0x2930/0x3310 [ 2436.304070] ? raw_destroy+0x30/0x30 [ 2436.304392] ? ip_finish_output+0x330/0x330 [ 2436.304758] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2436.305194] ? memcpy+0x39/0x60 [ 2436.305484] ? raw_destroy+0x30/0x30 [ 2436.305818] ip_append_data+0x114/0x1a0 [ 2436.306162] raw_sendmsg+0xaa6/0x29d0 [ 2436.306501] ? dst_output+0x170/0x170 [ 2436.306824] ? __lock_acquire+0x1657/0x5b00 [ 2436.307202] ? perf_trace_lock+0xac/0x490 [ 2436.307552] ? SOFTIRQ_verbose+0x10/0x10 [ 2436.307909] ? __lockdep_reset_lock+0x180/0x180 [ 2436.308307] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2436.308738] ? find_held_lock+0x2c/0x110 [ 2436.309098] ? trace_hardirqs_on+0x5b/0x180 [ 2436.309471] ? dst_output+0x170/0x170 [ 2436.309805] inet_sendmsg+0x11d/0x140 [ 2436.310122] ? inet_send_prepare+0x540/0x540 [ 2436.310495] __sock_sendmsg+0x13c/0x190 [ 2436.310834] ____sys_sendmsg+0x334/0x870 [ 2436.311175] ? sock_write_iter+0x3d0/0x3d0 [ 2436.311539] ? do_recvmmsg+0x6d0/0x6d0 [ 2436.311867] ? perf_trace_lock+0xac/0x490 [ 2436.312218] ? __lockdep_reset_lock+0x180/0x180 [ 2436.312606] ? perf_trace_lock+0xac/0x490 [ 2436.312967] ___sys_sendmsg+0xf3/0x170 [ 2436.313303] ? sendmsg_copy_msghdr+0x160/0x160 [ 2436.313698] ? lock_downgrade+0x6d0/0x6d0 [ 2436.314059] ? lock_downgrade+0x6d0/0x6d0 [ 2436.314411] ? __fget_files+0x296/0x4c0 [ 2436.314753] ? __fget_light+0xea/0x290 [ 2436.315088] __sys_sendmmsg+0x195/0x470 [ 2436.315438] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2436.315798] ? lock_downgrade+0x6d0/0x6d0 [ 2436.316164] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2436.316571] ? wait_for_completion_io+0x270/0x270 [ 2436.316976] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2436.317444] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2436.317913] ? rcu_read_lock_any_held+0x75/0xa0 [ 2436.318315] ? __traceiter_irq_enable+0xc0/0xc0 [ 2436.318703] ? fput_many+0x2f/0x1a0 [ 2436.319010] ? trace_rcu_dyntick+0x2f/0x170 [ 2436.319379] __x64_sys_sendmmsg+0x99/0x100 [ 2436.319734] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2436.320175] do_syscall_64+0x33/0x40 [ 2436.320488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2436.320923] RIP: 0033:0x7fe4a84d7b19 [ 2436.321233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2436.322772] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2436.323401] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2436.323988] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2436.324576] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2436.325161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2436.325759] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2436.366813] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2436.367729] EXT4-fs (loop4): group descriptors corrupted! [ 2436.399193] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2436.399982] EXT4-fs (loop4): group descriptors corrupted! [ 2436.421947] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2436.424072] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2436.467675] Module has invalid ELF structures [ 2436.639003] Module has invalid ELF structures 01:20:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 17) 01:20:02 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0xff03000000000000) socket$inet_icmp(0x2, 0x2, 0x1) 01:20:02 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3f00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:20:02 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:02 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000003440), 0x20000, 0x0) r1 = signalfd4(r0, &(0x7f0000003480)={[0x200]}, 0x8, 0x40800) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x10, r1, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) setsockopt$packet_drop_memb(r3, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) pipe2(&(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) read(r4, &(0x7f00000022c0)=""/4096, 0x1000) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001d40)={'syztnl1\x00', &(0x7f0000001e00)=ANY=[@ANYBLOB="592ff00000000000000040", @ANYRES32=0x0, @ANYBLOB="00080008ec9c774f1aaecad49ff32ecaff27f4000000030000000149050024008000000429907864010100b81414aa440cb9a100000000c694000000000000"]}) sendmmsg$inet(r0, &(0x7f00000021c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="4107b43ed1fa3f470e6e2860f30b6e267159d720fd5fee2481679887b08ad49ecb9e63df207dcb939192ea6fa2ac86c77c3e9b14c1a6d3f31cd89636a346e1cc508b12429397c48ee356c85ef3235017248c7b4272ffb39585b6b2d635ae8b89501552527a29c1513fe391f894307544e9145b30347ffb0f9b3a4af54914dfb455701ec233fb99685b3a41e79b03e46cffd57c2f4d48dd623164ca85e1f7bdd3491fe781e76c52035adc976720176fe8ccce6bd9dceda652b032a5da8956df9fa863", 0xc2}, {&(0x7f0000000280)="cf3802cdfd5e134e1b58e859bf439ff995eff4b07cb130a401656fe6d21a8d713182f190925cf16d41d2b80a82fc403bf6f7b9f94428754613dfe39b1c89e381e064e4bcb1ebf4e3b5623ffb6fd4c88b5d562060d820305b95f435421124f7603cafc8d4b81df849028e4bf7b80274dba643e85b850ad80d0cd16035758e8f6e91ade623aa6211571561a3446a0969a14ff6b50ddf8dfced43fe7a108d374066c1b93f2209aa5cfdf27890200d47bbafdc469d1cf1746af29f4db8e6faa3", 0xbe}, {&(0x7f0000000340)="f736a2c00e7df7fbd40c9b43c6d42088b5fe1a0a9da9e2aa704504e4edf730bb0b9272648f9a200fa1d5eef0880a286b0ef85aac86e01c2be4e39e29f6bc7f66851fd717d636c84f31713fd0d0565f4eef277da146922257962f793a82cec09a", 0x60}, {&(0x7f00000003c0)="48234692292d25e4296075a409e002c41b5f806fcb5b3528821a08357c078819c2aacd0cac7c3a0f04e127195dd0397e96e190e65dc3be8fc15a0fca2b5d809aead52b8cce7e2ac5e443a7b6059dc11861d07314b3ac13a5f9024754c761ca841cc361543e80124e8ca83d36d5", 0x6d}], 0x4, &(0x7f0000000480)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7ff}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3d}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8}}], 0x48}}, {{&(0x7f0000000500)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000009c0)=[{&(0x7f0000000540)="e6d290432f83ec67397a70d72f076116167966caf7820e655e1c54140f39f7b1c4d8c82597ae865a6ce4169855e26890cc32c295d27f2760f7e4519148253ac448ab99f1ea41430334e9bd4edceba51b10916fcef8fa592a3c7a", 0x5a}, {&(0x7f00000005c0)="220d204aa80486e15d930352f8b64b61be89e19506c49604f669d0179efd07fc37cd053d50fd7744cbab48e2f60d3bde5c828097deb42804935cf6f5dcceb7bbbf9d3323eb4b249eb01a9ff7515f9d37dcaa30ab3f461c7ed360", 0x5a}, {&(0x7f0000000640)="1f0dfd4b1a792cf23d64fcdf71b5d938f72e5374523eb5e66bb795a13a3d3d4b805a0ead910a7434211c2fd76f291d9ab9e7397359f635fa4ad2127ec13437ba01f7dd45659a15fc90ac81f8df0e704f1dbaf4c4b3db5d741d88fb31f8c80e7c63cb5c3adf6e23e8da9b3f85117df70c0277be724a4ec6267b0c8fa01827a9629a2377e2de56d4cbacd22209c08e21b124749bf38138b7c03cb9fe32fdf2df7a86da3f505698ba5e4a56c89cb1a18b34b118e2689f041c1fb5a0", 0xba}, {&(0x7f0000000700)="b38b07f7d055fe676b8c064cc87bf1ed9a8c23316f6b8cd1ed15de25ec67cdd6d4b4f1ef67e7653d9eab7bc25352fa50dc", 0x31}, {&(0x7f0000000740)="a6cf91f66682555d8bf56e0679ede678dd3f7d6fcc87426ebf5601a121ee7a528c562091ada35a18218e5d5515beba3abc49b3f4c10a101c9439afa970b945d49a1cb87a9db6f16f312010ff8887eed4387e1a033f53f8b9d9946c8e8b5f943b9be2b270f26994265690c5a095140d11351bc437c78e0a88c282fd784d8f6f47e8e8209c34aca4fb2828e8c3485222938adcd1f1e3599ec92605377b7c084067bf59b662e6b13e3b80bad03d60e307eccb2e2c4e680a48046b3deb99366d5051b6e1a1676c11202841d9d7020fbee048c152da1964dde5454c4e51039d98a2a04cb3be8f349d4e9b1e48a252e57fdeb47a94a6501a99aed00f2daad0", 0xfc}, {&(0x7f0000000840)="3fcb538d804d301b49bb4dab258c56d39c56c8ddb2410f87dc3ee888715972a331d99bc95f05d34cd872b6c0d2b8bfeb814fc42326cffea0d15ced39a5380ccbf51918cb348ba0be39202796a69f4d88fd8f5abaeb9e8902150de13aaff7dae78c0c14284baf7e991437acf4c032457fa2", 0x71}, {&(0x7f00000008c0)="2c9ce4a6f92236027a7ace0b3c65a96e02ecadfac11d64bc3bb69810ca5595792a1068cec02a009712e0e30b0accfd36c726dda371dba5c76cb23709384505be5178e242eabd7999dfaeb001c1e190e207abdd27d0009d35b3a8b3d01baef0c10f8a54ecbc67c7eb55f91cc05707339c29df8a59f1d4ed6778ac0032c6182e921463ff4a21be2708307396a3524f6e16de08dbd567cf412a9db085444b7f1ca9253bac7b711257ff4db1c108ec7fbe68e1cf60c427a7e71a3bfd60697486d70334ec0b1f145364a45a5edbf15aeddb95113bae238d382ac40d5a29fc32dd7e556ae00762128b1b7772031a492ecc2150206ef4e68d0b7be8b49ddd52c5", 0xfd}], 0x7}}, {{&(0x7f0000000a40)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000a80), 0x0, &(0x7f0000000ac0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x5888}}], 0x18}}, {{&(0x7f0000000b00)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002040)=[{&(0x7f0000000b40)="aae60e1017e102d8ffe13a00209acfb74489e701761a1f977d05483353cc4672a41af875b0bb0c08987b821a2ff3bcc136dda5c8a996b565ea53fe16824318fab803cf8cf5bc2f5014e5508a33a71baf4a34d8257f827e537ff70c68e380ed68f21fce9178c6a13bcbdb8f6568147b836f817cbc7fe850e041a4bbdb610a00d7fb2d208316375cd4bd4be9590f0b9109c93e59d7ccbeb4a51176f8eab8d4a000b527456637d23ba73e5cf5b689da3d906bef932cb0aaea7f33bae3fbcfcbcb68c7866affa39bfb501d60374004c8d7b79ff6aad3912ff6d0257693ed4126410f2b6094e989c81fca600f2c0b07d6992ee8d01c8048a970c859b6c125c325032a22e0514d29d0cb36eab69173ad7a7df8fc04a0f9aea0e418e5e01ceaf7fa815bc458b133b1f5b433ce2afa0865984be8ab8b1724129461052bce7dfd94fdfef827e04ba8b5579177834f0f39cc1b53e2504e7dfa9d5e8aef7a157c626b16b3267c476b9f4c5d26ef2f24bf781b1b8926adf7de200a5b088cf845756e1318153c64006384685d1021e0deda6e8415da1c85ecee300e6b23193c84363e532bcce910fddb83b75717a67afedd7197b8076619e4b959ca371d5c656564262a1f7d8fe0d90672348b80524e74e580ac541017e8e4308f3a4f166d63756084f1c6d0c3375d5f8ba3f2f31d770c90cfeaa18fb5960364c9d595e8331dc5b48669e2c7f41bc3662dbcf7ccfd00847acf7fed213607a135bb2e3133dec2052e0377c8c3abc51d55c168a286722360c9d088d54c47274edda706a2e20d9f077810b6113158e10504c2f409912a8daa5a9635c907c67d407e7bb5b2212072505d3d2dc888fdc95e5e94dba03689d0b5169cfc3acef7af6449e1ba6bf4a3f477581244618e2e40a56d8edb1763a1077b5fa561d0da4c1909c80d1b1ec2fb74def45db19c1093205579e4ec3dbb38fe8c0f69e66edb161de9225b0535ab979e8667c1f18521f986e776321f6b72e938f4cbcd3ba5a2ed105c96855a856bc1f70950468aac2b0b44096746c69624d3b84dcf6f9082cf9a0291352b4a589804936ff649a38ba245dddb6a9c9c103c2690137b3d60a67332e4aff016d8a676ffb8e47f499a4b56e9bd71a1d9562982513ef94633cc4e8062a26ff1e6f05e73abe8b64e0af6cae478a7bc37666f256d421dcb127fe6503f1928fd854d6c65d1ebe04ecf1ebb39f329a6ce8ea84c80e90cd603c40bb7abc1840269580d35c0b81c6aeca00d977e9692506197fad66f9fc3cdee80bdab904a39b958ca80233d1d8f708578f3a360c8012c65b27d65ac95464a8418c179047f60e29d4f1742762d364d7aef7a809a95575e88896eb92c25dabc5efe82dc7babcff16408808d27f86b2eae63dee650e207ed74e1ffe26ba64ba0d178d45b65c9b1f7333976b1eaaf6158ee8b229b5c6be097dd14ec8362ff120371e08e02aaf2bc29973434d3b96ca28bf53aa65dde36530cea2125a159f8c5749d652b9eab623ecded01db296d97e5c69e7e37f99d12b7c001fb94d8e47ceab8798639ac857f7b7c0c850cfb57598a07d1527c62ad455bdd8e2b41443863d26f5b1d4f0cdc70facbdc8abcd9805eac1205073bd47a5687a1572ac1b0bc33db7c34bc28e2e3c5bde02d089e9db87c3ecb46ff37cfdce82c3ebe1bbf89b568aa3aca1baebcaa264642abe1672f87cd0896a8c1468a020248bf41322bb77900feeb6317ebb54e9245bca76a44daaecf1952147043e46aaaec755ef3e497f1c9ffe78d53c4aec09dfc10b581fc1ea5661b2a942f2a716bf9e907711725b46c22adee67587291767389c9b93919222efa9d986b32d21323a478a3a0c954a046a2a59756c2754b00cb47b0a2707caa0d1befcfc4e4f0d8cab6a7483534c8724e415032960e0fbac9371448f52d46ec70e90f5aafc329c44fca5d57e6a8211d387ee99e830fb323d5e0290acea503e7bb381bb7eea5b89a62c52e6c6cb5e1e65bd19da55838d38954ddf9f7923e1b2024681c92cb3eb3f2c75c6d7a189478c30afb9a0adec6e5870ff61129c40b87245ba049f909e9d7e8b0d4cd15d0532de71993a30b5ab478f14b8605b2184f67eb6f956bea8c71ae694ce1e2a653a240b379719d08d2d21cd42fa463443fde1621b48039856081f72577c2c961c232e6a8b4ebb09f4255a92ef0ccdb8756885a9ce1a27028dee2d80c26ced1125328f2454709b6fb97ee0f4ebef295ddac20567c98b2d053fa35a8c62d07b9bb91a153e75159bbc147994055a17caedb81ace5b222af993ebeb8aa6c25a9cff25ce2b1a9eb83ed813b3dc5d3b60bf4f48c1b7bdb89db0aded9296d925a29ec142cf3465de080adb91c1a4463fca1931c6e48de4e7d40983b249032719b0c9efbf32717ff9c0f20951804eb387243d979ff2490d01d95036c5c5b2893cd6ad49f540550c0872e0fa41758f5b359ab9fa99f8d2dad46c5a6a9129688f347d3285cddd9ff241f4a129fa7b454922f09c210aff23ff930b83de40809a2f9bc5be32260fe68cb895fba04a00e3ea14cbd04754229626e75bc82596188dfab31398b1cb9813fd49ddf8ed440c998279e6c8a797c9702a015615bca6cdbd279f8aa67f3d090b8484598995ea7bfe469632a186e3d8dc0f84e6c844ff1710aac4f8b831ff2a76052d4d09e0197314920dfaf73892b7605dfa3891b58b30e50e9772faf94bee0bcc27d2f7260a14e756d5da1d98f84a89d5478d050719d0cf20e1aa4e9c85036ba2d90cd732e4a334afba9b0549428391487e9ac69cf5941c83a03d09abf212141c94e0634877b107efe73f775a24458ed0bf9a3e5fe4acff3577988170b5e8073887fe36bffe1e61fddd141cabb9bf8f9248c3bddddde5aa71cef9c83daa528b54af5cac31baaee91b1efcd84a72ee823c46cd258c4ed77f7ee7519d2d5c970117c0119c7dd0dda7a2b3136eba46b216dae6a08ca1a45ee33e4088113de1bbd4a7c12b36a2e9d88af021e5cefa7d2e7b26dc87e1df9e09ee45b2c2d8bdba1243674e4ff0cc6a59aa0fb782a12d9a84d4341f545f87ce46f3d70efb1c1c6b11ebc4de95985b346c35c0edc0d0c5cb5155c55744e826c964a14a375175d6a30d890efad3392980bde62938bc9806a7435e8dddd290c31e6f49f70a578a2b177d9e3ff0bd62da50d1e157f46f8c526db9dfccba458e50db1e9a2d9275f0ba2958bb5cd8ca65d02188e33f0f90da485543dcff1c9171f8f8f1358bbe9703cbde3b2f89633add1f5e2c9931a5fc81583ff35f8d2dff8371f77d3815e1cc36dd9ad7ea9aaf37b776f1de32b519914c27262f61e5742a8c2da7395cec1fe5a93c87d6b458cf97da872cf9a8162eeca92c2d05ab67a35509773383f816b5d017f50a53bb23ccc8282be081e3f311931a2ce040392ab3067586d4f8545d2340447cb5be721e121831938467c96dcdc7a2a3e5db4bfd1af4424f18e193d55b94300ddec6d5da2ed0dad2a2c7bb377cd8d859af7f1d1df5b31838309168ab21f0ee97212d588bdad7b2ba46230157e201901ce277cb98689262ee1b35d078daef58d8307975f7afa16b9865b2656007a01ee904a33e02d9edd17fb0f0b9d4d94e2d6f4bc0f6a5fbe3d4669c2d90f016b3e0465f7f73ae1429d7d2a37aa0397ebfa8837a540fe47d91380b330f6d1f4559265b2319a8aa24ed87ac23f103aa5d9b12021f3d57f9e3bada7a4c193729f03c9162ec1778fd2c7d65b86cd77b770fe72a537eb86a4ab45f86c4261c9f07139e2a9ad38c8ff1f0f25477036ff0db44aeb066b3f168094c5f8456547cab0770920a8b3edc9968ceaec9d5f2779609f5eef5945fba830d2851973c27a3e1b5bb2a8ebd3c49fda25210b078dc811d6e0a4596827bf2d65b6de67f8281eaa1102dc31e891c056177d02a6f80f13a0a0052fe1e0b3ece4caa2e00eda75a4106ce39abb51429963ecd4c87d8350d070cacc17d76c1f68db228d61307523d9729f2817144d4b2aa4ec4889cb6e2d5e624ab47a0eef7c3fdaf645b870428a494c294a8fb02163d4a20ca3a0be21319cd2cff9546134fb3ee7681748abdb9351720034b37d37745fc2c648b65a3c36b8194f5c103f86f9e0ba0dc37f98cc3d4f6092163914f5a46de45984a47c18e315e2280d34a6bc562be173f29a879564536251a7c90d5e68615d6ec23d88d3b8fb168bafd29ce8261f32558f09925e6df9a9dc4e69f1b22aa0b22365221d8cab01fba9795c31f8910e77dba7a8a4c90fac0842f01147286d2a51d9961d37d548ad647c460724fc4478e23738001bdf3e8baa7d7c7f5a203e68acb679e70500688fe16626279b983eb0f606dae175a7b0cb84e798599d72641039ba7dbfe4b47f396324be3701875f20b2629ac4b46fd15d73e16acd7bdc17f9f860806be751f6e850dad83f1c3428fb341c07ba5a457c58f3d349fb43f17f2e1e1507f460a7ea9eeec095168971f384ca228585fcc3ff10c71bbb9a15a47df01a9c5060fcc203e753f77d11c14c9be56c2b3298242f48d9e6d77e9f9a59eef1b684c2cb1549d4748e072a58ea2e513ee1fca96fe42c954c6eb68f78e8cbaa9daf051d6664192ce4b019dac00f289db0455e685e8f5fee74f26ce35c06de315a0e96ebccef14ff0fbabd8cdc17b26783abe69f8e629d1d125edc8566b0d8e90d0f6e21249e7b07b8ec49dc6cd89f1ce6987e3b935bc77aa7ab3d18ce136f5dde8b1c27e5e90370c1a2648cf1c2c4329176ef99e5b80dd2294b6601ef209248b5372f6440bcc48372fd78114cae2fc9fbc39b418f465cf60755347593915fcd8be708e4843eaa15ec22bfea2167635a5a51ac76376983805c3d17d8aa64d49b987012ac51f42922615b7c95c98a91e458e75f54c0a3870b50119d872d3224213df10fccf1b956cc1ba8e02bdfd49697d559cdcc6ea7a89a4775c2baa8905f8d140529b203ac1be5af9ccbc6cefee2ac64ab7284b633a1698d77c752efb6b395810ac903e5767274d09dffa18a185c0a13cd01317262546761606187993a8014c5f16d2327621b98339e0dae224fd6f71c639e78b4830c75b0943ab3cd1e0340ce09fea1582006c8765024994ac7a47dd5ba32c5cbaef8af79039275d3192fef846b0c0dd1bb00bb36a6916d25ec650b2aed702f8020fb4f2df07af86b6cec9775b23c82468fafebd76e7b5c102cd00fc492c1ea5a2cee769ad4bb198894cb749415ce6c5bebe8bde381fc4fd932c3f54dfa0ad661c1c6869543c54a11a5a28adcb967cb3b119a705c2ae9dda3625a1f5559f9c9263635aebfeef2db6fd153c5b6ea61c22d15924789070ad9441983e358368bafaec7ab2cadca5765db737cd2c701fcd381793689bc85f4d9143b529801ad3d612715be4c5ba71b9f3ce3064dc19890cd47bc36c9f6698bba71c88bbff5c19bdd0854f76807e92d8597edf974a7218005ddcdb0f026ca6ffbc2f6bcb4852c725d30b70e7bbbe33481a029f9fe8c6ba5ffb4dfae0869368f6e8d8680b39a6a0a9b6f6ed91319132cf71dfed6721a990e95cefc27b43c77cce6d10b88d230f4edd0de0e0a569615874a6f7f89ae9ae0b9a7d35d9daf18fe61acdc4cc65dea84afb42468be12084a82eb6f6b7a792d7d5f4b93254438840e5412f8416f9e4e77faf6119808a2c5919f7d6f022fe6075e3e7d08d04c22d17fd91443d22cae166261982cb195ef85a0dfb53d19b51b536ae2dca4d8e90d87296020f06d57d4b92755bc770985869b5a0c220b395c8f8a10792e1a7ee1d9f53cd3fb73d27b", 0x1000}, {&(0x7f0000001b40)="64fe74ef567d3eb824334ad0569fc41f739e892339a604d2b0fc84799a5e201aa636387f363d67ee1d5eb2768b3ebe4e2f58d3a32bde18ba84be9afc330dcc8e9d186209470f68cbbd29a90d9b46a5078e32fd8b070cb227c14f46f4f5f3d5b911c219da71d848772a9a05d44b57dc2f9545f0e4d780a7bbaed11213fd5f68cda58555cc0d16b2ab7435c60c3b4b", 0x8e}, {&(0x7f0000001c00)="80702524f5b999b7a8d7d477a4669daddf6c8e757129fe06bf7fe4d8e4508bfa4186c084e01041eeb0a93f12f378c94999aaf647e6f78c9861a90e46c0c3e5cebc84146e797081efb8e7010e03165e41439d6a5e7f504d7372c693f8348e21f291ce1279e1b18438b0846658b2e983daa065502da1c7e81842cdc69731c6085192140636df854992684dcdb3aed64fcf22", 0x91}, {&(0x7f0000001cc0)="e6715b388c70004b615f1ced28af6f08f3c25cc7319a050f8debfcb0576d91ef8786345ac0a2a04af4a55c5be4d498d23e79f4852ff134cc910740e49686f5f30ef6dfac583d40689d1456bfee90c9cb", 0x50}, {&(0x7f00000034c0)="73ed90c288d0834e8cc6fdfe5f9263db3c4ffa0b128acb0dcd5a6403d4774d421a01bc47bfd6b5d39201a549383d08e691d5a6ae47913e75327bdb9442b1e9f6e5d7cb08b709d95bd94f90171af5978b5e3060d833edadd432701df647a65fe5593974ad706c31447399f325422777c4f26c5f24617b3b8075aad469e1a3e38da5606cb3353246ac88180429d6cbd56fa00bb0416c474fb43f735002a7b3b34d60112701e270b273fe20a0fc5b14f974ad9427a17d43a9f5bc", 0xb9}, {&(0x7f0000001ec0)="4f43d710d27b29f9c8d50588b4d8653134f6a44dcf7ed36af794999e652acbd54f6be5c35930cd931d7df2830a5ad0d42b1611f79d27cfff47d491b17bdf6ebac09bf7e1a7dc31d2d79e88b7bb8df76dc6063385bf1625631c00471fb3a65f6929dd784de89ad64b2e18de1868252f63ac133d420a6cc30f578d65dd4406908cf656ea65ca35d8c99ba11d4a50374b564d6c8b281390ebab165f93386e844bbd2610bed6a4699d712d92557b79b7c6e9045e590b598eff80e9bb3528d5f30a184937e1107c9a44349b06e1d82d551663de53cde29364df508c1a82d1a7ca9ec5adb6c5806201abe6c5a7c52a5ac0acd9b8986a8bb901a66a5ab9", 0xfa}, {&(0x7f0000001fc0)="e42592b223663d701de5d1900600665afccadf59cf9425834442bcf2fd64277a46a678ab16a729857f023ac3a97d1d7805901b02f133cddb9bfd942b4f43fbd59c6ed70b0b9b5b8906749db3f6aae1809d45a30aa60d5219334d321d38fda5a5e33d67", 0x63}], 0x7, &(0x7f0000002140)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x10000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @local, @remote}}}, @ip_tos_u8={{0x11}}], 0x68}}], 0x4, 0x11) write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[], 0xfdef) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000032c0), 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000003400)={&(0x7f0000003300), 0xc, &(0x7f00000033c0)={&(0x7f0000003340)=ANY=[@ANYBLOB="6000000002020500000000000000000000000007180003800c000280050001001100000006000340000400000600074000010000080108400000fc00100003800c000280050001000100000008000840000000030a000b00512e393331000000"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_io_uring_complete(r2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000005e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000000), 0x7}, 0x0, 0x3}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)=@v1={0x0, @adiantum, 0x4, @auto="45dfebba869bc13e"}) 01:20:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:20:02 executing program 7: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = syz_open_procfs(0x0, &(0x7f0000001580)='net/snmp\x00') readv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001780)=""/251, 0xfb}, {&(0x7f0000001880)=""/102, 0x66}, {&(0x7f0000001900)=""/130, 0x82}, {&(0x7f00000019c0)=""/95, 0x5f}], 0x4) readv(r1, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') ioctl$FIONREAD(r2, 0x6801, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000001a40)=ANY=[@ANYRES32=0xffffffffffffffff, @ANYBLOB="0400000100ffff55aa5c76a451f4ff2d23f9ec5fe424df49631bffbb02be70dd447db92844ef8c5f6ca472674d1c8e0edc60b101683ab28289f358d8df374908f386e92b4620190535515b4ddf76554abd753c66cbe240d21e7b6584a71b69c4278206c9d706a0d13cc1a4ea36a39eefed332b0e824c7f90774f5a199654ed2d3757d7673c13e2afff8ed0dc1f9484cc658d1cd5845643215e67753735e7ec58ca14a8942b98d019524f7cbcf9549edfe851b5aa033656cb23ccadbfdd8115263c8ede43491d41a285c98c3f524c9f68b1f96938f6eba7f921d48412f54ed5d40c1b7675a48218b277c6715916ded2ec77690bb45ef6027d1d879a0617420be517a60e0400000000000000fd10a8043847d417fa033ff85b375edb880ef3ce2c9e8f4aae21dd27eaff66d36bf31607698b32f24ae48b400a0f304846f11ca998488be5ea699f96f2a9901aca655824b64095abfc13c5afe2c471e7a9788030c4412e8a6f21b532db9d76e745ec982db7e71844146d980c464eac17783e3f57b229bda9f910c9426db90ccec8091abff7e117ca674f4fea4658a83f"]) getdents(r3, &(0x7f0000000380)=""/215, 0xd7) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)={'U-', 0x7fffffff}, 0x16, 0x2) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f00000014c0), 0x900, 0x0) getdents64(r4, &(0x7f0000001500)=""/125, 0x7d) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) mount$bind(&(0x7f0000000200)='./file0/../file0\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x837013, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x3, [], 0xad, "7e9ac7272717f4"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000053700)={0x9, [], 0x5, "c08e29ebab8d60"}) unshare(0x48020200) 01:20:02 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x9) [ 2453.954746] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2453.956716] EXT4-fs (loop4): group descriptors corrupted! [ 2453.976980] FAULT_INJECTION: forcing a failure. [ 2453.976980] name failslab, interval 1, probability 0, space 0, times 0 [ 2453.978844] CPU: 0 PID: 11968 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2453.980008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2453.981296] Call Trace: [ 2453.981740] dump_stack+0x107/0x167 [ 2453.982321] should_fail.cold+0x5/0xa [ 2453.982938] ? create_object.isra.0+0x3a/0xa20 [ 2453.983659] should_failslab+0x5/0x20 [ 2453.984257] kmem_cache_alloc+0x5b/0x310 [ 2453.984910] create_object.isra.0+0x3a/0xa20 [ 2453.985606] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2453.986409] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2453.987208] ? __ip_append_data+0x2930/0x3310 [ 2453.987904] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2453.988746] __alloc_skb+0xb1/0x5b0 [ 2453.989315] __ip_append_data+0x2930/0x3310 [ 2453.990039] ? raw_destroy+0x30/0x30 [ 2453.990627] ? ip_finish_output+0x330/0x330 [ 2453.991323] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2453.992116] ? memcpy+0x39/0x60 [ 2453.992655] ? raw_destroy+0x30/0x30 [ 2453.993243] ip_append_data+0x114/0x1a0 [ 2453.993907] raw_sendmsg+0xaa6/0x29d0 [ 2453.994517] ? dst_output+0x170/0x170 [ 2453.995127] ? __lock_acquire+0x1657/0x5b00 [ 2453.995805] ? perf_trace_lock+0xac/0x490 [ 2453.996476] ? SOFTIRQ_verbose+0x10/0x10 [ 2453.997119] ? __lockdep_reset_lock+0x180/0x180 [ 2453.997892] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2453.998674] ? find_held_lock+0x2c/0x110 [ 2453.999345] ? trace_hardirqs_on+0x5b/0x180 [ 2454.000020] ? dst_output+0x170/0x170 [ 2454.000641] inet_sendmsg+0x11d/0x140 [ 2454.001242] ? inet_send_prepare+0x540/0x540 [ 2454.001958] __sock_sendmsg+0x13c/0x190 [ 2454.002588] ____sys_sendmsg+0x334/0x870 [ 2454.003254] ? sock_write_iter+0x3d0/0x3d0 [ 2454.003907] ? do_recvmmsg+0x6d0/0x6d0 [ 2454.004536] ? perf_trace_lock+0xac/0x490 [ 2454.005183] ? __lockdep_reset_lock+0x180/0x180 [ 2454.005938] ? perf_trace_lock+0xac/0x490 [ 2454.006606] ___sys_sendmsg+0xf3/0x170 [ 2454.007239] ? sendmsg_copy_msghdr+0x160/0x160 [ 2454.007957] ? lock_downgrade+0x6d0/0x6d0 [ 2454.008648] ? __fget_files+0x296/0x4c0 [ 2454.009272] ? __fget_light+0xea/0x290 [ 2454.009925] __sys_sendmmsg+0x195/0x470 [ 2454.010553] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2454.011250] ? lock_downgrade+0x6d0/0x6d0 [ 2454.011904] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2454.012717] ? perf_trace_preemptirq_template+0x266/0x400 [ 2454.013572] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2454.014452] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2454.015319] ? __traceiter_irq_enable+0xc0/0xc0 [ 2454.016068] ? fput_many+0x2f/0x1a0 [ 2454.016664] ? trace_rcu_dyntick+0x2f/0x170 [ 2454.017371] __x64_sys_sendmmsg+0x99/0x100 [ 2454.018038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2454.018864] do_syscall_64+0x33/0x40 [ 2454.019449] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2454.020271] RIP: 0033:0x7fe4a84d7b19 [ 2454.020851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2454.023781] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2454.024949] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2454.026098] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2454.027232] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2454.028369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2454.029510] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2454.045415] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2454.049855] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2454.061273] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2454.068024] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2454.094802] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2454.095995] EXT4-fs (loop4): group descriptors corrupted! 01:20:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2454.147336] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2454.195252] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:20:02 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x80000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 18) 01:20:02 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4000000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:20:02 executing program 1: socketpair(0x10, 0x0, 0x3ff, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x7337, 0x0, 0x0, 0x400000}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x8001, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2454.364326] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2454.369694] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2454.465040] FAULT_INJECTION: forcing a failure. [ 2454.465040] name failslab, interval 1, probability 0, space 0, times 0 [ 2454.466926] CPU: 0 PID: 11997 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2454.468067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2454.469422] Call Trace: [ 2454.469871] dump_stack+0x107/0x167 [ 2454.470474] should_fail.cold+0x5/0xa [ 2454.471113] ? __alloc_skb+0x6d/0x5b0 [ 2454.471752] should_failslab+0x5/0x20 [ 2454.472388] kmem_cache_alloc_node+0x55/0x330 [ 2454.473138] __alloc_skb+0x6d/0x5b0 [ 2454.473771] __ip_append_data+0x2930/0x3310 [ 2454.474517] ? raw_destroy+0x30/0x30 [ 2454.475159] ? ip_finish_output+0x330/0x330 [ 2454.475883] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2454.476732] ? memcpy+0x39/0x60 [ 2454.477294] ? raw_destroy+0x30/0x30 [ 2454.477932] ip_append_data+0x114/0x1a0 [ 2454.478618] raw_sendmsg+0xaa6/0x29d0 [ 2454.479284] ? dst_output+0x170/0x170 [ 2454.479932] ? __lock_acquire+0x1657/0x5b00 [ 2454.480693] ? perf_trace_lock+0xac/0x490 [ 2454.481390] ? SOFTIRQ_verbose+0x10/0x10 [ 2454.482090] ? __lockdep_reset_lock+0x180/0x180 [ 2454.482887] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2454.483904] ? find_held_lock+0x2c/0x110 [ 2454.484610] ? trace_hardirqs_on+0x5b/0x180 [ 2454.485340] ? dst_output+0x170/0x170 [ 2454.485992] inet_sendmsg+0x11d/0x140 [ 2454.486636] ? inet_send_prepare+0x540/0x540 [ 2454.487367] __sock_sendmsg+0x13c/0x190 [ 2454.488040] ____sys_sendmsg+0x334/0x870 [ 2454.488722] ? sock_write_iter+0x3d0/0x3d0 [ 2454.489426] ? do_recvmmsg+0x6d0/0x6d0 [ 2454.490084] ? perf_trace_lock+0xac/0x490 [ 2454.490793] ? __lockdep_reset_lock+0x180/0x180 [ 2454.491571] ? perf_trace_lock+0xac/0x490 [ 2454.492278] ___sys_sendmsg+0xf3/0x170 [ 2454.492940] ? sendmsg_copy_msghdr+0x160/0x160 [ 2454.493726] ? lock_downgrade+0x6d0/0x6d0 [ 2454.494457] ? __fget_files+0x296/0x4c0 [ 2454.495131] ? __fget_light+0xea/0x290 [ 2454.495791] __sys_sendmmsg+0x195/0x470 [ 2454.496470] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2454.497187] ? lock_downgrade+0x6d0/0x6d0 [ 2454.497898] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2454.498748] ? perf_trace_preemptirq_template+0x266/0x400 [ 2454.499663] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2454.500561] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2454.501468] ? __traceiter_irq_enable+0xc0/0xc0 [ 2454.502243] ? fput_many+0x2f/0x1a0 [ 2454.502851] ? trace_rcu_dyntick+0x2f/0x170 [ 2454.503576] __x64_sys_sendmmsg+0x99/0x100 [ 2454.504276] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2454.505127] do_syscall_64+0x33/0x40 [ 2454.505752] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2454.506597] RIP: 0033:0x7fe4a84d7b19 [ 2454.507218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2454.510235] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2454.511505] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2454.512681] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2454.513863] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2454.515034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2454.516210] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2454.560902] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2454.562650] EXT4-fs (loop4): group descriptors corrupted! [ 2454.626783] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2454.628335] EXT4-fs (loop4): group descriptors corrupted! [ 2459.739454] Bluetooth: hci0: command 0x0409 tx timeout [ 2461.787471] Bluetooth: hci0: command 0x041b tx timeout [ 2463.835576] Bluetooth: hci0: command 0x040f tx timeout [ 2465.583225] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2465.584766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2465.593378] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2465.625828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2465.627266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2465.629608] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2465.883450] Bluetooth: hci0: command 0x0419 tx timeout 01:20:33 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READ_FIXED={0x4, 0x5, 0x2004, @fd_index=0x2, 0x2, 0x3, 0x3f, 0x10, 0x1, {0x2}}, 0x10001) sync_file_range(r1, 0x8, 0x5, 0x2) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000a, 0x13, r0, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="fcfd0000", @ANYRES16=r4, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32=r5, @ANYBLOB="08002600e9160000"], 0x24}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x74, 0x2b, 0x400, 0x70bd25, 0x25dfdbfb, {0xe}, [@generic, @nested={0x60, 0x83, 0x0, 0x1, [@generic="f776e8b9334c96c82ce3894f536c5f5e3639b64fe136b40049c4256a1ae801cca9eef0db7f99bd938737e322540e9fae8a08e180666347c3ace3830894a9cf0e41dab773c4f9280aceacd90f0e9289b6cc3f01ddfbcc2bf69a5ec0dc"]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000000}, 0x40080) fallocate(0xffffffffffffffff, 0x30, 0xfe9, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[], 0xfdef) syz_io_uring_complete(r2) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000002c0)=ANY=[@ANYRESHEX]) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7f) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{}, {}, 0x0, 0x6}) syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x4, 0x0, @fd, 0x6, &(0x7f0000000600), 0x0, 0x0, 0x1}, 0x5) 01:20:33 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0xffffff7f00000000) socket$inet_icmp(0x2, 0x2, 0x1) 01:20:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r8, r7, 0x0, 0x7ffffff9) dup2(r7, r5) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = dup2(r9, r6) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="017d3fd0f34d2a171ffeb74ec1650072"]) r12 = syz_genetlink_get_family_id$batadv(0x0, r10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r11, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYRES64, @ANYRES16=r12, @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x200040c0}, 0x14050884) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="20002dbd7000fbdbdf250b00000008003c0a4316898c5dfd000000000008003c000800000006002800020000000800320009000000060028000300000008003b000800000008002c00050000002581a7b9c051fd937f058be592af2e73f5b0578e746f49470ec7266d406ec123e28b6be3a40c31134cbcc112edf238b6dd827cefcf1ab60bfe4305000000e95b3d9397f0767c86529c9960d1a95ed7e3b685f99df5eae29575c5a673a3048ac757624fce50ca613575d681184a0341b393ab13ce4905f06880fdd928c49c926cf4c7abb7430e65ea5d002ffe79fae1dff3625e107f00a23a624beead5726"], 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x44000) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)={0x14, 0x42, 0x69844ea0a6ddcd11, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0) 01:20:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x400300, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4800000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:20:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 19) 01:20:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x5000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:20:33 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xa) [ 2484.984892] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2485.014012] FAULT_INJECTION: forcing a failure. [ 2485.014012] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.016001] CPU: 0 PID: 12487 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2485.017117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.018455] Call Trace: [ 2485.018889] dump_stack+0x107/0x167 [ 2485.019480] should_fail.cold+0x5/0xa [ 2485.020097] ? create_object.isra.0+0x3a/0xa20 [ 2485.020837] should_failslab+0x5/0x20 [ 2485.021458] kmem_cache_alloc+0x5b/0x310 [ 2485.022134] create_object.isra.0+0x3a/0xa20 [ 2485.022843] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.023688] kmem_cache_alloc_node+0x169/0x330 [ 2485.024450] __alloc_skb+0x6d/0x5b0 [ 2485.025067] __ip_append_data+0x2930/0x3310 [ 2485.025789] ? raw_destroy+0x30/0x30 [ 2485.026432] ? ip_finish_output+0x330/0x330 [ 2485.027142] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.027977] ? memcpy+0x39/0x60 [ 2485.028526] ? raw_destroy+0x30/0x30 [ 2485.029151] ip_append_data+0x114/0x1a0 [ 2485.029822] raw_sendmsg+0xaa6/0x29d0 [ 2485.030480] ? dst_output+0x170/0x170 [ 2485.031121] ? __lock_acquire+0x1657/0x5b00 [ 2485.031862] ? perf_trace_lock+0xac/0x490 [ 2485.032546] ? SOFTIRQ_verbose+0x10/0x10 [ 2485.033211] ? __lockdep_reset_lock+0x180/0x180 [ 2485.034014] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2485.034844] ? find_held_lock+0x2c/0x110 [ 2485.035540] ? trace_hardirqs_on+0x5b/0x180 [ 2485.036252] ? dst_output+0x170/0x170 [ 2485.036891] inet_sendmsg+0x11d/0x140 [ 2485.037525] ? inet_send_prepare+0x540/0x540 [ 2485.038258] __sock_sendmsg+0x13c/0x190 [ 2485.038920] ____sys_sendmsg+0x334/0x870 [ 2485.039598] ? sock_write_iter+0x3d0/0x3d0 [ 2485.040298] ? do_recvmmsg+0x6d0/0x6d0 [ 2485.040950] ? perf_trace_lock+0xac/0x490 [ 2485.041644] ? __lockdep_reset_lock+0x180/0x180 [ 2485.042409] ? perf_trace_lock+0xac/0x490 [ 2485.043097] ___sys_sendmsg+0xf3/0x170 [ 2485.043751] ? sendmsg_copy_msghdr+0x160/0x160 [ 2485.044508] ? lock_downgrade+0x6d0/0x6d0 [ 2485.045211] ? __fget_files+0x296/0x4c0 [ 2485.045908] ? __fget_light+0xea/0x290 [ 2485.046568] __sys_sendmmsg+0x195/0x470 [ 2485.047230] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2485.047920] ? lock_downgrade+0x6d0/0x6d0 [ 2485.048626] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2485.049457] ? perf_trace_preemptirq_template+0x266/0x400 [ 2485.050325] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2485.051235] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2485.052118] ? __traceiter_irq_enable+0xc0/0xc0 [ 2485.052869] ? fput_many+0x2f/0x1a0 [ 2485.053475] ? trace_rcu_dyntick+0x2f/0x170 [ 2485.054191] __x64_sys_sendmmsg+0x99/0x100 [ 2485.054879] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.055713] do_syscall_64+0x33/0x40 [ 2485.056326] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.057155] RIP: 0033:0x7fe4a84d7b19 [ 2485.057767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.060734] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2485.061976] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2485.063124] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2485.064270] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2485.065417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2485.066567] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2485.119477] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:20:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf0ffff, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2485.123720] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2485.125315] EXT4-fs (loop4): group descriptors corrupted! 01:20:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x6000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:20:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 20) [ 2485.183833] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2485.239464] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2485.240891] EXT4-fs (loop4): group descriptors corrupted! [ 2485.308886] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2485.327604] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:20:33 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xd) 01:20:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:20:33 executing program 7: syz_emit_ethernet(0x2e, &(0x7f0000000000)={@broadcast, @link_local, @val={@void}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, {0x12, 0x0, 0x0, @multicast1}}}}}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendfile(r0, r1, 0x0, 0x39) [ 2485.400123] FAULT_INJECTION: forcing a failure. [ 2485.400123] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.402125] CPU: 0 PID: 12506 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2485.403186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.404456] Call Trace: [ 2485.404871] dump_stack+0x107/0x167 [ 2485.405437] should_fail.cold+0x5/0xa [ 2485.406058] should_failslab+0x5/0x20 [ 2485.406648] __kmalloc_node_track_caller+0x74/0x3b0 [ 2485.407477] ? __ip_append_data+0x2930/0x3310 [ 2485.408219] __alloc_skb+0xb1/0x5b0 [ 2485.408806] __ip_append_data+0x2930/0x3310 [ 2485.409532] ? raw_destroy+0x30/0x30 [ 2485.410147] ? ip_finish_output+0x330/0x330 [ 2485.410859] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.411669] ? memcpy+0x39/0x60 [ 2485.412214] ? raw_destroy+0x30/0x30 [ 2485.412810] ip_append_data+0x114/0x1a0 [ 2485.413477] raw_sendmsg+0xaa6/0x29d0 [ 2485.414101] ? dst_output+0x170/0x170 [ 2485.414723] ? __lock_acquire+0x1657/0x5b00 [ 2485.415419] ? perf_trace_lock+0xac/0x490 [ 2485.416099] ? SOFTIRQ_verbose+0x10/0x10 [ 2485.416735] ? __lockdep_reset_lock+0x180/0x180 [ 2485.417538] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2485.418640] ? find_held_lock+0x2c/0x110 [ 2485.419530] ? trace_hardirqs_on+0x5b/0x180 [ 2485.420447] ? dst_output+0x170/0x170 [ 2485.421249] inet_sendmsg+0x11d/0x140 [ 2485.422066] ? inet_send_prepare+0x540/0x540 [ 2485.422885] __sock_sendmsg+0x13c/0x190 [ 2485.423620] ____sys_sendmsg+0x334/0x870 [ 2485.424368] ? sock_write_iter+0x3d0/0x3d0 [ 2485.425136] ? do_recvmmsg+0x6d0/0x6d0 [ 2485.425846] ? perf_trace_lock+0xac/0x490 [ 2485.426617] ? __lockdep_reset_lock+0x180/0x180 [ 2485.427460] ? perf_trace_lock+0xac/0x490 [ 2485.428222] ___sys_sendmsg+0xf3/0x170 [ 2485.428936] ? sendmsg_copy_msghdr+0x160/0x160 [ 2485.429773] ? lock_downgrade+0x6d0/0x6d0 [ 2485.430560] ? __fget_files+0x296/0x4c0 [ 2485.431302] ? __fget_light+0xea/0x290 [ 2485.432023] __sys_sendmmsg+0x195/0x470 [ 2485.432757] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2485.433546] ? lock_downgrade+0x6d0/0x6d0 [ 2485.434330] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2485.435251] ? perf_trace_preemptirq_template+0x266/0x400 [ 2485.436251] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2485.437257] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2485.438244] ? __traceiter_irq_enable+0xc0/0xc0 [ 2485.439093] ? fput_many+0x2f/0x1a0 [ 2485.439766] ? trace_rcu_dyntick+0x2f/0x170 [ 2485.440566] __x64_sys_sendmmsg+0x99/0x100 [ 2485.441343] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.442294] do_syscall_64+0x33/0x40 [ 2485.442983] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.443923] RIP: 0033:0x7fe4a84d7b19 [ 2485.444613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.447987] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2485.449385] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2485.450697] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2485.452009] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2485.453316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2485.454634] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:20:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x1000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x7000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2485.687273] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2485.689226] EXT4-fs (loop4): group descriptors corrupted! [ 2485.693345] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2485.722220] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2485.724087] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2485.725493] EXT4-fs (loop4): group descriptors corrupted! [ 2485.732822] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2485.788100] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:20:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 21) 01:20:51 executing program 7: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) fallocate(r1, 0x10, 0x0, 0xfdef) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_TIMEOUT_REMOVE, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) r5 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000400)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345}, 0x5) syz_io_uring_submit(r6, r4, &(0x7f0000000440)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x12345}, 0x8a4d) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r2, 0x8000000) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/class/drm', 0x970c7917c8cb9e10, 0x2) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x6000, @fd=r5, 0x4, 0x0, 0x0, 0x14, 0x0, {0x1, r9}}, 0x80000001) r10 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000480), 0x8c43, 0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_RECVMSG={0xa, 0x3, 0x0, r10, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/131, 0x83}, {&(0x7f0000000180)=""/46, 0x2e}, {&(0x7f00000001c0)=""/100, 0x64}], 0x3, &(0x7f0000000300)=""/232, 0xe8}, 0x0, 0x10000, 0x1, {0x0, r11}}, 0x7) r12 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r12, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1, 0x4e20, 0x7, 0x4e23, 0x7, 0xa, 0xb0, 0x20, 0x2f, 0x0, 0xffffffffffffffff}, {0x1ff, 0x8, 0x100000001, 0xffffffffffffffff, 0x3, 0x0, 0x14f, 0x6}, {0x20, 0x2f, 0x4, 0xffff}, 0x9, 0x6e6bb3, 0x1, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x4d3, 0x33}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x3501, 0x0, 0x3, 0x4, 0x1, 0x8, 0x6}}, 0xe8) creat(&(0x7f0000000000)='./file0\x00', 0x0) 01:20:51 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) fallocate(r3, 0x2c, 0x80000001, 0x1) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:20:51 executing program 1: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000840)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="000040040000000085cf2e2f66696c6500cf515704a24ac9dde93000e53c6a1457c6f58763b436c9c09befbb93b6d2aca37ce80f9d0694497a88321d675417665d68ade2c22ed1621a482257c37697a437af8c28f39295e6b003a2a1bf5b255c63955ef98d410bcfc721cf2652db61bb6bf2de924114ca7ae4aa908449fa1b38734dc19a133aababbc06"]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x200}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat2(r0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x444002, 0x2}, 0x18) utimes(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={{}, {0x77359400}}) r2 = openat(r1, &(0x7f0000000180)='./file0\x00', 0x84400, 0x0) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="666265657a65726da92c01"]) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000580)) r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000280), 0x561001, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) fsmount(r1, 0x1, 0x4) ioctl$FIGETBSZ(r4, 0x2, &(0x7f00000002c0)) stat(&(0x7f00000001c0)='./file1/file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) setresuid(r5, 0x0, 0x0) fchownat(r2, &(0x7f0000000300)='./file0\x00', r5, 0xee00, 0x800) mount$cgroup(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x2812020, &(0x7f0000000400)=ANY=[@ANYBLOB="6e616d653d2f6465762f736e617073686f74002c6e616d653d68756765746c622c616c6c2c6e6f6e652c6370757365745f76325f6d6f64652c78617474722c6e6f7072656669782c636cdfe7af084ab5f43bf36f6e655f6365746c622c66736e616d653d2f6465762f7a65726f002c736d61636b6673666c6f6f723d2e282b2d5e2c6f626a5f726f6c653d5e282c00c01bb33846a64ba66b96d1f8bafc523e011c45bb8386b1254b86bb32f5b5b695499776"]) 01:20:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x8000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:20:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x2000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xf) 01:20:51 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6000000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2503.469580] FAULT_INJECTION: forcing a failure. [ 2503.469580] name failslab, interval 1, probability 0, space 0, times 0 [ 2503.471318] CPU: 1 PID: 12540 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2503.472345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2503.473568] Call Trace: [ 2503.473970] dump_stack+0x107/0x167 [ 2503.474527] should_fail.cold+0x5/0xa [ 2503.475098] ? create_object.isra.0+0x3a/0xa20 [ 2503.475782] should_failslab+0x5/0x20 [ 2503.476348] kmem_cache_alloc+0x5b/0x310 [ 2503.476967] create_object.isra.0+0x3a/0xa20 [ 2503.477622] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2503.478390] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2503.479134] ? __ip_append_data+0x2930/0x3310 [ 2503.479809] __alloc_skb+0xb1/0x5b0 [ 2503.480361] __ip_append_data+0x2930/0x3310 [ 2503.481021] ? raw_destroy+0x30/0x30 [ 2503.481592] ? ip_finish_output+0x330/0x330 [ 2503.482244] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2503.483000] ? memcpy+0x39/0x60 [ 2503.483497] ? raw_destroy+0x30/0x30 [ 2503.484053] ip_append_data+0x114/0x1a0 [ 2503.484656] raw_sendmsg+0xaa6/0x29d0 [ 2503.485236] ? dst_output+0x170/0x170 [ 2503.485803] ? __lock_acquire+0x1657/0x5b00 [ 2503.486477] ? perf_trace_lock+0xac/0x490 [ 2503.487092] ? SOFTIRQ_verbose+0x10/0x10 [ 2503.487702] ? __lockdep_reset_lock+0x180/0x180 [ 2503.488404] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2503.489157] ? find_held_lock+0x2c/0x110 [ 2503.489782] ? trace_hardirqs_on+0x5b/0x180 [ 2503.490428] ? dst_output+0x170/0x170 [ 2503.491001] inet_sendmsg+0x11d/0x140 [ 2503.491566] ? inet_send_prepare+0x540/0x540 [ 2503.492220] __sock_sendmsg+0x13c/0x190 [ 2503.492815] ____sys_sendmsg+0x334/0x870 [ 2503.493422] ? sock_write_iter+0x3d0/0x3d0 [ 2503.494046] ? do_recvmmsg+0x6d0/0x6d0 [ 2503.494632] ? perf_trace_lock+0xac/0x490 [ 2503.495258] ? __lockdep_reset_lock+0x180/0x180 [ 2503.495948] ? perf_trace_lock+0xac/0x490 [ 2503.496573] ___sys_sendmsg+0xf3/0x170 [ 2503.497156] ? sendmsg_copy_msghdr+0x160/0x160 [ 2503.497834] ? lock_downgrade+0x6d0/0x6d0 [ 2503.498469] ? lock_downgrade+0x6d0/0x6d0 [ 2503.499089] ? __fget_files+0x296/0x4c0 [ 2503.499695] ? __fget_light+0xea/0x290 [ 2503.500283] __sys_sendmmsg+0x195/0x470 [ 2503.500884] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2503.501524] ? lock_downgrade+0x6d0/0x6d0 [ 2503.502169] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2503.502885] ? wait_for_completion_io+0x270/0x270 [ 2503.503598] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2503.504412] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2503.505225] ? rcu_read_lock_any_held+0x75/0xa0 [ 2503.505916] ? __traceiter_irq_enable+0xc0/0xc0 [ 2503.506606] ? fput_many+0x2f/0x1a0 [ 2503.507149] ? trace_rcu_dyntick+0x2f/0x170 [ 2503.507799] __x64_sys_sendmmsg+0x99/0x100 [ 2503.508427] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2503.509183] do_syscall_64+0x33/0x40 [ 2503.509734] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2503.510497] RIP: 0033:0x7fe4a84d7b19 [ 2503.511046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2503.513738] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2503.514865] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2503.515910] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2503.516952] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2503.517997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2503.519046] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2503.554904] Bluetooth: hci0: link tx timeout [ 2503.556527] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.558481] Bluetooth: hci0: link tx timeout [ 2503.559378] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.560822] Bluetooth: hci0: link tx timeout [ 2503.561716] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.563823] Bluetooth: hci0: link tx timeout [ 2503.564646] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.565843] Bluetooth: hci0: link tx timeout [ 2503.566606] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.567755] Bluetooth: hci0: link tx timeout [ 2503.568494] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.569633] Bluetooth: hci0: link tx timeout [ 2503.570378] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.571513] Bluetooth: hci0: link tx timeout [ 2503.572223] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.573361] Bluetooth: hci0: link tx timeout [ 2503.574068] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.577903] Bluetooth: hci0: link tx timeout [ 2503.578706] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.579912] Bluetooth: hci0: link tx timeout [ 2503.580699] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.581854] Bluetooth: hci0: link tx timeout [ 2503.582834] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.595933] Bluetooth: hci0: link tx timeout [ 2503.596783] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.597998] Bluetooth: hci0: link tx timeout [ 2503.598778] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.599952] Bluetooth: hci0: link tx timeout [ 2503.600252] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2503.600696] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.603011] Bluetooth: hci0: link tx timeout [ 2503.603764] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.608533] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2503.610768] cgroup: Unknown subsys name 'fbeezerm©' [ 2503.620875] Bluetooth: hci0: link tx timeout [ 2503.621801] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.623011] Bluetooth: hci0: link tx timeout [ 2503.623774] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.624950] Bluetooth: hci0: link tx timeout [ 2503.625725] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.631694] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2503.633628] Bluetooth: hci0: link tx timeout [ 2503.634442] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.635648] Bluetooth: hci0: link tx timeout [ 2503.636391] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.637586] Bluetooth: hci0: link tx timeout [ 2503.638362] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2503.650919] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2503.657693] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2503.659564] EXT4-fs (loop4): group descriptors corrupted! [ 2503.670587] cgroup: Unknown subsys name 'fbeezerm©' 01:20:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 22) 01:20:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xdc183db}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:20:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x3000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:20:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x10) [ 2503.762471] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2503.764205] EXT4-fs (loop4): group descriptors corrupted! 01:20:52 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x65849af900000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2503.895962] FAULT_INJECTION: forcing a failure. [ 2503.895962] name failslab, interval 1, probability 0, space 0, times 0 [ 2503.898151] CPU: 0 PID: 12564 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2503.899362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2503.900725] Call Trace: [ 2503.901170] dump_stack+0x107/0x167 [ 2503.901779] should_fail.cold+0x5/0xa [ 2503.902424] ? create_object.isra.0+0x3a/0xa20 [ 2503.903188] should_failslab+0x5/0x20 [ 2503.903818] kmem_cache_alloc+0x5b/0x310 [ 2503.904503] create_object.isra.0+0x3a/0xa20 [ 2503.905233] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2503.906052] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2503.906882] ? __ip_append_data+0x2930/0x3310 [ 2503.907632] __alloc_skb+0xb1/0x5b0 [ 2503.908273] __ip_append_data+0x2930/0x3310 [ 2503.909012] ? raw_destroy+0x30/0x30 [ 2503.909653] ? ip_finish_output+0x330/0x330 [ 2503.910382] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2503.911227] ? memcpy+0x39/0x60 [ 2503.911787] ? raw_destroy+0x30/0x30 [ 2503.912411] ip_append_data+0x114/0x1a0 [ 2503.913090] raw_sendmsg+0xaa6/0x29d0 [ 2503.913745] ? dst_output+0x170/0x170 [ 2503.914390] ? __lock_acquire+0x1657/0x5b00 [ 2503.915096] ? perf_trace_lock+0xac/0x490 [ 2503.915792] ? SOFTIRQ_verbose+0x10/0x10 [ 2503.916445] ? __lockdep_reset_lock+0x180/0x180 [ 2503.917234] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2503.918052] ? find_held_lock+0x2c/0x110 [ 2503.918751] ? trace_hardirqs_on+0x5b/0x180 [ 2503.919442] ? dst_output+0x170/0x170 [ 2503.920062] inet_sendmsg+0x11d/0x140 [ 2503.920660] ? inet_send_prepare+0x540/0x540 [ 2503.921374] __sock_sendmsg+0x13c/0x190 [ 2503.921999] ____sys_sendmsg+0x334/0x870 [ 2503.922664] ? sock_write_iter+0x3d0/0x3d0 [ 2503.923333] ? do_recvmmsg+0x6d0/0x6d0 [ 2503.923972] ? perf_trace_lock+0xac/0x490 [ 2503.924642] ? __lockdep_reset_lock+0x180/0x180 [ 2503.925397] ? perf_trace_lock+0xac/0x490 [ 2503.926067] ___sys_sendmsg+0xf3/0x170 [ 2503.926711] ? sendmsg_copy_msghdr+0x160/0x160 [ 2503.927434] ? lock_downgrade+0x6d0/0x6d0 [ 2503.928133] ? __fget_files+0x296/0x4c0 [ 2503.928780] ? __fget_light+0xea/0x290 [ 2503.929427] __sys_sendmmsg+0x195/0x470 [ 2503.930101] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2503.930811] ? lock_downgrade+0x6d0/0x6d0 [ 2503.931495] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2503.932331] ? perf_trace_preemptirq_template+0x266/0x400 [ 2503.933214] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2503.934119] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2503.935015] ? __traceiter_irq_enable+0xc0/0xc0 [ 2503.935763] ? fput_many+0x2f/0x1a0 [ 2503.936330] ? trace_rcu_dyntick+0x2f/0x170 [ 2503.937039] __x64_sys_sendmmsg+0x99/0x100 [ 2503.937693] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2503.938531] do_syscall_64+0x33/0x40 [ 2503.939111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2503.939934] RIP: 0033:0x7fe4a84d7b19 [ 2503.940509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2503.943418] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2503.944640] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2503.945770] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2503.946884] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2503.948031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2503.949115] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:20:52 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(r0, &(0x7f00000000c0)='./file0\x00', 0x242, 0x80) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24000, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x80000001) 01:20:52 executing program 1: signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x2]}, 0x8, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1, 0x8, 0x2000, 0x0, 0x100000002}, 0x0, 0x40, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x5) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)={0x1c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)={0x1c, r5, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="a60160920000", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fcdbdf256000000008000300", @ANYRES32=r2, @ANYBLOB="0c009900010000002e00000078002a000301b63e01028236401a1fa607000008021100000120000000080211000000030000003f0000000200080211000000000000800108021100000109000000000602020202020265125050505050500802110000000802110000018c181d04c32120cd4084ff8a0654c87bfdbd1c56b2447b5f532a0a012a0009a69a58c8bacbdd66e8f99ee79a26881982f4c6afa897b1f30bcf31eb1ee9d9e421486546dbbc71fb6825eb12fe20d9e821f7bf2f260ee0eb66c48949ae8355a71aaabfdcd64bfca4242457b0ea5361dad2ac888399f6993fd43f340e6fdefe8c533fd0a36d83b7bd68b7ab35ba26a744b0cd3874be29c0f4bb456232d9865252ad8e38725ec5a2aa21887652043bc9b0573444c30725cf97df4312e52422206277efdab5d080b5262501047f633cc611b6039ce054e52822a1903a169fb03b27941214720b4e833336142c7939698435070340ffffffffffff05000000080211000001370000ffffffffffff000800001f0040ffffffffffffcac100000802110000016e040000"], 0x1ac}, 0x1, 0x0, 0x0, 0x24040001}, 0x4048801) r6 = syz_open_procfs(0x0, &(0x7f00000005c0)='fdinfo/3\x00') pread64(r6, &(0x7f0000000040)=""/55, 0x37, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r8, r7) ioctl$PERF_EVENT_IOC_DISABLE(r8, 0x2401, 0x401) 01:20:52 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 23) [ 2504.037945] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2504.044940] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2504.216707] FAULT_INJECTION: forcing a failure. [ 2504.216707] name failslab, interval 1, probability 0, space 0, times 0 [ 2504.218468] CPU: 1 PID: 12584 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2504.219107] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2504.219476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2504.221010] EXT4-fs (loop4): group descriptors corrupted! [ 2504.222146] Call Trace: [ 2504.222172] dump_stack+0x107/0x167 [ 2504.222194] should_fail.cold+0x5/0xa [ 2504.222217] ? create_object.isra.0+0x3a/0xa20 [ 2504.222240] should_failslab+0x5/0x20 [ 2504.222258] kmem_cache_alloc+0x5b/0x310 [ 2504.222285] create_object.isra.0+0x3a/0xa20 [ 2504.222306] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2504.222333] kmem_cache_alloc_node+0x169/0x330 [ 2504.222362] __alloc_skb+0x6d/0x5b0 [ 2504.222390] __ip_append_data+0x2930/0x3310 [ 2504.222428] ? raw_destroy+0x30/0x30 [ 2504.222462] ? ip_finish_output+0x330/0x330 [ 2504.222483] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2504.222503] ? memcpy+0x39/0x60 [ 2504.222527] ? raw_destroy+0x30/0x30 [ 2504.222548] ip_append_data+0x114/0x1a0 [ 2504.222580] raw_sendmsg+0xaa6/0x29d0 [ 2504.222618] ? dst_output+0x170/0x170 [ 2504.222636] ? __lock_acquire+0x1657/0x5b00 [ 2504.222677] ? perf_trace_lock+0xac/0x490 [ 2504.222695] ? SOFTIRQ_verbose+0x10/0x10 [ 2504.222720] ? __lockdep_reset_lock+0x180/0x180 [ 2504.222751] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2504.222767] ? find_held_lock+0x2c/0x110 [ 2504.222806] ? trace_hardirqs_on+0x5b/0x180 [ 2504.222830] ? dst_output+0x170/0x170 [ 2504.222852] inet_sendmsg+0x11d/0x140 [ 2504.222871] ? inet_send_prepare+0x540/0x540 [ 2504.222888] __sock_sendmsg+0x13c/0x190 [ 2504.222910] ____sys_sendmsg+0x334/0x870 [ 2504.222934] ? sock_write_iter+0x3d0/0x3d0 [ 2504.222959] ? do_recvmmsg+0x6d0/0x6d0 [ 2504.243518] ? perf_trace_lock+0xac/0x490 [ 2504.244165] ? __lockdep_reset_lock+0x180/0x180 [ 2504.244880] ? perf_trace_lock+0xac/0x490 [ 2504.245529] ___sys_sendmsg+0xf3/0x170 [ 2504.246142] ? sendmsg_copy_msghdr+0x160/0x160 [ 2504.246852] ? lock_downgrade+0x6d0/0x6d0 [ 2504.247502] ? lock_downgrade+0x6d0/0x6d0 [ 2504.248147] ? __fget_files+0x296/0x4c0 [ 2504.248775] ? __fget_light+0xea/0x290 [ 2504.249381] __sys_sendmmsg+0x195/0x470 [ 2504.249998] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2504.250664] ? lock_downgrade+0x6d0/0x6d0 [ 2504.251321] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2504.252065] ? wait_for_completion_io+0x270/0x270 [ 2504.252797] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2504.253633] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2504.254489] ? rcu_read_lock_any_held+0x75/0xa0 [ 2504.255206] ? __traceiter_irq_enable+0xc0/0xc0 [ 2504.255916] ? fput_many+0x2f/0x1a0 [ 2504.256478] ? trace_rcu_dyntick+0x2f/0x170 [ 2504.257147] __x64_sys_sendmmsg+0x99/0x100 [ 2504.257793] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2504.258592] do_syscall_64+0x33/0x40 [ 2504.259141] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2504.259866] RIP: 0033:0x7fe4a84d7b19 [ 2504.260442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2504.263272] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2504.264448] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2504.265540] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2504.266688] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2504.267781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2504.268876] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2504.316621] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2504.318306] EXT4-fs (loop4): group descriptors corrupted! [ 2504.373949] Bluetooth: hci0: link tx timeout [ 2504.374781] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.376260] Bluetooth: hci0: link tx timeout [ 2504.377043] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.378740] Bluetooth: hci0: link tx timeout [ 2504.379527] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.380926] Bluetooth: hci0: link tx timeout [ 2504.381909] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.383278] Bluetooth: hci0: link tx timeout [ 2504.384093] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.386014] Bluetooth: hci0: link tx timeout [ 2504.386845] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.388401] Bluetooth: hci0: link tx timeout [ 2504.389157] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.390607] Bluetooth: hci0: link tx timeout [ 2504.391419] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.392903] Bluetooth: hci0: link tx timeout [ 2504.393697] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.395073] Bluetooth: hci0: link tx timeout [ 2504.395840] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.397288] Bluetooth: hci0: link tx timeout [ 2504.398059] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.399483] Bluetooth: hci0: link tx timeout [ 2504.400204] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.401597] Bluetooth: hci0: link tx timeout [ 2504.402331] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.403747] Bluetooth: hci0: link tx timeout [ 2504.404511] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.405886] Bluetooth: hci0: link tx timeout [ 2504.406661] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.408028] Bluetooth: hci0: link tx timeout [ 2504.408795] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.410184] Bluetooth: hci0: link tx timeout [ 2504.410954] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.412373] Bluetooth: hci0: link tx timeout [ 2504.413090] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.414508] Bluetooth: hci0: link tx timeout [ 2504.415229] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.416631] Bluetooth: hci0: link tx timeout [ 2504.417409] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.418787] Bluetooth: hci0: link tx timeout [ 2504.419542] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.420904] Bluetooth: hci0: link tx timeout [ 2504.421662] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.423046] Bluetooth: hci0: link tx timeout [ 2504.423816] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.425285] Bluetooth: hci0: link tx timeout [ 2504.426058] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.428593] Bluetooth: hci0: link tx timeout [ 2504.429363] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.430534] Bluetooth: hci0: link tx timeout [ 2504.431245] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.435024] Bluetooth: hci0: link tx timeout [ 2504.435976] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.437410] Bluetooth: hci0: link tx timeout [ 2504.438144] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.449923] Bluetooth: hci0: link tx timeout [ 2504.451409] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.452561] Bluetooth: hci0: link tx timeout [ 2504.453262] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.454458] Bluetooth: hci0: link tx timeout [ 2504.455247] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.459276] Bluetooth: hci0: link tx timeout [ 2504.460299] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.461605] Bluetooth: hci0: link tx timeout [ 2504.462329] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.463814] Bluetooth: hci0: link tx timeout [ 2504.464575] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.466053] Bluetooth: hci0: link tx timeout [ 2504.466839] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.468162] Bluetooth: hci0: link tx timeout [ 2504.468941] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.470260] Bluetooth: hci0: link tx timeout [ 2504.471035] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.472378] Bluetooth: hci0: link tx timeout [ 2504.473103] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.474463] Bluetooth: hci0: link tx timeout [ 2504.475191] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.476523] Bluetooth: hci0: link tx timeout [ 2504.477252] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.478584] Bluetooth: hci0: link tx timeout [ 2504.479310] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.480761] Bluetooth: hci0: link tx timeout [ 2504.481560] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.482978] Bluetooth: hci0: link tx timeout [ 2504.483755] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.486247] Bluetooth: hci0: link tx timeout [ 2504.487028] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.488329] Bluetooth: hci0: link tx timeout [ 2504.489136] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.490629] Bluetooth: hci0: link tx timeout [ 2504.491401] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.492841] Bluetooth: hci0: link tx timeout [ 2504.493840] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.495247] Bluetooth: hci0: link tx timeout [ 2504.496016] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.497329] Bluetooth: hci0: link tx timeout [ 2504.498198] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.499703] Bluetooth: hci0: link tx timeout [ 2504.500492] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.501804] Bluetooth: hci0: link tx timeout [ 2504.502610] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.504141] Bluetooth: hci0: link tx timeout [ 2504.505044] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.506643] Bluetooth: hci0: link tx timeout [ 2504.507430] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.508851] Bluetooth: hci0: link tx timeout [ 2504.509636] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.511002] Bluetooth: hci0: link tx timeout [ 2504.511794] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.513142] Bluetooth: hci0: link tx timeout [ 2504.513922] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.515452] Bluetooth: hci0: link tx timeout [ 2504.516297] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.517898] Bluetooth: hci0: link tx timeout [ 2504.518889] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.521316] Bluetooth: hci0: link tx timeout [ 2504.522095] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.523255] Bluetooth: hci0: link tx timeout [ 2504.524024] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.525185] Bluetooth: hci0: link tx timeout [ 2504.525938] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.528614] Bluetooth: hci0: link tx timeout [ 2504.530453] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.531605] Bluetooth: hci0: link tx timeout [ 2504.532318] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.533478] Bluetooth: hci0: link tx timeout [ 2504.534192] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.536097] Bluetooth: hci0: link tx timeout [ 2504.536890] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.538512] Bluetooth: hci0: link tx timeout [ 2504.539336] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.542565] Bluetooth: hci0: link tx timeout [ 2504.543312] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2504.544479] Bluetooth: hci0: link tx timeout [ 2504.545194] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2505.563445] Bluetooth: hci0: command 0x0406 tx timeout 01:21:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:21:10 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:21:11 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x11) 01:21:11 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6800000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:21:11 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x40091, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x8a001, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x400ac1, 0x84) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000001680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000016c0)=0x14, 0x800) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r2, 0x80286722, &(0x7f0000001740)={&(0x7f0000001700)=""/60, 0x3c, 0x2, 0xc0}) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) write(r1, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) mq_timedsend(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file1\x00', 0xb0d, 0x3, &(0x7f0000000bc0)=[{&(0x7f00000003c0)="48dd55a773edddb1c1041afceb282c8e460759ee0557ed3584cdf6711d6ab26a2d6ad4aa1abc79828e213a215554db811cffc6d37d6810aee60e13073f05388ebb5e152647c396a14782382d3a5e42f259082bf06d36458e90bb63029dba17c662e393b258d8367794572bf820a1ff79da9818c8893b936231f21ad75dedfca920faca6c8903f7b29184413c9ba57cf74fc45f1b78215bbe3393d58ae477e4e4c7daa6ba47d7ee52340f2b3558db6b4630c4fb538d5c44e31910d3d93aa4971b13eabcb540661d41b545b90fe7b40a89226ed2cd92", 0xd5, 0xffff}, {&(0x7f0000000b40)="13a240076ca37aa07c0bd7cd778ac235122dff9c35824a3c825cba93b99a0b552cbd3ca328acb2743dcd4f8533464b1c7b226ee1c4fc450ad4cc17242a2cca9312835efc0b1beff33daa207c3fd2bea702273386eab31bcd98bfa11ddf015c03d3dcd057ecf9e5", 0x67, 0xfff}, {&(0x7f00000004c0), 0x0, 0x8001}], 0x420, &(0x7f0000000c40)={[{@uni_xlateno}, {@shortname_winnt}], [{@euid_gt}, {@fsmagic={'fsmagic', 0x3d, 0x7fffffff}}]}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000940)) r5 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r5, 0x0, r3, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000002c0), 0x0, 0x0, 0x1) mq_open(0x0, 0x0, 0x0, 0x0) 01:21:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 24) [ 2522.857252] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:21:11 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) sendto(r0, &(0x7f0000000040)="f16f750468b44205f398906290fe9a2419e501d51ede4c2d3c29e364917a6eaa79861a4bcd8e0c915a58d6da29a02a163adfc48e3951a8a95fd908d9e8d3189763f6bc6f33", 0x45, 0x4008004, &(0x7f0000000280)=@pptp={0x18, 0x2, {0x2, @broadcast}}, 0x80) socket$inet_icmp(0x2, 0x2, 0x1) 01:21:11 executing program 7: ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f0000000180)) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa418b6d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7f454c46107f05b603000000000000000200030000080000ae020000000000004000000000000000650200000000000001000080ff7f38000100fcff0500030001000000ffff000002000000000000000700000000000000030000000000000000000000000080000000000000000000010000800000000051e574640100008000040000000000000400000000000000ffff0000000000000010000000000000ffff000000000000ffff00000000000011863e0224897d7191d0644687ea00136bbe62e65a6478d4176c0145d4f7b36daddaabb36aa07250b278d76512cdafcae4fcdd588e972361a70ecc161818ae0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000"/1519], 0x5ef) ioctl$SG_IO(r3, 0x1274, 0x0) r4 = dup2(r0, r0) r5 = syz_io_uring_complete(0x0) r6 = io_uring_setup(0x4f5c, &(0x7f00000003c0)={0x0, 0x9266, 0x8, 0x3, 0x175}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000440)={{0x1, 0x1, 0x18, r6, {0x1}}, './file0\x00'}) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, r5) r8 = fsmount(r4, 0x0, 0x7f) epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r7, &(0x7f0000000780)={0x40000001}) r9 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') r10 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x7fffffff, 0x3, &(0x7f0000000700)=[{&(0x7f0000000480)="a9c7da4ffe767c5823b534eecc4b3b432b1bee6f9c25234de5f9734d1475c38fdf8525c93282fb4519b705d69af3948215c0922c0a17a1acf86063cb91e4523bb5637517105a26b143091e5edd6bf4ecfc8f9fb36b0f81208606fcedd2cef9dec2ff2f7f0aafaa5d2c12e91884f1864a9a710ebb701e9bb252aaadeff2b05187ba161ebc11ab81807cf3a038d38feb26ced966107cf68de7bd500bf522287971e0198716b45973cfd722b507a0f2d86af05919f4dc233e18c1c754e8d7ef156d839ff4d8f18cb3f8068fb2b24f3ab6065f4a2a2bfdae", 0xd6}, {&(0x7f0000000580)="15d966a9f41952b1cb7daf65a02318463bf290b51dbbe7f9678d43e8b29e94f4be36aceffa79ef3574a34cc31e1052992702754729f9eaaee6b792761de7c1a6f17b174d12a641c488ffa75dc72a93c158d80bcb64121310855e1e30ac752819e66310d05d4dc32a750fbb683293e1dd35d9a0004f32f7e158a299a8a36a289ccc61fe2ac0dae71f1781485e42982266c51f067888ebef4bd78d1eab9f0e436ff88da9a6266d408938e1359e5aec0809cc2c27d6628b4dbe9b07d0b7cd8c8f2f638ccb31e8dd7fdf4eeca630ffa76ad5c93c03f444b81c7bd8a9bd892bbada9cf1adc10a3fdef33c62ce925b62c2f386d49f815c67fbb0d03224f162de", 0xfd}, {&(0x7f0000000680)="25ce65ad3730acb858bdda73ac0f14d34e15fdb0f7b20a8a3674657177b501cde9e4b50339680ecde2ac6b75dadc9297286e226def98cc8ab596cf48addeee74957b9672085f9db2f16d053be41958e0b59433fde41ac6", 0x57, 0xfffffffffffffff8}], 0xa0044, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'local', '=static', @void}}}, {@huge_never}, {@mode={'mode', 0x3d, 0x5}}, {@nr_inodes={'nr_inodes', 0x3d, [0x34, 0x25, 0x33]}}, {@nr_inodes={'nr_inodes', 0x3d, [0x33, 0x2d]}}, {@huge_never}, {@nr_inodes}], [{@fowner_eq}]}) fstatfs(r10, &(0x7f00000007c0)=""/55) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r1, 0xffffffffffffffff, r4, r0, 0xffffffffffffffff, 0xffffffffffffffff, r9, r0], 0x8) clone3(&(0x7f0000000200)={0x451a6100, &(0x7f00000000c0), 0x0, &(0x7f0000000100), {0x16}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58) [ 2522.870645] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2522.887908] FAULT_INJECTION: forcing a failure. [ 2522.887908] name failslab, interval 1, probability 0, space 0, times 0 [ 2522.889257] CPU: 0 PID: 12613 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2522.890038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2522.890965] Call Trace: [ 2522.891274] dump_stack+0x107/0x167 [ 2522.891690] should_fail.cold+0x5/0xa [ 2522.892129] should_failslab+0x5/0x20 [ 2522.892560] __kmalloc_node_track_caller+0x74/0x3b0 [ 2522.893121] ? __ip_append_data+0x2930/0x3310 [ 2522.893631] __alloc_skb+0xb1/0x5b0 [ 2522.894047] __ip_append_data+0x2930/0x3310 [ 2522.894566] ? raw_destroy+0x30/0x30 [ 2522.895001] ? ip_finish_output+0x330/0x330 [ 2522.895495] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2522.896063] ? memcpy+0x39/0x60 [ 2522.896447] ? raw_destroy+0x30/0x30 [ 2522.896878] ip_append_data+0x114/0x1a0 [ 2522.897339] raw_sendmsg+0xaa6/0x29d0 [ 2522.897784] ? dst_output+0x170/0x170 [ 2522.898216] ? __lock_acquire+0x1657/0x5b00 [ 2522.898716] ? perf_trace_lock+0xac/0x490 [ 2522.899173] ? SOFTIRQ_verbose+0x10/0x10 [ 2522.899636] ? __lockdep_reset_lock+0x180/0x180 [ 2522.900175] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2522.900745] ? find_held_lock+0x2c/0x110 [ 2522.901211] ? trace_hardirqs_on+0x5b/0x180 [ 2522.901694] ? dst_output+0x170/0x170 [ 2522.902131] inet_sendmsg+0x11d/0x140 [ 2522.902590] ? inet_send_prepare+0x540/0x540 [ 2522.903084] __sock_sendmsg+0x13c/0x190 [ 2522.903528] ____sys_sendmsg+0x334/0x870 [ 2522.903985] ? sock_write_iter+0x3d0/0x3d0 [ 2522.904451] ? do_recvmmsg+0x6d0/0x6d0 [ 2522.904888] ? perf_trace_lock+0xac/0x490 [ 2522.905360] ? __lockdep_reset_lock+0x180/0x180 [ 2522.905877] ? perf_trace_lock+0xac/0x490 [ 2522.906358] ___sys_sendmsg+0xf3/0x170 [ 2522.906808] ? sendmsg_copy_msghdr+0x160/0x160 [ 2522.907330] ? lock_downgrade+0x6d0/0x6d0 [ 2522.907814] ? __fget_files+0x296/0x4c0 [ 2522.908276] ? __fget_light+0xea/0x290 [ 2522.908718] __sys_sendmmsg+0x195/0x470 [ 2522.909174] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2522.909654] ? lock_downgrade+0x6d0/0x6d0 [ 2522.910127] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2522.910714] ? perf_trace_preemptirq_template+0x266/0x400 [ 2522.911329] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2522.911945] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2522.912564] ? __traceiter_irq_enable+0xc0/0xc0 [ 2522.913072] ? fput_many+0x2f/0x1a0 [ 2522.913478] ? trace_rcu_dyntick+0x2f/0x170 [ 2522.913961] __x64_sys_sendmmsg+0x99/0x100 [ 2522.914448] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2522.915024] do_syscall_64+0x33/0x40 [ 2522.915448] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2522.916014] RIP: 0033:0x7fe4a84d7b19 [ 2522.916433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2522.918466] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2522.919302] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2522.920087] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2522.920874] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2522.921658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2522.922460] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:21:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x18020000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2522.937760] Bluetooth: hci0: link tx timeout [ 2522.938598] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.939410] Bluetooth: hci0: link tx timeout [ 2522.939886] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.940663] Bluetooth: hci0: link tx timeout [ 2522.941146] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.941901] Bluetooth: hci0: link tx timeout [ 2522.942413] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.943213] Bluetooth: hci0: link tx timeout [ 2522.943718] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.944459] Bluetooth: hci0: link tx timeout [ 2522.944932] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.945690] Bluetooth: hci0: link tx timeout [ 2522.946172] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.946954] Bluetooth: hci0: link tx timeout [ 2522.947454] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.948202] Bluetooth: hci0: link tx timeout [ 2522.948704] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.949458] Bluetooth: hci0: link tx timeout [ 2522.949933] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.950773] Bluetooth: hci0: link tx timeout [ 2522.951279] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.952112] Bluetooth: hci0: link tx timeout [ 2522.952621] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.953383] Bluetooth: hci0: link tx timeout [ 2522.953860] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.955123] Bluetooth: hci0: link tx timeout [ 2522.956030] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.957406] Bluetooth: hci0: link tx timeout [ 2522.958278] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.959517] Bluetooth: hci0: link tx timeout [ 2522.960218] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.961325] Bluetooth: hci0: link tx timeout [ 2522.962060] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.963169] Bluetooth: hci0: link tx timeout [ 2522.963908] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.965000] Bluetooth: hci0: link tx timeout [ 2522.965754] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.966830] Bluetooth: hci0: link tx timeout [ 2522.967543] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.968681] Bluetooth: hci0: link tx timeout [ 2522.969394] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.970539] Bluetooth: hci0: link tx timeout [ 2522.971229] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.972368] Bluetooth: hci0: link tx timeout [ 2522.973068] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.974189] Bluetooth: hci0: link tx timeout [ 2522.974905] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.976020] Bluetooth: hci0: link tx timeout [ 2522.976748] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.977890] Bluetooth: hci0: link tx timeout [ 2522.978616] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.981688] Bluetooth: hci0: link tx timeout [ 2522.982462] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2522.983585] Bluetooth: hci0: link tx timeout [ 2522.984271] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2522.999753] Bluetooth: hci0: link tx timeout [ 2523.000475] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.001603] Bluetooth: hci0: link tx timeout [ 2523.002276] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.005049] Bluetooth: hci0: link tx timeout [ 2523.006011] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.007503] Bluetooth: hci0: link tx timeout [ 2523.008187] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.009450] Bluetooth: hci0: link tx timeout [ 2523.010287] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.011558] Bluetooth: hci0: link tx timeout [ 2523.012223] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa 01:21:11 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x5000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2523.024223] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2523.042720] Bluetooth: hci0: link tx timeout [ 2523.043845] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.045232] Bluetooth: hci0: link tx timeout [ 2523.045946] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.047096] Bluetooth: hci0: link tx timeout [ 2523.047806] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.048918] Bluetooth: hci0: link tx timeout [ 2523.049625] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.050758] Bluetooth: hci0: link tx timeout [ 2523.051608] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.052901] Bluetooth: hci0: link tx timeout [ 2523.053733] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.059254] Bluetooth: hci0: link tx timeout [ 2523.060133] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.061352] Bluetooth: hci0: link tx timeout [ 2523.062029] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.063186] Bluetooth: hci0: link tx timeout [ 2523.064717] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.065938] Bluetooth: hci0: link tx timeout [ 2523.066656] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.068974] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2523.070406] EXT4-fs (loop4): group descriptors corrupted! [ 2523.076065] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2523.077897] Bluetooth: hci0: link tx timeout [ 2523.079002] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.080115] Bluetooth: hci0: link tx timeout [ 2523.080855] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 2523.081944] Bluetooth: hci0: link tx timeout [ 2523.082689] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 2523.083781] Bluetooth: hci0: link tx timeout [ 2523.084514] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa 01:21:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 25) 01:21:11 executing program 7: socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x400000, 0x0) readv(r0, &(0x7f0000000880)=[{&(0x7f0000000140)=""/155, 0x9b}, {&(0x7f0000000200)=""/24, 0x18}, {&(0x7f0000000240)=""/54, 0x36}, {&(0x7f0000000280)=""/88, 0x58}, {&(0x7f0000000300)=""/193, 0xc1}, {&(0x7f0000000400)=""/177, 0xb1}, {&(0x7f00000004c0)=""/210, 0xd2}, {&(0x7f00000006c0)=""/209, 0xd1}, {&(0x7f00000005c0)=""/40, 0x28}, {&(0x7f00000007c0)=""/169, 0xa9}], 0xa) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000600)={0x0, 0x0, 0x1f, 0x4, 0x1a5, &(0x7f0000000940)="e73222eeae1b8244a11b084245bd311f0502d7cbf64a205e3e3708af907ac47845982ba2a57f620d4c00b093f378510d17153f7b61c8d5188e639a692aaaa37c3cf70d88f9f18e8f90a5ff365f29ba78c88b8e8c8e68050793e5a77bff376a8fe56affdf319c4ebe585c547f95e7d30516ef4bb2253ff6c434470fa89434ec64facb00520fd7cf8481ca61c0b3f2b2a7f9f43046bca87dd15ed3a457e1d0bd1a68e09f0b383579d184370a41cfb43d4db4a2a7c21ea94e916b41d8e21303c9b1454b80c626016d593678f82d03dd1fcf3d4df725be1b34d965128efe5ac4023e63c8127f7d03060adf36db3148819c58e6527e962a9373038ff72df85dc36f8e031a66a86e881fbf1e0b3f10b927475071a17a0f8cf15be4558aa8879b50ed5a5066bf36fbea43cc47755475f3bbf130521da9a23e99ff0c57b29eec20d6c67092e02d13f37d0ea90fb3b8a1f229220ca87ca8e77162053e92c41545faafdea9bd1ad32f5543c8f6c38638bee336fd362460fab44b2bda7d16cd0dd935a42adf24955ee00ec57a0489d19609c68e94540308cb707650ba81e5c562973d0871f91127fcdfd2ac0749a20a1aca9c3b8bdfbc8fed3fd9bdef347cee6c723ac225732c32e95d2997b38bdc574f2ea195caa7bec6162a27734abe37e5279b82189a0acece56f3b84949b3d37146245a6336e0d40d8b02917fd1995c0b7bb7d05727d417da9f76f15cd5b09473e5e9aed8e5b649585168f1977af85b381a57856c5ebb9cca6c90d0acaf0de5ad5d719b6c07e382473e68366fd122f4c403d3a110f2eef2e4f5d6aac6136e6e521473456fd2c5408275e89b0d40543590899727b1e80a3fca6b5703f3a7a65a9a065b032bcfe3ac94e6c97a76a2062dcb35c938a7ae42ce4f02a033ad38267ec660005287b241f56411bfa9e3dd0867243ac0b3690bd14b1190c56204e04b27e5fbc1c1f7803985a0b48a48d8b49b2e4a85190207cb7149bb6f1fdb287c4790d16e015a0ec83b6277e50e9d205be7d3ebffe4638ef9c472be182501f6f7cb8999a6da8e35c093ffff15129c351aa78778c928f4177d9ec07419c4380a5155d0674d4b6b0da5db76bf9cbe203fed40f16d55f9ed778a2a01ca1f78695ef1b07054651e35a53b9b0993f02bab0586152074acb8369eab6bab94c6bc6c3d7ab158d0f54b553e68d940707b20691ec9a3659b4b7137b4fdd6dfa62be471bbcd5e5f75a142be6e0159acb9daf8485fd8fc310322a2abf185204a6bcbe1b4bd42ea7c8140288429d7016077f1413933ba8fd91cb380d618f844222278053db88dedbb1fc62cead576b34df4f90128674372103d2bf5719fa13e5458d009ce10ce772167086850003defd14470bb4ab6a692159eaba4a684ededd1c158f4d41724e5b869f5c672f8e2fdcd3e2f8f75bc78dd90eb30e4e3ff2ed2"}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) syz_open_dev$sg(&(0x7f0000000680), 0x6, 0x400000) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000000)=0x1) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000640)={@ipv4={'\x00', '\xff\xff', @multicast1}, 0x39}) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="001dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 2523.199080] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2523.201131] EXT4-fs (loop4): group descriptors corrupted! 01:21:11 executing program 1: ftruncate(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000200)={0x0}, &(0x7f0000000240)=0xc) r1 = syz_open_procfs(r0, &(0x7f00000002c0)='fdinfo/4\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_io_uring_setup(0x21, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000140), 0x1) syz_io_uring_submit(0x0, r4, &(0x7f0000000040)=@IORING_OP_ASYNC_CANCEL, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r2, 0x8000000) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r4, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x1, 0x0, {0x0, r6}}, 0x5) io_uring_enter(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f0000000340)={0x7fff, 0x18, '\x00', 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0]}) mq_timedsend(r7, 0x0, 0xff7f, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r7, @out_args}, './file1\x00'}) fcntl$setstatus(r2, 0x4, 0x6400) write(r2, &(0x7f0000001200), 0xffffff45) 01:21:11 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x12) [ 2523.281299] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:21:11 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6c00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2523.292287] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:21:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3eeeab4e}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:21:11 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2523.361198] FAULT_INJECTION: forcing a failure. [ 2523.361198] name failslab, interval 1, probability 0, space 0, times 0 [ 2523.363061] CPU: 0 PID: 12635 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2523.364167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2523.365516] Call Trace: [ 2523.366071] dump_stack+0x107/0x167 [ 2523.366666] should_fail.cold+0x5/0xa [ 2523.367289] should_failslab+0x5/0x20 [ 2523.367899] __kmalloc_node_track_caller+0x74/0x3b0 [ 2523.368695] ? __ip_append_data+0x2930/0x3310 [ 2523.369426] __alloc_skb+0xb1/0x5b0 [ 2523.370014] __ip_append_data+0x2930/0x3310 [ 2523.370727] ? raw_destroy+0x30/0x30 [ 2523.371340] ? ip_finish_output+0x330/0x330 [ 2523.372032] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2523.372841] ? memcpy+0x39/0x60 [ 2523.373373] ? raw_destroy+0x30/0x30 [ 2523.373971] ip_append_data+0x114/0x1a0 [ 2523.374628] raw_sendmsg+0xaa6/0x29d0 [ 2523.375253] ? dst_output+0x170/0x170 [ 2523.375863] ? __lock_acquire+0x1657/0x5b00 [ 2523.376574] ? perf_trace_lock+0xac/0x490 [ 2523.377231] ? SOFTIRQ_verbose+0x10/0x10 [ 2523.377884] ? __lockdep_reset_lock+0x180/0x180 [ 2523.378642] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2523.379464] ? find_held_lock+0x2c/0x110 [ 2523.380129] ? trace_hardirqs_on+0x5b/0x180 [ 2523.380823] ? dst_output+0x170/0x170 [ 2523.381434] inet_sendmsg+0x11d/0x140 [ 2523.382049] ? inet_send_prepare+0x540/0x540 [ 2523.382757] __sock_sendmsg+0x13c/0x190 [ 2523.383395] ____sys_sendmsg+0x334/0x870 [ 2523.384042] ? sock_write_iter+0x3d0/0x3d0 [ 2523.384719] ? do_recvmmsg+0x6d0/0x6d0 [ 2523.385335] ? perf_trace_lock+0xac/0x490 [ 2523.386007] ? __lockdep_reset_lock+0x180/0x180 [ 2523.386752] ? perf_trace_lock+0xac/0x490 [ 2523.387427] ___sys_sendmsg+0xf3/0x170 [ 2523.388056] ? sendmsg_copy_msghdr+0x160/0x160 [ 2523.388791] ? lock_downgrade+0x6d0/0x6d0 [ 2523.389478] ? __fget_files+0x296/0x4c0 [ 2523.390126] ? __fget_light+0xea/0x290 [ 2523.390767] __sys_sendmmsg+0x195/0x470 [ 2523.391414] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2523.392101] ? lock_downgrade+0x6d0/0x6d0 [ 2523.392771] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2523.393582] ? perf_trace_preemptirq_template+0x266/0x400 [ 2523.394458] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2523.395336] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2523.396212] ? __traceiter_irq_enable+0xc0/0xc0 [ 2523.396948] ? fput_many+0x2f/0x1a0 [ 2523.397531] ? trace_rcu_dyntick+0x2f/0x170 [ 2523.398232] __x64_sys_sendmmsg+0x99/0x100 [ 2523.398912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2523.399724] do_syscall_64+0x33/0x40 [ 2523.400323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2523.401135] RIP: 0033:0x7fe4a84d7b19 [ 2523.401731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2523.404679] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2523.405877] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2523.407014] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2523.408138] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2523.409260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2523.410393] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2523.461096] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2523.461096] program syz-executor.7 not setting count and/or reply_len properly [ 2523.599101] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2523.610772] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2523.621889] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2523.645080] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2523.646541] EXT4-fs (loop4): group descriptors corrupted! [ 2523.649536] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2523.710637] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2523.712063] EXT4-fs (loop4): group descriptors corrupted! [ 2524.955525] Bluetooth: hci0: command 0x0406 tx timeout [ 2527.003397] Bluetooth: hci0: command 0x0405 tx timeout 01:21:30 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 26) 01:21:30 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0xc0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xe581de2abe0bcf3e, 0x0) write$binfmt_aout(r0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0801d6028001000000000000050000000300000000000000000000000000000007c305b81728c9e1cc6c79d8f8c7088e9715f8d98d4ef34c999f3ad5c9986f523a465fe1f487b4c0c31f767ccbfe7baec801957a00d2e16bd17d30c09880ac84312d5da65c514cee2b4f55aa64a1e4ef1f7de5293852d6fd69b22d950afee25357e2c9473414dfaf07c0f339ff3fd382462f463b27ebe6f4f64dd1a5e20a564c5bc864516a9de511457d7ff8d2bb6100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6f9bdd29c3031d95de3349c5960690c716ff903204c2dc9f3cfa28762f9241abbf580a22f13629d152fabbb6d69d606ae758c760013aac535daff138e4ec1d3778ee4e14892f96317514e77608160c6f63570c5db6efe214619f79d10bae61be9c71e229bf86bed7e58ba326f"], 0x7af) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000001e00)={0xffffffff, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x6, "f250ae669f7dcf"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000002e00)={0x0, r2, "597b22bce0f536f47cdb058ad1f6f2dc571d3a09892ce1d42dbc885f9b4fc3f752eded74b265f6896631e0069ce4c8c5e05cd24e4c5f59c475a23862fad312eff27b873ee1972f71ba5f1b647c0979557763c885187e670d120f52bceb7a4d8cbde49495a54a7cca3d5e5ac9cb9be4cac3789cb497813a62e7719de6018ef55623f86259a927a180c333e1207bda59df925a7494bda82cf201b41524c7e1368a1dab7395875e79f5c4ff7c50cb1fed59a29eb333daff7bd613b3cce91a5c0830650f9e4b6edbbb0ac21ac8c607869c65ea6561bb1709be51694fab20148d45ee4db6075eef23abd26567feb91cd01bfd6738f22eead70e8ee8a97678ac792695", "b336a9ebe52fb1d95a02b21f96502bd1fe28361ebcd64850ba70cfb2005d35459561b1394fc5b3f5242cb4c3e48c19984226c4d6c4b846c90c2607de7b05cdc092f8a25adb7b36e902e062728c266ca3e6df0ca889973589a92a76118a428aff074f4b57e07a27b7ac639443ce527cb72122a46a87d87ca771ad65f3f3d9884bc5383ba2a4ac262880335fcb7d0cae8caf7dffbdba700ea0bbaf1ba1d61104b2748c1b329cfe7890aede99cd7484725c99d5f26f2abcdab6d7c1a7d741f5daa0e3619f8eff34bb2d171bafd32e936cd14591dceb56deba899a282e2e785ba524764a0e8ed02de9796d02a04286fbf01048ed4f23d57758c08d791854b4784b30020c9e26f47f0e51296ecd4e876dce1dd20b597708c7234281160b9222efd1df6abbb8898b9f5aac3d987a1d06b9b5c5c5c8e6165669c646e704ccbbe3b4249d2f93016627530667e9887e650001158069844851c17bf9059745225fcb08492884dc150025649cbf5ba01d5369a87c948934311f849d028753fc268b95bc40f06a86182ed1b8b8834356762ad34facd6982492ff1746e4882353454fbef894ed6e47ac71771a8c731cc42971183ad98acbf2f32944ab51357c282c268a58180802e352bcad8817a48272a5729bba918e38659c017570d1a22fa51106f727f5c57a6c335cae89c0da0575810ec0d2cf39e11e77019085420e404e382a60316e8698a76645e7d4f3a88bac6771f6532b7e0b0287743aa84cf86b8576feb3970c198caec764392390ea4908b2707c87518df6747a09f3db4b7bc0cbdd686abcc113b5e874b87bbd688062b81fc9231ca6538707a28f4fd1ca7f1462af13f215cec9b6136f2d81735553084a65b8b0f7da4850bbfbd1d76db557302b531db09fed11f53a6e81e5389327b408bf0b18ae5482162f5cdce71781c5a94a34f12fa0103ece3a7f6e7a4e2fe66986c5d2752a9c7bcc7af03608ada4359e93d6b4b3a239e1d9164ad4a36c63fe98106cfa7907103a2aa74ed995292f8851e765994c230657c7730740ae9b9952d58f718e13a5b4a5437a2aeecdbd297c8a2116581fc48544c6fc5013000915f1ecda1cadaed28e075c8a179001c18bca693383a867d0f30fe0aa9086a9f6d563141b59a591206852ab689a1d42f4ad2a1278362bcb21abc7d805034a37dd54b87d600e64635acd0a00050b4930d37df5fa7a0cd4416e4ca95f262d960f5e22f3ede2b03781c032a1d5108a78f5a4b5d66913dc87a882d64503094587713119f3efaa4859d76564b2dadb50c4eaac7e7a2b80c4a2bf3d4c831617958430ed7f6b4d27af35f3452179c2178c41e97353c62c8be690dabf522158e17b159ba56dffd6bbe6405c3036c2160b36cf71a6f3b7fabf9b01b7b9f77ac042d520914dad73dfc81139e8f8fa9e7c59731f869324bda51ade2f87a89222ecf0eba20859304641b3922e93f94e5036ba2595bf513e92191800a705c7da91ebae47c41918650d3d0fa51e62f95f2c747cac06f77b980509252151cd86e6e2bfdfc549a603ceb2a09486f7fe9b5b8de64f0793d07aeb9507b68b6e96d2e165b1674af31d237b09a161ec03276ded57abe79a673e5c568e7964e064ce8edabf509c74c49c858ffede1c84580ff90fcdb97d133862bcadd9becd13b21598791a9b4e94cc81522de1324b4ae7be6690d48ab8a7e455fb6d93cdfd3ba24ac10fd88c32440db43fc75c1091449688b507a3dc53b3528250fc9d2a29d896df4a422cfd848d1b0704cda7bfb9cbb3b00b3b0da91d1fbc38131357bd13ba41daf836c9d9fbc8ed6db57a8e446bec545924235f9ddc26f44fac8fcfd9176845d1cdda2867818ec902224fd7a2851379ae160105383a87dcee49a1b7f4a3a8f2426850279f7bbd5aa291cd6e957ab435f7812b295de9cd9206d07f58d3b7eca6bb83df218a3763079de66bd86f24633a4025da3df0c9f84cb4a8eee53c250a53d41b7ccd013c6d445d14bf6aa9d309718436e08627eabab7b849b0a1771547507abac0e8d2bdc84a16b6752b3acc31770de2a27a20a698c4a0fe48275b3f1f8c560b0ff0fab84fb74378ee5a767e34bd627d63e5e816ab39b16915306fed19ec195efa0aac21da24849b43eb487382b0fc44fd1c084e4877c8867ff928845c8af1fd8f51253fa14faab87e607e6d49ad87fb72f9e0653db161c17ca6192afcc713ac457b4018f2c29abcac658ac058c5760790f0349d50006ff6d949963e87ca32a590c2470e5a192a9cbc808006dc91ea3c07cc80129b43eec64f738873aa3bdd8aa4181a488bd6ec3717c00c66e5809f0ad316dbb0cd2358db7884f16fcb69021bb7c5ec378e11651ab62cf4e2436d4d3447f04aae4265c0f61ac98fcb24d6f86b199f65ed3361bb87fc5035fe0c46ebd548a738d95098c4014b7ce1c63bc849ee4854e16a9ab5e81c08e989484247f94462bbd795208d13990668be56e3024c3d3cb3815ddb47bf4068f44df44628e5292cb488bf5a3ce1317502b95c259848755f986b9c1ac9caf567b145726c1bf181d11a09cd24f74a174c4c5dba0f946f97d3fe2b2572f1f0281d8d375ec1847d1a5021cef36a7413965ad78e6356370fb8348d74c1b958053d9e990362f238d66db33adf67ca932d3df37a943a48b68a2106e1c8480008f9685493de75c7046000e941f4413dda827b06f1d875abb74d7a333a976979cf45a8b21a0a04e9797f0321f0ff73147d5b06d2aacf9dd486d69d5be76c0709e4f68d64af4444001b582394768933803a313ae0d00722a4c8c9cbf7d2de9be0ed7f2fdabaa145007cee232c381dd9b74f5ed701450e949c1762761264f845da7ea2d303b03cc8c768392cc4649d3c1593916fe2e0099544c0e2a611fe71510a70f2565cb0cfebd3337beaf07f3f0461bbc8121dc3f064fec2260171ccd35884676f3972c2cb92777211d27cbc15d75f245b06598d7a514adae37725fc43a918ef105682a24a1113537c0dd53cdbbd3981de8436c61d60ede33565bfd97a81b7754bac9e72e7dde8cfb1fc1ae74706fa62c9750e6ebdda3ddbb0a57c2a59e603d7962fe191b1303a22bfdd6b67d8e76ae8c61ff2495992ce1c1f10c668fe5a8d3e19178752b0ab2ebfc3de6adcfa074bf7ab4500ed22ee80dda5fc3bafbf14096c7149fbec36eda244d39ce1d282abbf39c9f7b4cb2a6caf0297a5e9186fabeb1c691403f6275201e94baa675c133aaa9a75bc9c937c619fbfd352cc2952d19dd01b8dc018de16db30962a4d49d8c1eace713ed33d760ab31c22c33fd1e9daba4ad7d1fca60c33abf80689bd4862f3e6970076a23118ae94c4b04e85fe1af01e1e65c4faa782c17930040f2badbc9de5f92086593bfe70aa5bc8dba641d9f687047646367b39897bde640780c8a69e78028c97f8fc2cf772586785fa460cb9f8eb8be70246cc7f5fbaf500c74b1ec45b166ef10670f408684adaf36be029913f6f2564b9f5ab4bcaa489d34ba6d0c9edbb7b0c921c8df861b8e0c9bf3325fa10445f00d9df63eaf2e0de8f3d30f0fdef8ce8773ad361e2a5f0be06d7783cfb7b04e17c12becf14e62e06b895e98c832847223bbfd294fcd8d787a691d3641c1fa127d96be0d87d7df7e368c9565dd20bcf0bfb5ec83a82dea4fb8efd2ce5b9af69fe4cf974837786a2404efb5caba1291821d9160b3ba94a0e6f18eeb58d3c72896a0427def9e016cdf174b3233a3084b08d48a4043cc6815cd7150e9cffc70dd8507c372926d2a32546b85ae5453ab15017940a26e0374ca2dfd6d453212b06e83cff59c38ea469842ae341101d6cde53f1e5757d97175942321afd0af436b36c6df1935181085be457af2f469d62131ef45c2ad755992e000a49acc527873e3967197e79f976c813b5fbb1063a1f5ddaba6d6f97baa0c5a3855ab99717f3d586bbc909eb049c0464cd296eb060a7e44124d3c66b519e30063fcc2194431ac2425faa8e707ec2bc9bb5f2828bdbaf13cbe728c78ecf585a23f41f17896a663e7c1806e794b5ddc7b141dc617fd8a4f27960b21724e132791e4729676b0797bd922d25d03e5d3c9296b8d67501ef38d6e7450798a33f99a0e920bd9e05f4d8009f3e4d60821a17f71887245fe65ee9957f1624baad33daeec6e8858a44c0ff858921133a175a8c30532b9c1f364708c2075ede307272226819d2b0e15c003c8a4418ec8cf73e10485e525dc8baa8d930d4f3c72d92c12b6424bffdf0093d24668a652ad86361d17793088a115364a089cbd06015ab706cce2f99af42bdc0320be8c1bdb43c16195bbaa44da5d75c730a4377c139fdf46ce6de5738099741a0160aa6ddc972b61c43bad98b73f25d31d53d4ef1c61b68e07b9c657526a786ebf472cbc0082a79c13839b2324f078659f227f452da49765ace85b819559e7a54a9d4f57371e738c76180d7dd12f4ee30dee0ceecf8643a36141a3c4aa9d91d0fd9fec1b1e87120bd918452e914fbd7ffa70c9a9c169b05f8bbf3a7845144a00e5294cb0f983d24ba7c2f14e3e236e5e917a763371f75c0a59a9f6c1a52ac72b9912d0b86bd2a5288f0598e86d31c8c85ed178cbdf0c8bec06c1f7360fac781b6b280502af054646551abdd19e33544ee747e1e6f51b99bad735769dcdd337e6a88c5ca2a24a44fdaf0f912dbbf602a9e86fdcd363a4b53705b8dd5a1589a0d10e078350a13bb054f503d8d877fa6fa55be0b67d1b41f0be51d4d0386509a799b6a3c57cd6ac09231f43098167b60c7e3c5aee03a57c2cb3e65be946bc967fb5bdfadf0fd3edee67abf9baf26c9b5455f96cea8bbdec28568cda14df971560eb1723e8a5d5c7727f7d1ca0dbfd5858930dac0268840b7c97be085a369727e61167cc0138230cb79ccaafdd008032ae99287b346e33379709ed9c4587c4eeacea27c45cd33767cb2523b5375e11b42e549a1d735a429fdc4f37210172c8cc8f48d252b65ed3f0bdfb5d9f344d24758b01736c8a50ad8242e532b3931685ea335c97896915987ab45cc019ef48813243b4171e7a4fb9c96c6b8f3c2a9f437c09db4e39ee9592e795c9cceaeeb9e5c00733ee4d33f629dd5e76a740f3b7e91bccb61df24353f3416f0827825d815d9b53a03673b9d6d79db2c60608de0dbd43b92d2cb876b94766ddb26f9090c3a4226da059f566f2afb324acc5917d4b8be0b555c693cac722d95dfc923a72cc0ebce88e3efc12f5079c557a294363f33675c717da3a6812eb2b97902b592b8f370f9d8543d7113edcca7264752631625a67e7e93677d26b7ca6c41d21eb0a16b703d1aac824a32c598b0b3c76d789e1fbb3951be4762881d164aba5577c4f92b2763c89c99bfc87b8845049ba880789517e76603ab02d83d48fddeab82401d139e43"}) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000001c40)={0x0, 0x6}, 0x4) sendfile(r3, r1, 0x0, 0x500000001) 01:21:30 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x23}, 0xe) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, 0xffffffffffffffff) stat(&(0x7f00000003c0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)={[{@journal_async_commit}, {@grpquota}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x800000000000002}}, {@init_itable}, {@resuid={'resuid', 0x3d, 0xffffffffffffffff}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*-/\x83]'}}, {@uid_gt={'uid>', r2}}, {@euid_gt={'euid>', 0xee00}}]}) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)={[{@journal_async_commit}, {@grpquota}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x800000000000002}}, {@init_itable}, {@resuid={'resuid', 0x3d, 0xffffffffffffffff}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*-/\x83]'}}, {@uid_gt={'uid>', r3}}, {@euid_gt={'euid>', 0xee00}}]}) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x80000, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}, {@access_client}, {@aname={'aname', 0x3d, '!'}}, {@privport}, {@nodevmap}], [{@fowner_lt={'fowner<', 0xee00}}, {@euid_gt={'euid>', r2}}, {@euid_eq={'euid', 0x3d, r3}}, {@fsname={'fsname', 0x3d, ')[\xa6#//:}(,+'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '$$*/\x00'}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}]}}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:21:30 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x2e) 01:21:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x40000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:21:30 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:21:30 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7400000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:21:30 executing program 7: getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000880)=ANY=[@ANYBLOB="00fe26f08c717172e91d11fcf1d03e37d0a9cdc50080000000000000b04fa488404cabd17479f170e429dd5057d7d5db566fc951557009e481b1128bce328ef44be2ac02ea82a613a077c2508b07638c2da8c81812a27b8f03511a4dfbfc96803b89f8efb3de820ef8e9bd7f0000000037976789cf995521a65b9192b2dde049820000042690684c250c3efa124e59cdd16723f3e3e5bd460fa3cc5b4807a58be97000c8f44d61341bc2a94954ba7b94cd54a8572da93b3c431256cccac5aacbfeca341150759e96e3034e3f17f05f50a9cc241f230c9018d72c6bd38c9c1e5e4e330d7ebd1fc6f345254eb63e42b08979869adc4aef7a8d879971c7356e9efacf1ed5933981475c6ff35d8198af751e8586e1773e696864cd22b822ac959cb8fe5569776f1e7f15ade5ea1f6425834b59a9477342d3a281908e0a713b41ae506c7289ef92bc8c300c65aa7ba08eda6983ea9f10de791781c3cefba429e895d315bd15a8"], &(0x7f0000000340)=""/106, 0x6a) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xbe66f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x2030}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000400), &(0x7f0000000140)) syz_io_uring_setup(0x6e10, &(0x7f00000002c0), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40016120, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x1001, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = openat$cgroup_devices(r0, &(0x7f00000001c0)='devices.allow\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYBLOB='\b\x00\x00\x00\x00ile0\x00\x00\x00\x00\x00\x00\x00']) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r5, r4) ioctl$PERF_EVENT_IOC_QUERY_BPF(r4, 0xc008240a, &(0x7f0000000180)=ANY=[@ANYBLOB="090000000004000000000000000000000000000000000000000000000400"/44]) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000010103000000000000f1ffffffffe4650e0144fed14439867068a8334fb2fa9cae"], 0x1c}}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000240), 0x1) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 2542.387709] FAULT_INJECTION: forcing a failure. [ 2542.387709] name failslab, interval 1, probability 0, space 0, times 0 [ 2542.389875] CPU: 1 PID: 12670 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2542.390903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2542.392094] Call Trace: [ 2542.392498] dump_stack+0x107/0x167 [ 2542.393047] should_fail.cold+0x5/0xa [ 2542.393614] ? __alloc_skb+0x6d/0x5b0 [ 2542.394178] should_failslab+0x5/0x20 [ 2542.394765] kmem_cache_alloc_node+0x55/0x330 [ 2542.395455] __alloc_skb+0x6d/0x5b0 [ 2542.396021] __ip_append_data+0x2930/0x3310 [ 2542.396694] ? raw_destroy+0x30/0x30 [ 2542.397274] ? ip_finish_output+0x330/0x330 [ 2542.397927] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2542.398704] ? memcpy+0x39/0x60 [ 2542.399209] ? raw_destroy+0x30/0x30 [ 2542.399779] ip_append_data+0x114/0x1a0 [ 2542.400396] raw_sendmsg+0xaa6/0x29d0 [ 2542.400988] ? dst_output+0x170/0x170 [ 2542.401563] ? __lock_acquire+0x1657/0x5b00 [ 2542.402233] ? perf_trace_lock+0xac/0x490 [ 2542.402870] ? SOFTIRQ_verbose+0x10/0x10 [ 2542.403490] ? __lockdep_reset_lock+0x180/0x180 [ 2542.404208] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2542.404985] ? find_held_lock+0x2c/0x110 [ 2542.405617] ? trace_hardirqs_on+0x5b/0x180 [ 2542.406277] ? dst_output+0x170/0x170 [ 2542.406860] inet_sendmsg+0x11d/0x140 [ 2542.407436] ? inet_send_prepare+0x540/0x540 [ 2542.408102] __sock_sendmsg+0x13c/0x190 [ 2542.408714] ____sys_sendmsg+0x334/0x870 [ 2542.409332] ? sock_write_iter+0x3d0/0x3d0 [ 2542.409968] ? do_recvmmsg+0x6d0/0x6d0 [ 2542.410570] ? perf_trace_lock+0xac/0x490 [ 2542.411212] ? __lockdep_reset_lock+0x180/0x180 [ 2542.411913] ? perf_trace_lock+0xac/0x490 [ 2542.412551] ___sys_sendmsg+0xf3/0x170 [ 2542.413146] ? sendmsg_copy_msghdr+0x160/0x160 [ 2542.413854] ? lock_downgrade+0x6d0/0x6d0 [ 2542.414492] ? lock_downgrade+0x6d0/0x6d0 [ 2542.415131] ? __fget_files+0x296/0x4c0 [ 2542.415751] ? __fget_light+0xea/0x290 [ 2542.416352] __sys_sendmmsg+0x195/0x470 [ 2542.416966] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2542.417611] ? lock_downgrade+0x6d0/0x6d0 [ 2542.418268] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2542.419008] ? wait_for_completion_io+0x270/0x270 [ 2542.419736] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2542.420562] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2542.421389] ? rcu_read_lock_any_held+0x75/0xa0 [ 2542.422093] ? __traceiter_irq_enable+0xc0/0xc0 [ 2542.422800] ? fput_many+0x2f/0x1a0 [ 2542.423359] ? trace_rcu_dyntick+0x2f/0x170 [ 2542.424027] __x64_sys_sendmmsg+0x99/0x100 [ 2542.424671] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2542.425448] do_syscall_64+0x33/0x40 [ 2542.426009] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2542.426797] RIP: 0033:0x7fe4a84d7b19 [ 2542.427362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2542.430114] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2542.431267] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2542.432337] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2542.433408] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2542.434480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2542.435563] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2542.446770] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2542.456045] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2542.480494] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2542.484594] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2542.485724] EXT4-fs (loop4): group descriptors corrupted! 01:21:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x40020000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2542.508809] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2542.546400] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2542.547549] EXT4-fs (loop4): group descriptors corrupted! 01:21:30 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 27) 01:21:30 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x9000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2542.557627] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:21:30 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x7ffffffffffff) 01:21:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4eabee3e}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:21:30 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7a00000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2542.666072] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2542.681560] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2542.703808] FAULT_INJECTION: forcing a failure. [ 2542.703808] name failslab, interval 1, probability 0, space 0, times 0 [ 2542.705555] CPU: 1 PID: 12693 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2542.706596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2542.707841] Call Trace: [ 2542.708248] dump_stack+0x107/0x167 [ 2542.708810] should_fail.cold+0x5/0xa [ 2542.709392] ? create_object.isra.0+0x3a/0xa20 [ 2542.710081] should_failslab+0x5/0x20 [ 2542.710659] kmem_cache_alloc+0x5b/0x310 [ 2542.711285] create_object.isra.0+0x3a/0xa20 [ 2542.711950] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2542.712724] kmem_cache_alloc_node+0x169/0x330 [ 2542.713429] __alloc_skb+0x6d/0x5b0 [ 2542.713986] __ip_append_data+0x2930/0x3310 [ 2542.714666] ? raw_destroy+0x30/0x30 [ 2542.715230] ? ip_finish_output+0x330/0x330 [ 2542.715883] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2542.716654] ? memcpy+0x39/0x60 [ 2542.717162] ? raw_destroy+0x30/0x30 [ 2542.717723] ip_append_data+0x114/0x1a0 [ 2542.718342] raw_sendmsg+0xaa6/0x29d0 [ 2542.718940] ? dst_output+0x170/0x170 [ 2542.719513] ? __lock_acquire+0x1657/0x5b00 [ 2542.720182] ? perf_trace_lock+0xac/0x490 [ 2542.720803] ? SOFTIRQ_verbose+0x10/0x10 [ 2542.721419] ? __lockdep_reset_lock+0x180/0x180 [ 2542.722134] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2542.722915] ? find_held_lock+0x2c/0x110 [ 2542.723547] ? trace_hardirqs_on+0x5b/0x180 [ 2542.724201] ? dst_output+0x170/0x170 [ 2542.724777] inet_sendmsg+0x11d/0x140 [ 2542.725420] ? inet_send_prepare+0x540/0x540 [ 2542.726117] __sock_sendmsg+0x13c/0x190 [ 2542.726716] ____sys_sendmsg+0x334/0x870 [ 2542.727314] ? sock_write_iter+0x3d0/0x3d0 [ 2542.727946] ? do_recvmmsg+0x6d0/0x6d0 [ 2542.728537] ? perf_trace_lock+0xac/0x490 [ 2542.729154] ? __lockdep_reset_lock+0x180/0x180 [ 2542.729851] ? perf_trace_lock+0xac/0x490 [ 2542.730469] ___sys_sendmsg+0xf3/0x170 [ 2542.731073] ? sendmsg_copy_msghdr+0x160/0x160 [ 2542.731753] ? lock_downgrade+0x6d0/0x6d0 [ 2542.732388] ? lock_downgrade+0x6d0/0x6d0 [ 2542.733012] ? __fget_files+0x296/0x4c0 [ 2542.733629] ? __fget_light+0xea/0x290 [ 2542.734217] __sys_sendmmsg+0x195/0x470 [ 2542.734828] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2542.735466] ? lock_downgrade+0x6d0/0x6d0 [ 2542.736123] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2542.736839] ? wait_for_completion_io+0x270/0x270 [ 2542.737563] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2542.738364] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2542.739199] ? rcu_read_lock_any_held+0x75/0xa0 [ 2542.739886] ? __traceiter_irq_enable+0xc0/0xc0 [ 2542.740583] ? fput_many+0x2f/0x1a0 [ 2542.741123] ? trace_rcu_dyntick+0x2f/0x170 [ 2542.741787] __x64_sys_sendmmsg+0x99/0x100 [ 2542.742416] do_syscall_64+0x33/0x40 [ 2542.743008] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2542.743773] RIP: 0033:0x7fe4a84d7b19 [ 2542.744331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2542.747063] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2542.748210] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2542.749267] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2542.750323] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2542.751384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2542.752452] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2542.807076] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2542.817111] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:21:31 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xa000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:21:31 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff88805144bb20) [ 2542.888749] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2542.890385] EXT4-fs (loop4): group descriptors corrupted! [ 2542.899083] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2542.914875] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2543.001888] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2543.033563] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2543.305257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 01:21:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 28) 01:21:49 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:21:49 executing program 7: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x4, 0x7, 0x98, 0x0, 0x0, @private2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3, 0x8060, 0x3, 0x9}}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x64, r0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x22ec}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x10001}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}]}, 0x64}}, 0x4000051) execve(&(0x7f0000000080)='./file0/../file0/file0\x00', 0x0, 0xfffffffffffffffe) 01:21:49 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000280)) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) fallocate(r1, 0x50, 0x0, 0x6) socket$inet_icmp(0x2, 0x2, 0x1) 01:21:49 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7fffffffffffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:21:49 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff888057110698) 01:21:49 executing program 1: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x204840, 0x0) dup2(r3, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'bridge_slave_1\x00'}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd/3\x00') syz_io_uring_setup(0x368c, &(0x7f0000000180)={0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) pipe2(&(0x7f0000000540)={0xffffffffffffffff}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x21, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, r0}, &(0x7f0000feb000/0x13000)=nil, &(0x7f0000fef000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000002a40)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) r8 = accept4$inet(r5, 0x0, &(0x7f0000000040), 0x80800) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000480)={'veth1\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="4b00008e8b06000000000000010000"]}) connect$inet(r8, &(0x7f0000000580)={0x2, 0x4e23, @private=0xa010100}, 0x10) syz_io_uring_submit(r1, r6, &(0x7f0000000280)=@IORING_OP_WRITE={0x17, 0x2, 0x0, @fd, 0x11aa7d53, &(0x7f0000000400)="fd5b8f80afe333e7302b6557a3f9b7837d9f43ec2048b74a29799a5ad38ed07801eeaf9ec02d6f0ee624e84e3cd4968b5ccba49ee7de9862c343c684d98eafa37e5d1034a6f2332e1f33d0884bdc1fd7f3dd50c590183c91f46d19df20c431f8ee417a7bd5b801d418e94f348e", 0x6d, 0x12, 0x1, {0x0, r7}}, 0x6) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 01:21:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x54000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2560.933074] FAULT_INJECTION: forcing a failure. [ 2560.933074] name failslab, interval 1, probability 0, space 0, times 0 [ 2560.935143] CPU: 1 PID: 12726 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2560.936272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2560.937663] Call Trace: [ 2560.938148] dump_stack+0x107/0x167 [ 2560.938839] should_fail.cold+0x5/0xa [ 2560.939478] should_failslab+0x5/0x20 [ 2560.940105] __kmalloc_node_track_caller+0x74/0x3b0 [ 2560.940919] ? __ip_append_data+0x2930/0x3310 [ 2560.941647] __alloc_skb+0xb1/0x5b0 [ 2560.942250] __ip_append_data+0x2930/0x3310 [ 2560.942978] ? raw_destroy+0x30/0x30 [ 2560.943602] ? ip_finish_output+0x330/0x330 [ 2560.944299] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2560.945124] ? memcpy+0x39/0x60 [ 2560.945682] ? raw_destroy+0x30/0x30 [ 2560.946429] ip_append_data+0x114/0x1a0 [ 2560.947115] raw_sendmsg+0xaa6/0x29d0 [ 2560.947768] ? dst_output+0x170/0x170 [ 2560.948522] ? __lock_acquire+0x1657/0x5b00 [ 2560.949271] ? perf_trace_lock+0xac/0x490 [ 2560.949949] ? SOFTIRQ_verbose+0x10/0x10 [ 2560.950620] ? __lockdep_reset_lock+0x180/0x180 [ 2560.951396] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2560.952231] ? find_held_lock+0x2c/0x110 [ 2560.952910] ? trace_hardirqs_on+0x5b/0x180 [ 2560.953625] ? dst_output+0x170/0x170 [ 2560.954253] inet_sendmsg+0x11d/0x140 [ 2560.954890] ? inet_send_prepare+0x540/0x540 [ 2560.955594] __sock_sendmsg+0x13c/0x190 [ 2560.956246] ____sys_sendmsg+0x334/0x870 [ 2560.956906] ? sock_write_iter+0x3d0/0x3d0 [ 2560.957593] ? do_recvmmsg+0x6d0/0x6d0 [ 2560.958218] ? perf_trace_lock+0xac/0x490 [ 2560.958914] ? __lockdep_reset_lock+0x180/0x180 [ 2560.959840] ? perf_trace_lock+0xac/0x490 [ 2560.960679] ___sys_sendmsg+0xf3/0x170 [ 2560.961328] ? sendmsg_copy_msghdr+0x160/0x160 [ 2560.962265] ? lock_downgrade+0x6d0/0x6d0 [ 2560.962971] ? lock_downgrade+0x6d0/0x6d0 [ 2560.963656] ? __fget_files+0x296/0x4c0 [ 2560.964320] ? __fget_light+0xea/0x290 [ 2560.964957] __sys_sendmmsg+0x195/0x470 [ 2560.965619] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2560.966307] ? lock_downgrade+0x6d0/0x6d0 [ 2560.967007] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2560.967783] ? wait_for_completion_io+0x270/0x270 [ 2560.968551] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2560.969424] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2560.970299] ? rcu_read_lock_any_held+0x75/0xa0 [ 2560.971048] ? __traceiter_irq_enable+0xc0/0xc0 [ 2560.971793] ? fput_many+0x2f/0x1a0 [ 2560.972385] ? trace_rcu_dyntick+0x2f/0x170 [ 2560.973087] __x64_sys_sendmmsg+0x99/0x100 [ 2560.973761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2560.974590] do_syscall_64+0x33/0x40 [ 2560.975191] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2560.976015] RIP: 0033:0x7fe4a84d7b19 [ 2560.976615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2560.979495] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2560.980687] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2560.981819] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2560.982953] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2560.984067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2560.985292] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2561.032148] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2561.032845] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2561.033391] EXT4-fs (loop4): group descriptors corrupted! [ 2561.052167] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2561.072196] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2561.074270] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2561.075336] EXT4-fs (loop4): group descriptors corrupted! [ 2561.086004] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:21:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 29) 01:21:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x62000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:21:49 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8cffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2561.202623] FAULT_INJECTION: forcing a failure. [ 2561.202623] name failslab, interval 1, probability 0, space 0, times 0 [ 2561.204608] CPU: 0 PID: 12749 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2561.205783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2561.207192] Call Trace: [ 2561.207638] dump_stack+0x107/0x167 [ 2561.208262] should_fail.cold+0x5/0xa [ 2561.208921] ? create_object.isra.0+0x3a/0xa20 [ 2561.209737] should_failslab+0x5/0x20 [ 2561.210404] kmem_cache_alloc+0x5b/0x310 [ 2561.211124] create_object.isra.0+0x3a/0xa20 [ 2561.211893] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2561.212784] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2561.213650] ? __ip_append_data+0x2930/0x3310 [ 2561.214416] __alloc_skb+0xb1/0x5b0 [ 2561.215045] __ip_append_data+0x2930/0x3310 [ 2561.215797] ? raw_destroy+0x30/0x30 [ 2561.216452] ? ip_finish_output+0x330/0x330 [ 2561.217197] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2561.218076] ? memcpy+0x39/0x60 [ 2561.218664] ? raw_destroy+0x30/0x30 [ 2561.219314] ip_append_data+0x114/0x1a0 [ 2561.219998] raw_sendmsg+0xaa6/0x29d0 [ 2561.220682] ? dst_output+0x170/0x170 [ 2561.221341] ? __lock_acquire+0x1657/0x5b00 [ 2561.222113] ? perf_trace_lock+0xac/0x490 [ 2561.222842] ? SOFTIRQ_verbose+0x10/0x10 [ 2561.223552] ? __lockdep_reset_lock+0x180/0x180 [ 2561.224362] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2561.225249] ? find_held_lock+0x2c/0x110 [ 2561.225982] ? trace_hardirqs_on+0x5b/0x180 [ 2561.226734] ? dst_output+0x170/0x170 [ 2561.227408] inet_sendmsg+0x11d/0x140 [ 2561.228071] ? inet_send_prepare+0x540/0x540 [ 2561.228832] __sock_sendmsg+0x13c/0x190 [ 2561.229531] ____sys_sendmsg+0x334/0x870 [ 2561.230247] ? sock_write_iter+0x3d0/0x3d0 [ 2561.230987] ? do_recvmmsg+0x6d0/0x6d0 [ 2561.231664] ? perf_trace_lock+0xac/0x490 [ 2561.232395] ? __lockdep_reset_lock+0x180/0x180 [ 2561.233210] ? perf_trace_lock+0xac/0x490 [ 2561.233940] ___sys_sendmsg+0xf3/0x170 [ 2561.234780] ? sendmsg_copy_msghdr+0x160/0x160 [ 2561.235601] ? lock_downgrade+0x6d0/0x6d0 [ 2561.236369] ? __fget_files+0x296/0x4c0 [ 2561.237035] ? __fget_light+0xea/0x290 [ 2561.237709] __sys_sendmmsg+0x195/0x470 [ 2561.238416] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2561.239182] ? lock_downgrade+0x6d0/0x6d0 [ 2561.239922] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2561.240807] ? perf_trace_preemptirq_template+0x266/0x400 [ 2561.241763] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2561.242712] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2561.243680] ? __traceiter_irq_enable+0xc0/0xc0 [ 2561.244485] ? fput_many+0x2f/0x1a0 [ 2561.245118] ? trace_rcu_dyntick+0x2f/0x170 [ 2561.245879] __x64_sys_sendmmsg+0x99/0x100 [ 2561.246619] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2561.247526] do_syscall_64+0x33/0x40 [ 2561.248180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2561.249044] RIP: 0033:0x7fe4a84d7b19 [ 2561.249685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2561.252877] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2561.254228] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2561.255483] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2561.256733] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2561.257948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2561.259196] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:21:49 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x48000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:21:49 executing program 7: r0 = getuid() r1 = syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1, 0x9, &(0x7f0000001600)=[{&(0x7f0000000080)="f4dcec8383432a0e2d892c6b83338530b8d3a6c7bf5aef403bf6191108ec4740dae2a37c1fb65cda9ea2febaf142ff041fec892b8c93134f5b7751a05e52ad5f42da40a234579870adc513", 0x4b}, {&(0x7f0000000100)="6776daab0fe4a4aadbaadd28c9b0341a27d5388d731e4fa191b1a0f9b779c2db7a0f915a0e802e2f40504d83501cdee876c1f41b98d8355e053478476ae1595e369a9566bc61f061b0e94d1c2c4ecc8b78eda21bd1ac435cff729575f29389a2a43061aa1e7ae9c2efd92f91abf05314fb74faba22afa843ea2496774089c2abc1edb9ec45d1c23a86a9c5a9d08fe9005f43ab31d1c5ea0d817863df0495b950b2746de5dc0791502b16a832cb687ecf1384d75f2773bd40788be128504fff40eeccf18fba7038", 0xc7, 0x7fff}, {&(0x7f0000000200)="2af507d64a4e1cf02878493782bd3b16fcdd3d63b9b1f3f1c77070ef258ad4e523bbf3109d957e2778f2b8485b08cf7027c6ae29f2aa15a0a0bed5c4ed603a4d917887a94d98e95191d7cf825d277f638dc0569066401451235d5655259e38d0dbc54c1630f924b3c7ed18b5af5b76bbc0a27aa5a8f337f1b8f70128050a7eac78aca2e44a81e3882ca87938c3df4474c11caea211bd9b20c4dec2cf1eeb1c1d872407ba403b55b6b49baf12f104bd4d380ef753241bdd7c529c47f5a3", 0xbd, 0x6}, {&(0x7f00000002c0)="3e37ebbf3797159f54062cc0d82b7a70afc8650d64b2a722d1599c8bbd7ce76099f0fd9c68178681ca5766cedffc2ebeb3", 0x31, 0x4}, {&(0x7f0000000300)="f6cd655ed05927d4c03a6fcc3349434803d846f31aa3c1650bc6af5a08627e7b45b8889f60b5615f2ba813faa03ae367415928ca90e099b807341344e6", 0x3d, 0x8}, {&(0x7f0000000340)="f3ab0ad8371f33410c23f25af4a634e11451d376ea898e026299c317c3370923dfac77b26a04e2130c149f5559448bc1fb675960668b717653263fc615f136b65df5f9131656b84bd0cc5f9273bed1e6225358b1c9ef2cbf330ad042e9f7f96b49f9aa21c0605e2dd264d77948e0c6962d187e153a6f6a9606011fff2fd0ed340e2c298f2b5a7ae2b1cbe3b1d6fccc29b77f50a2932f989ca885b342ee2192a4ad7a464b1cf3256580fa2899b65bfc41bb1f2605da83b3ed7598a8", 0xbb, 0x7}, {&(0x7f0000000400)="b6516e5bf06ec1e96521c6b879274b8a466ca68275f675f9f314d7edd9a636c5d5922bf6d331d36c418310ff083b14ce9b3d67bcf83f11486cafd0bf293c4e6740c12cc5758bd0c855b3299390d388e53bc448702ddeb520e6310418635ed61c271ec5067ab77bacd145d4fe4e06011d1030645df5a9837d04c4e02d2aae7cef78f6f6e5b3ea690c6f9bcee5625e7d0c1eecbd2bf6580aa5914cf3ae0b635eaafda649b240bd96028c2e6a695b862c9f8a1061d4b2818a28bafc1780b1a25c792fae0e5f2232831fb7ce5ba58baed689d2d283634b32d9b2f3e9", 0xda, 0x3f}, {&(0x7f0000000500)="77b7c54421be7621329553c05b1d5809b813e94342c94684d2788365c2d967413039678925ab99362f6ba470392dda6d4bd8430b08df088fb9d5631131bb84a39141ac8d8b99471b03adb1d1b035855b910338e37a8f13dcad8ac6b7fb2f342e6459615697c93706378e09387d26f36fb061c87ab1054b818ff1602dafb9fcffb83c6128f968ea094b0b7d02978133e475618219fa2717fe5c9eafbc627d3bd8775896e466e4451e08f8bb8e16a77f2b092a9a17cce703ebb4a0550987e4560cf16c027cfc0086f2278f20b43220e72fd7b5a3575a1a5066748c3b33a352f41444e8bf96297e1341a242ad0ab5da963a80d67659c3e5ccbf925be9a3d09ce9283baf1bff394567a78d3bcb992e0a2d8a4f36eacf1564a76e1a9edf4d6a7ddeb967e6e54e1bbc11274b69a59ce4d714d6acc63f69a824da6a23637ad19ac95935e72e890fefbab5055ce38de261d34eb33c2dea3241ce8768ada85a2c18fc527981f684320b13456ed9ee45e5de010ab7e151cefafec83b567299d0e3eece944e601f23b2e0d3cc04fab63dea731c5f7e74aeb15a1c0d40d7e3f14143d72aad29b8a634ef5a7d38160798b37e579fe4f8d1b669df5016b50547444622ced8d444a095fa626d7f10977b88293b454c2dc639d02223632d059e5685653cdc50e6eea98f304f28a0ee4eb47a8d5943d4b6510aed6b3c9aee5e416b50bf9c82acd07bed6a3f83c95eb4b121f0d9f5c2bd5a141f94b9c190853915b3f19a7597d454dfca0ccded5c43cf11caa1ca7ed77bdfb36ce9710e0817d492d9edc61fcb93e674f9df495e2176807ff5d13a04a46c4cbc801a083c02d8760aada2b9e746fcf6c56b01720cf0b8efbafe0169b64970050b8c6a3ac6fb529818e75c5408bf45423af049dbf3a598ff6bc1160a0a11c93be026a42a2b91e86385da5ec76ea6f8bff1c0213c3df46328448494c2f2785d863e2df08aae7e6d5ae6a1cd4fafad8ccd4951320d01a9881cec93507dc449c24884a6680fac68b900a088dcb5d9f4414be5029af81b8c4d3750a9d387fcbe0f345c502ca82b77409e4bec6437efd67fac2eaaa0d2d121e00c673927dfd64402d7d9a687820c6acd4a685277fa61da18c94b812111b5c1167860a4d3a5cc967f042c946d642707aca9439d05d46dd1cc90239b2b809b8c1c5976d586f87bf961cd664b6f390d44ed3612dbdf750ba18d95876b9c1a418269800446793be7f2748646fc56d1877097270a58dd4fd43428296df172b955830d79e4818df838e0d41cef0130b383187f0222ce3ce8a4d36afe230eb0b319e646edbf6967402941f5abfb1fab537e0b7bccd5ecdfc0daeecbd60735b22395c2c3dc33d5e7b32db0b844af9b202d0bcae4de8f8564346c92dd11a8a4ca1af08034bdfa56c5c629f554c0c094b4f51529cc251a41eb175f276b39ed02841b03a9b057a5e39fe38e8fbb777ee4147f22e8d6e553ac8049aeaf1847786fa0eaef8b7a64c5f17cb23fad07df031ba34474e3c6b4cee6090f811c7d6daebbc5bd8dc8f6fb5ebe2b5f1841881d9a1106671b89ea5ec5c794237a28caddbbd18bf2026bf89f5802b4d537c8fba2b41c255eabc7bb7e33f5e1efd2bc46535053c9442ecb3fa8f1ab225c264f13db95566280c16d579f52d247adc4cbc64815ce4b8fd4fa99fff8f409408c111f277f3e17edb5f25c519b61224f872538bb17fd91b74336fb36cad756950a4bf4d663726f781fe85bdbc49029ef7373f3f234f97614d2a4c94fa0a5906e4535cebd384ccef6acd8e3ba97581e346d21b54581e1d1f2e9785211aaaf04de8fbcada967de8c339a710396f873334f911b5c04c9b0f21528ab04c278a429449370f79deee17f4d52a98c1beca1a655a780f9ede29d14bfd0c21a165ea26e06cd9051d9bdda64f134cd6642e7c3f51b3597eeb6c83be3d889fb955297eca76b687dffa3834353975ccfb561f2d0fc15af50924623d62edb1fc13f1b22069aae8651c072e8beb7f14bda758346f780902df2df3776c1d7fd0ddec6ce74d9cac3a626992d94850758d3c231abdad86915e119a6a7931c59586f1f726098159c0941fbab7fb76ece1928da5d058ea8262aca337461c7d62bc4fc2c613f5d518862cf4790e3f364acf92c52a7eb1edc8d3441af34f2cce8ffe8dcf2c6a223ff99477662cdb1642c344ffe654528fe8970decc5b93b4de190122f55d4e366bdf2660ff495f0c9fe9ddfddf0d899348dcd995d77082a041b8fb6fcd87668771b268d04bfb40b982979329e99de835584ab9cd2d39ca3fdc42f6689ae4240c2587a684aaf10f6c9bdcbb06c060e0e9fe1836551a81c47813242d4222d7337b526e833cc3b7309562c71ba3bee6760d022c161bca04bf6e2dae7b44b942d5d342715699d2b51079497d29f286f73c8c9509fc45eb700354fe1f780ac4cb6189ae8fada0deddbb5bc4b87a04202b9da65679056fc5874ffcd380b2fde468834fb1b1044c79dd0e0ab82a57ed3153ccb411a5fe4d2d9690a5b13ef380f4c651a0e0281d1a4661d7b430e3d6b5da39446203464e216daf1de5aef6e47785f99b10ff541f7a29c131f6264e92200a503912c695cf99d4f33c930515fdb0a2a85d2a39d84b1ecba52ebaec10aea748b041fedf90e6d5f20041c19a53897ca23bae92e45c28498adae2311d697590d99d7b1d7f58d637a007f5d81d8df1e4b2c523598d285cc9c6121eb359927180ecaef2201cf9c42bbcbca512337687ec65d9fdd5af7033e3ac1cde7c48929fb0122084bd97388c8c30c06bd9b52c55b2ed1c4ad4783d7465c2eb14879751b6d5d97a2c535aaba45df17023df31f2939ac55f47c0adf0278bc186fa38bb8b72fed759ebc9473241323f581585cb8f2864cbf821408edb68a573c7c4242bb996c74325722b78493dff33ed086ad0893c46d44d9adc77a04f901d192ed5537d0f0c52e3fe2ab8257ee9ae9e22f9cd51128e4c6c9097644ff79ee164d62ff8b10f2a0249947c07c70d8cce0097faa3ecf88b9a0f5265fe79d85d38bfb1a5eecea287e1e763ad1c543bf5a41e8fc14b1e8c6bee28d4e6fca6b9d681ff1394c1fb8bd1f23c586b3567bd343a48b2606b54023f07523564d285c90f26fd7527aac69f70894e0e561f693e601c775bbabe3ffa3995372daa453dbd377d402d07b570331612ce0549ecaf938fe6876328abc594d9ac0cf57fc2dde76814210685a64c9551803c6d49edc30cf28f80f428e636cf2c40ad2d2e3b9ecb13e750d25e03f481ae5c0884b74a8a205316771bc243a3c35b92a4af20ba26ea1cddef49cc224a8e5c7172f4f0567c1015186c150156057af374d533b0dbbd72f7c7bca9da23243f43e11921a13c629d2535710a886eec3203f053e974a425e154eda5b4c8de79a2d3c4df7156ab4d9b450c56a4609cd24528817df862013bcf65b6d515b50fdd3f96bc283a9b7bcb3f8dcabd9319aabfab2d7a4f669244808588d968029f701afc4bef495115f5b95abb1068bf0f7b334341ac38e1f3b247b2c93bffa9782434cfd4d71054ad021b755d3e72184a94a755e5db35279371497859a1043abcbb1d4580889f2d11788608a424b9333afc2d38fb2b7d111db920a7b90f6dfd3dba86e7e24dc56ac566c82afcd45329878b59a76fcba6ddfcf4beefe33f2bfeb314fa789cd5bff809cc5f83db8c00ce7abeb6e453bcb833a1e07e08d19c12a5d18cc803524d609f7ae21defb24fdd4274694b880b3c0359af7da40810ecf996354105b47529627f62bee2251542f61085521bbf77215ebce9f7fbddb85f3b2bf8deabde970b80a7b0887f257d04d9cee207226c8c034cbf9eeb736a20f2a0ed8ccbbae9ad770ecb6d5a520d54897163a68b69a5975a42af4f8fcd17937bc20eaddd1dbb25290fe5fd47ee3c56e7cbc1f497b09fbefcabf65053bcf2f75c5207da461f78472134a15dfa2e7db2a25365a611bd5c4dd3be04ff9742962fa199e1de019c9ec24939d33086f881c3306b28bc7cb5bf7c197a6faf032300a73c025bdff8bf6fb93dd1efcaab874dd66aa253aa78a9d325a9ca3fbae7b4c797fc938674c75408658f29022164ed719852903a8b085cf544ff7b8edb18ad31d703213c4569ebfae413c0baa43a9ef81e8708bcd9d80560461ad8833988a8ff02048bc332d0e07831e9154e12660811f525753d82fd589f526d3e30836efa76ec3aadb3f20646664ea525edfb0188989f92fc295b79febdda01618370933ba7fbf93e3a421f2e3d6976cc995a9c2b1323ea2022aa7f23453ca32172e6381753f32cfc81d1d2d6475be63646721c924abcb4ef6bb299f14df29688c7e6dd80b7571ba5f2d6c00e094c9725d4fab9f1fea69860a85c1144dd4afb2a2c867838c1bdc3d9e44cf04c89968c6d2772cb78803e1a544cef864da54bef6464601324e1eedba45e0fc8be2a5bc5d6dcb841f058eb5130cd83a2004f33e3a146bb410ba681054fcdf511ef3f42096a40f5a442a9052b2ca9c79e105ac58bf0bdaf622a81374a86bbd1d351a2350613e24f990c838b03d20582e9b53434e91db62e916fdaad07ca46c94a01abecb30db913a05dacc6c97c221d3d8f52a251fed46ba00998859928316b612d74e73c80c34153b850e9f20ac38c5ddfa55fc732b6905679e3735e161800555dbb51bc4ad2fb665e9458ccfbdf88f33e624aa7a5d531e586b33c5da27c376c829fc40162f62139ebd440c97e4b7e3f65a5638e467463c8d0857968a60d8679cd6a075ae0277475b58fa88885ce7bfc900b854283be7a2ebe70dd91222f920fff94c67f91c25f8f91d78442404a70cd240cfe1ac9d673fad720fa85320ece1f40c2986db7d1ccb3c3cfd6ec2e0c4aaad16c58bc781a4319a4eae607860ca1870eca98967aba6937b000ebda9e31347ba7764c0045cec90361a3801f8a47cdd6f11bc45deb3e1b1b03072c3d42564e263f45aa6842e8d1c0d135afe805c28b08387365620ba30f099928208d56020a70c2748ebfc0ba4ce952ba5574b53d946cd5108f7416451d99686f09e89b981559f4b02990edce41f5dd4acf0580ede5cf598c077095a1d6ba7e26453886fef5352a5da02585d3895ce0e6ce7f03c06bac7dcf1c2f27a1118edcf46f9a8b508daabf090d29cdc7608bc9a8bca50956a05243ebf1bb88f6db0d787a25ccfdd5c8845cf22b4f46779fdf47e9f22934160b7ed670a323eec49065f97eb85a2e8f2013fd8bbdc39a3e4905748193b0d17afc973368f9c6e4ebe6bc99e2053a547593ef2c59b9fdfbdbce8d189fdb9039adf9f2a6033c22dcfd0fb95c4df5b0ec0deacd2525fe65a4a78026c2840d7c0b37683d65824e15a8378c146ad760dc92cd609b63fdff561fbb06398ad173a74928d65b13f87aa2a10f54586ddebd287937264aa009faac2b44d78c731576d32e65e31604e1633649006e9ea2a3144b279d2b7521fbde06450041e05303c06d69f15f22a9119921e9c62741adc9d8d8438f1e4a51dc974fe6b8f78b724f5286b28ca5eb6610c658fbc82dbe202174b784924adfb58e939790badc62c1b5d8c74834424b2321f48e4568b08bb488b27175b256712439ffe998528c61ea73e75e68b508ed7d04e59eeb0eb3fe951d0a187e4c778da2b8aa7c855f19a42c7774286ae7859384f3d94abf5b6b60659ce11bdba97a1efea41d06f950f8e7da56d227bfbb2c2b90bd92b537715b43f698713b8856e239aabe3fc72fec5030ff50dee7e934556e66fb947a1189f2b63976ab11d87da37d", 0x1000, 0x80000000}, {&(0x7f0000001500)="edfd476f460d17656567e6ea4760db949f53b82a7d8c225caf4aa51e1ac13fd4528c190eb2a663e8875eeaaa540adb09749016707462219638d159db36b07afc033d8e15d7fcf35ae051ad9503515ffa7b37ee1ec8e69a9b8fa0b3263cbd0a09ef26f4a56a62a36cbdfe293867755a8806ed5ec53e696ca8c4477961cec590728307b532e05fd3404169268baae168555a0d72aef55fc8f78b2db2654b9a7ca751c2146f1f9fba7894743373606d921f514371fd326be285b04220c25e3bb34a58c61632e627508fa2c80bca89b5f26592b001b6dfcf29b64d812cf48077d0c5894942b685ee15a2a38423b215a8ea13048b335d7c2382c81ff89056", 0xfc, 0xa171}], 0x148000, &(0x7f0000001700)={[{'&\''}, {'+--@:\\'}], [{@subj_role={'subj_role', 0x3d, '+'}}, {@obj_user={'obj_user', 0x3d, '~\x8d*'}}, {@euid_eq={'euid', 0x3d, r0}}, {@fsmagic={'fsmagic', 0x3d, 0x1ff}}]}) getxattr(&(0x7f0000001780)='./file0\x00', &(0x7f00000017c0)=@random={'security.', 'euid'}, &(0x7f0000001800), 0x0) ioprio_set$uid(0x3, r0, 0x2007) syz_mount_image$msdos(&(0x7f0000001840), &(0x7f0000001880)='./file1\x00', 0x4c, 0x4, &(0x7f0000001b80)=[{&(0x7f00000018c0)="7457502460137e42e53140891072594b5b4a45502ab1b0d7904fdf833553b7a7e0c0fe54e1c6d9bde3297a930abb9d1b0947a6b9ff55490c2b05ee4fc22e47f7188ca53f7e8f047a3e", 0x49}, {&(0x7f0000001940)="c93bc988574c8a8e8c605d56eaa0654cf019b6bfcd4c2e9bec6c3ba77f0ceecfa1c88f2d1291ce4c200a83ccb9d561872df51be20fa875a16ab7ecc1407ca83830e28d39f06fee9e157b24b767ffc5d6195da68184a4f0cf19017de9af63bcd1dda4b6d2cc65b0e472f4de2edb2e7cf51c17523cdeb505f562ef079766c70a578df457e2c3a3d412d24add7de58a0b56019bfed2538602653b78c453482464c92a79e3df243b9ac6a5e40475d4b0b23b3749013933c80bfe346e983455503cef60e4cbb346f74b4f9cc167f1030c7697d97122414485920184265231e330cfef95ff88e5ef7d557a710966389e13aac410aeb1095d6b124736636c63", 0xfc, 0xff}, {&(0x7f0000001a40)="26544bf4a0564d035c7242b2fc1c285c988df4b5170a3ebe3ffb72bf9f0f1688c4d75c4e51b7d624275eb1e310e72fe88b25437f936af05ed927a5f92b2887c59558b8c12d1627748ad46e4f62c9b58a7f11b6a9df05daa9cd9176d7d03d75ab3bf271fc0d82f4b974ed05139429a4e86e08350825098718ef330829799476bea6d5fe86b8d01ea2bddc123b4cc5c72b44b256e690cb02ece87caa4156f4120590eacc71c9e33176a7c58028", 0xac, 0x7}, {&(0x7f0000001b00)="b9839034a1ebe5e1591eb9504394b0ea7cda1e26c901cd58c89e2b9c28600825c206f1f50f5cc5a14e9ead44df42db1f7e7693e2f558a21f56e90067cf6b7c1b64259e42994d31e612a37e918dfdb6d68b60ddb42b0895aa8ca7032b222b69", 0x5f, 0x100000000}], 0x8010, &(0x7f0000001c00)={[{@nodots}, {@nodots}, {@nodots}, {@dots}, {@dots}, {@nodots}], [{@measure}, {@obj_user={'obj_user', 0x3d, '+--@:\\'}}, {@measure}]}) setresuid(r0, r0, 0xee01) syz_mount_image$tmpfs(&(0x7f0000001c80), &(0x7f0000001cc0)='./file1\x00', 0x927, 0xa, &(0x7f0000002200)=[{&(0x7f0000001d00)="9d160735f07a0e19828f8d900a", 0xd, 0x4}, {&(0x7f0000001d40)="0201a7438ecda3c13b35b7ba283f8bf1c35c7a7661fe445ca31e34473fb67279109b4af60cf4c986b63619e2c7d20b483201b1bf9507e7d779b6f66003ceefb292953279a324deedd80382ad585398b16c621de101f9ac5b9705498a12d9847285eed4585a4c2081ee3ffd72db70a083d7801bb2c73c4c7101cae1a7169742cadb065a21cc9939c824a26a322200699a73f24b88683014dcb15a99fbeb452495320568f7f58f585a49226e7a05fbe4262d7236f481", 0xb5, 0x6}, {&(0x7f0000001e00)="f44496c57e7161667ddbbba3e3", 0xd, 0x4}, {&(0x7f0000001e40)="83d6", 0x2, 0xa3fa}, {&(0x7f0000001e80)="b4b5d18e7954db261efcae17cd6b1504379696a35d8af23a9ac64147b98e09c3b52145f4307581d9219fa318cf9a35252f950ed9296058279fb5d2aac65afa3abcaa7c509c831f6f8c26cb213977ec096dcd9aee9b6fb9456fbe7e113547d08ca6d7e6f1ff93289665445d82b4a9675c1150e36c0682388d374d83d6460cb7b67e5d1fc95b96260a7b8d221a3dda4710caa9a31542cae694a712e7ad33f154596b3ba26fc0fdc5f41d315f7792b5ae19df7a744083ccda4ae7a5d89aee88c9eca5909d3b5fd82de187e9641f46", 0xcd, 0x8}, {&(0x7f0000001f80)="34d2c0c094baf483aa2b933d0bedda358938d84320edf318d3a88b8b6bd779bbd61381bc66db23734fea4d3f19642f9bd0072399f7953b2124086d052e926afc970efe67ce2128d14236a5923961fc570005588032e80e1b5329ac4c5750", 0x5e, 0x100}, {&(0x7f0000002000)="807a5155bbee1558a09b6cc851b2699b56db5eab43a89fd79bf76dc3510ff7cce2ea490e2c530cceb19e230e645d5adf7f2643e5e693dcc860ff1915b824f64f205c8b874594c652e5134a110530f989b88d0034f7416f207c43d2f7244fd731414e851afe8344ba3e6039d7db5d2ec81ec715b92765b36ea4217f92ccdcf5ab166df2b87c08910d0a72fc6fff28d57d", 0x90, 0x7}, {&(0x7f00000020c0)="fc005940da268ee3816968d01d5dfd37e938328c2d0ce115a833801d0704dd8ec45a503cff148f91eebefa7bbe23ce35b37f16f8e01af52f00c5dd820c4da8b4d722e7596f53add34795ba20f3b229c3c56f658f048d", 0x56, 0x8000}, {&(0x7f0000002140)="5f8f6e8df48698306b79db88601ef0e31dced439d1952c703bf9fdb155461ba8f0982edc21c0dffb4590eeed552c60f8792d51efd294e14ebd0f994eff4d45c2eaaf2c3b915da92b9fa1990d2f069b08d9d1f8d681f23657c70e1eba92b0b7dba39f7b456c72b0ba03a34f13883bf0a1bdc0bd006342", 0x76, 0x3}, {&(0x7f00000021c0)="8f87cb1d3356ae197e4699dc3ffd6697a260fe4ba56d374915f81139785fbfd54fcaccecfd138caa89a74dababc4e8d4525f7aa42058967f4b55b4", 0x3b, 0x872}], 0x8e002, &(0x7f0000002300)={[{@size={'size', 0x3d, [0x30, 0x65, 0x39, 0x2d, 0x67]}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@huge_always}, {@huge_advise}, {@size={'size', 0x3d, [0x31, 0x2d]}}, {@size={'size', 0x3d, [0x6d]}}], [{@smackfshat={'smackfshat', 0x3d, 'euid'}}, {@appraise_type}, {@appraise}, {@uid_lt={'uid<', r0}}, {@smackfsdef={'smackfsdef', 0x3d, 'dots'}}, {@obj_role={'obj_role', 0x3d, '@'}}]}) r2 = semget(0x3, 0x3, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002440)={{{@in6=@dev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000002540)=0xe8) mount$9p_fd(0x0, &(0x7f00000023c0)='./file1\x00', &(0x7f0000002400), 0x7800, &(0x7f0000002580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@seclabel}, {@dont_hash}, {@uid_gt={'uid>', r3}}, {@obj_role={'obj_role', 0x3d, 'appraise_type=imasig'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x64, 0x62, 0x65, 0x63, 0x31, 0x34, 0x31], 0x2d, [0x36, 0x63, 0x61, 0x65], 0x2d, [0x32, 0x65, 0x65, 0x33], 0x2d, [0x61, 0x63, 0x0, 0x61], 0x2d, [0x35, 0x34, 0x64, 0x3, 0x39, 0x37, 0x61, 0x64]}}}, {@dont_appraise}]}}) r4 = epoll_create1(0x80000) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r4, 0xf505, 0x0) r5 = openat(r1, &(0x7f0000002680)='./file0\x00', 0x141040, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000003c00)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r3, 0xffffffffffffffff}}, './file0\x00'}) syz_mount_image$msdos(&(0x7f00000026c0), &(0x7f0000002700)='./file0\x00', 0x4, 0x8, &(0x7f0000003b40)=[{&(0x7f0000002740)="21d5e90d841eb7d2db54647bfa8a6ec1cf0f0b9607e5362ecea4b72d42fb0b144355e1aa5f7bba3eeb0ea555a6c545e5f9deb62bf68f6562205ca7edb969aa4447d4da1fc35dbecb478abea6030f8ab04ce3020c2bcc44c60a64d766a97b4312699447e7860f0ebf83267a835901fd7f14669cfdf687309a177ed04e6bbd432678c1000d6d518f5721c76c12edb62651ab88d3e67a8160188dc6e3218d5a42e44d21943ffb28cc1b5c6918e3f4468a51c44bc3f6f1892dbfda94bd633e17470192bcdd8e3f972932ddc8c22aef", 0xcd, 0x3ff}, {&(0x7f0000002840)="3c2bb16da6434ffa70cc0d01a9f11857d4d803fb85c3c1b741f656275de0d6fe35b228e0e08f9552f5f7a73339a72b84048df487fd9c", 0x36, 0x2}, {&(0x7f0000002880)="a223f940b01400a4fcc2af358338a2095225587a4fd534dc5db3667f589857426b72bb545f26a69ca05d3a738ecdf97416aace1bce9720185f61f1d0603ba12f351126d3832b35c520a97a9edc80417489b3ea0ef4f79e7667f8e23638d62311a6d3f1c14bcfab5d04cf414986ef", 0x6e, 0x100000001}, {&(0x7f0000002900)="3cf468c217c3d4378ce39de7aa4782e67cbd8d05b50a0671f0b67a144f32924a44bfc306b6", 0x25, 0x8}, {&(0x7f0000002940)="d471a3a96a52d255a05e3d0b66a787105b3f1d78447803147c80c6af88715ddab88d5d6b6b5e58d56d24c11ebaa2d26415e8908c60254636e1fbbeecfd8517c67cf3dcedde92d5b2bdb76a834bfa10814b1fe5e5d14c2bd2fcdc82d6f82bb006cb4c04c9c2c7774ff6d9a72bf9049223a794368332d5aab39762b5b77ae12879035fa47baea4952849fe20da8efd2bee9744fdee7b20cb6692ff59c246b22b01c88e913d7381e91dbef13625afb453c9f9afd78fb0c0ab173c6deb8cd77c6fea19dc", 0xc2, 0x8}, {&(0x7f0000002a40)="798db7ce70228d30ad5a740003ca15264364a651aaca2e8beac72912f55e13075f98af564f415bb2f2d2408c7fcd17b502ed087e1c83bedb5a966ab1ed3a06191f3c6d8125da8a8158981d2dc453cfd4b4c5d9085c2eb7aa73bdedc7b036473bf442c7bcf6c2ed31da54c97d59147f2718ad95043423337da2af74aeed80881a2f1c522bf8ade4e2d95cf5d1d3d85f0481032d7a3d843e4125b3a3480f6373d48e98606537c2d938a815c7f4b1414fccb5e4e6d19b3bce4e5801ddc782cf1b7fa5635fa89339fc51065b293f6f5cd71ea0257ebb64fb60a0c024de7d1072c05e3933926a71372f8fbc158fda04fc67672c50a4c7d2ae947a0daf7b8b736fe19a7410f5defcd4e939ee11760c7f1ee35b8fd0d023402c77ed5653f7155e3d3da3f43cd8bcfc78e6fd230ae08874e62f734201c8e4687614dfdd27986135f96bf436436292320791b2d3f90dd2a9cf703eef434d1354179cd55103f521fc059d55c4d97914d286f8222c98f9e230724e0b0f2cceab59de6d35b4c0d0870b5ec9892d899e4c7e49736610ecf33371f3363040c9bb1da7bb82558583c747a32978be418d69d4024de07e5f9ef71b4c23dff49a3d20d1c2117a67951380254c87ae748ed49f88a40050b7dfe462030db8b1163e9260e4c059b6f02df43abb1422198e89237179cce6478086a5f52aa8e36f9ce1102cbe1a77027b9486d7565154f2400f584aa959f65529b090e25136260643502c8bd70775d849dd6abf1ba2a868e17c695ecd4e2fc3bbeb45cf18e1c5d03dfdb7838be7fd40748f607e617292a421a967b07c38316fc3b66dd8580c4d35d9dfc21ade011c206e4b82c5c535acc6e9cca711be35e1474930c504f8eb122ce0ba6a2a24df0112e3ea56abef404379ada3be821eecb5905f08f44c50542314cb773608bacf3d25cefd7a9de06d780d566cae4ae1f8323cdaeda2b08c9b73fd2d831b96c603b9f7533b4d65a851945ed43662f91793b04354bc5f91da3accafc62124d8d4acd87df3665492508396d3e13391be5992a43b8f4d22c50d9474279b92b69eaefd0b286d3329ee048d1cb7fd3541756480f4b0ab915b7a8998a121a825f529e5e52845ad2b8e57642052a6aca6afd41e1004c7dea407a92f7779c70807fa25c3c9afcf84dfc9c2e08ba1230a718f21f4c3178cfd891f3b835ddafad1714e2e832bccab7d7332f94bc8ede8aaead5a116b3eb560e7fc18f45e4190855b99ccb52eaaccf9e9d28db633629b6201d9327269dc5ff35eecade1fd56fb7bcae6ba3eb9400946e87a055824ac0174b0ed9c93ac161eff8c70a4d47afddb6fc99bac19ff894088ddee2c4ad9138c9c207fc2f684cfcdc23ec352f951a9f9f6e00040d53f501e6f7158de79d390455dd50bf70561d203e8ddf59870344bac614aaeeae651415f9c112156a69360c326928fc8ba0fbde89870b2b453a286d10523b56123876fb5c46be1181c7114615af7cc47dcee635e024918e91651dd269e43e07949478c6f4f4d3dfc2be529008502c7873f1aa102f5629d5f36ac3fa3e041b9d4e3c6cc593218361768cd7501a0929bbf8887980f65c0d56832f72ce3038d676aca98c8b3533783fdd32ed4cfa84bf18691981ae68bae36c40bc280767b3d7a01e0f24de398f966c2c51b27a9060235ee8db1d04c44bdb5ff962cf7f9af70e29b7cb57e1cf3b7b8dcf83f475c783a4ab78f7813fdd3853e3dbb0bfbe18842c32210e6a5fdfc679972470d9944d422d8322f9098560eeec61dd3bc04dcfcc135879409443ee3c087d3af47c511032c2f5cfa79751f0e764c2a105dd343ab584bec28f5af231c5d470d396cf874146b4356da6e9ba5018a650ecbc93c00d37d454982aa66328477823de15fbf1b39c76fc612738b356421798ec5732792c9b07ca2771fcd27e627f17da81867bf874459001cf311c70247cfeea0e2ef8f840fe52a1ddb1be2d21ea65baa482187bd7e8aa95bdad536ada3a226f54abb454027fe4dc33c951324883a54ccb5d4b11d843f994e126b1dbc3aed1ef892bac4c02af52e113a8c981387dd4abc14fb72a84ccaf406bb6adf04ffd0ad2b49cfccb811f6ffe62a450de7a602e4612da75de35175358bed36a95ce9158b7fae09050fbadd06eb7f99ef4e88f42e427fcd798dea6dd933ba2833bb54655c5e9d2334eaaed8494c83b9fdfceca296f333da6f641b2b3270f8b36161dfa0406ee366ef5414bc18962a7cfb166a58ded25c0e99d5ef745abb64ae5f008a0002722cfc1055e8a2562753d327569578102236464e35497936b224f865a898ec45202ef97cd33ca57c878ca8d632f36fec6fc5543a875057c21871391e3bfaf7ccbd876ebfdb9de7d3e0d83a2483db9fde0c1e5b405817af2d68644f8a75c1d771010c59c4f2c76913501a7b9d25f24245ec7da46b575bea7db5b939e258f8e01041e9080f000fb7959ccf7ece0688eda3cc00097818a99898980110c0ac1e7a0ea6e194128b6d536627d9c0df92b3abdaa697571f1745a96ab8bbcbee9cf4888a4b4a796cea7085ea8ea1c71bfb64316d9b95f9ab6f256657b150818d832b1a6d92ff1562a2373d3c2926e6afc90b51f74df8284b122c46eba92e808bd9ec783c9ad7390b6b1b671853ff93821f886daf5a374e0f4c7535accfac72d19d92cf886df579e1a67135a22c515814b2ffa615b218a31de826938fdb1321ba6098022ba59bc627b7cca9ea6c7ea3cd85ce28d92c6c92a8774b53fa576c1dae45fd6a654123b114f0c4ca264d359c25b2774f7f9978bbd1095bd7860671d18dd4f5e0e338dc0d286b3c85f858c19c0bf10f548a586370b57d9ab9036061f61c61b8afd2ee8755599006f75bc52d144548e67346c48ba2b1a6cb06a18892f78d0a8fd2a47d516c173a0c73ca953553ef667a4f449f46cd11b9b5748c95e970cc1bcc115ca75b62a1bd56154c82066e6933961f8b8b4a4d08b4276cc9296fc03388de96c1a5570d37f5ef33326b430ddf04ce0acaac5850c6f5c8e4aac27c335ee674e4bc4c8d7c28be14be8230799a6fce3029b2cc3854edfcd1b3b69adfb2c9f4634014f929080722944f29ba581e4814b966e487b435ac172c17554f1acdb44795c0ab06288ce88129917b5e2a836433be0d8c9b9771e66e79fb7c4b459b44be9ecc7fae92f59f1dbec86f02bf48148134e240a88d168488c30e9e7981efd7f6e8dc0211c7234c43656ea9db9a9679f7f196bbf149d7ad614f346fc014b79a07206784431e50a5891fde66bbf4201d8f4cc5cf2211bcb363147a2973cf17acd8468a812d9755cd21614b014c04a78754f96fdd5cb0d37b5b55febd4d92d70a87ada4c66d2f6cd866178d94a2fa3f52f734b93d68fc66147daf59ebfe2731aad38d48560525c54b377ba3634c99982ec317e270524628db4e247c7fe2b2072d9ad8adccb1d19b07153a1ddced818f8bd5465a8e1d21641a33797fe8584ad3e8249ce5f1cbb0bf90c78e347b54e29ced4cb5452ae24437c96dc6d65117d0fc2106f3466b8215792867a41c17cda35a5e3464b48e8851a0ddc5a13ea3822479a8ac836087dc7eb4ce5122ad6b1d2d4f75962fc1f86ea46f9a87a76fc615e948dc776256d7efb25ec8622b6581956c3a7a0156a000fd0eff69f16095e4d89d81f513603ffe9b2f4a27fff91cc2fb1fdb18bc3cd0e2f49e4cd357da64ab734221193004dc5e64a20a638252a1c3da61e82ff0fae469520fe113936cc906279a7749d2d9e9268ec5139010e169ef214206981512d1e79cc2377ef0abf8395cbd55a3ead47489dbb4e7d6316370fe86411b3ab3ba542906feda5f2e81f3374cadc5186a6c180fd51a596a0966abeb3b6619d8b62f67924a1c77a559bc28f6f798418362217191a85e6cf5ee2c4906dab230ba6120b602a3e70375fa1b6ab6e7807d5eb17479ada78058c36204cae8fb906c9e620377e84c022acbea6887fc75ead1971b66dac810fb9cf0c42922cde0a95d7c9a74eef26f51a8cd426da7b0c730a0f918cdc65e93e2ae0d18c9cf989420a20339f5a0e88ba1a3c2eafe878644eae7d1f1883ee2aa17ea8038c674304609cc290ac6b0dd983c5f7bb2c6b271d881fbef40687f3787a2b57a2371c3850a57b80686a8a90b484b8876b49b1addbe48eeeedeafa3ff7ef29f68e03bad444e0434baad5ab1d13aaf30432c2020ce915d5ba2e85870c15873d74076bc2696317c00cc4d139970fc4b2ed7095352aa026d00ed660e856cb81f57bf210d2f65809fb704ab44a1c3d7c139bb1a5aac2bb8d1efdb930efd67e44eee18a007f84838770c42951c0286df1baa8c4ce1fd2323cf88812b58053398fba2f24a2ee3dcef12c81e4c5081cd1c58c4fab79a7a4a9eecca546fd0e07107e88a00615e857564218ee55dcd4c5ea034b063ae477d41cd0dd95e969a8d7d67307004e5986994b394508e01c380ad8719b27227a88c9a298ed6438b61aea08ff704c1a7184857de12fc0d45f0697c36770ca6dab956ac228c4cdb66c6a7443a8273786fd15e15fd8951ab1bbf82988dbbc5f73344e710967f1d64bf89b916734512c295ddf3fb20798d5cadccc1c2d139877abd4fb25e30b8c5e3a6364a28460feb4fc8633273ec1905260037e6123eff8e585b29468c12e633a1d91fce7d88cfa76b2e8b49227cd41c9385f7280466ceae1caaa33f34f60d8f76aebd1be7912885a3e2f8cd28893da83eb092fa5f4010a10cae6315db7520962a4fcdf22a2b894ea326f0a144fcdfa72b7525e394580b5e742bdc057cf5d1703069c77af3eef9082268793068e2299c3b520e72c98f81fc5a7d6d84df8f852b6be4ec9ba199240a769b4a667d33770b70b87a541e0238b4472f4ed91f888f0c04cb0c4efd6ee4741570aa51eaccd49f86c107af22e5ee556e76f767a2f0d56b53335a923cb0684bfecdb7852d2a6298283b70674152d2c0c589485fcc8d2c68cdb51d04496586a3aaec80c4cca5e8bf4c9c4f418273ce869fdae340e0ccdaf7e3c5a4275504de586e84087d84805790e10c8ae1092cb902d38b4f59ea8fc876f4fc06b880783e0f14d8d14960b0f6d9dc8a482e0822c00f9ef74592df958a2b1e3d35ffb26ea7cfc209ddd8a66b3c25316ee181c9fb554458fdc32c6a26ecbb4a3a628dc7d346240e7c14144de40224154c7c4e4a1f89854514559c54386abac79367321bc532744689514a63f247a377cc76a9a7fa5e2eb2111594f559fdcb6b51a8eb6bf68c3925a5a4b44d31176469d2175aff322f48226cedec1ef8962336115e85066355e33af6d09c1b3751637d16b3f8294662da73a75a41aebbf0a61399da10f748579467edd1a02def8929aece1e993ab0723d8e64332ce758f2b4161333837c14e746f66128f94e7a1e761393584cb510dac59bb37b190403adbc507ab5a1645e3f7b98b17f4a7a640d1514c1bdc999ba0fa8cc548b2f7a1976ea7002c46074181e0fd80239b97ee89ab02b5623583ea1ecf02afb4059eb9caeedfe513d6f1a89a2b062e446f5993e338031315276e4867162deb1bb490a5b6388c2c25853ef72952d784de18e1591e0997b5a8db6823c663f22b9af3cbf849871f335bea0d521490145b2c26a91d501294091353d337754f054f1ab21ba1ea157de314d1b49f83a51b09b9d56de4894d18544942814985fb050a88bb01ba062bd5859b265914d40e975ce0dc77525b7716e9dedf8132ffcaec3b6b6f138bceb9df4bb1d1bf82f3497ae28b62df9bbf879851db266795a6a55bdedd", 0x1000, 0x8000}, {&(0x7f0000003a40)="50d2d6cc98353389843769bc5f7d0d206f4371ef504e1014bc7a6ccdada31c5f73f106daa954d2957c562d8c376bf5456d4329eaddabb532a8659e07e85df8d886d0d0a5b842368d4ea333d9fea8932468bd38c764bb23e3", 0x58, 0x8}, {&(0x7f0000003ac0)="9e2ef2295963baffb2bfa012540030af06086af823424bdd0c123afcd0ed6b15a301529fc3839008245a7fbb9d9d0d4c7889c2a7591ff18df2c817e804b53b31f0d00899b637c6915f905cc32b6a44a8f972ac37d7f661627f19f39036c64ec76affd471ca639a1f2ffa25343ea89cf035a6fef6bf30a8b53032172f122c30", 0x7f, 0x7}], 0x2a02c0e, &(0x7f0000003c40)={[{@dots}, {@fat=@uid={'uid', 0x3d, r3}}, {@dots}, {@fat=@check_strict}], [{@fowner_gt={'fowner>', r7}}, {@seclabel}, {@smackfsfloor}, {@euid_eq={'euid', 0x3d, r3}}, {@smackfshat={'smackfshat', 0x3d, ':'}}, {@obj_user={'obj_user', 0x3d, '(\xf8/K\'!.!%$.'}}, {@audit}]}) write$binfmt_elf64(r4, &(0x7f0000003d00)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x0, 0x7, 0x2, 0x7f, 0x2, 0x3, 0x3f, 0x210, 0x40, 0xbe, 0x3, 0x1, 0x38, 0x1, 0x20, 0x0, 0xff}, [{0x70000000, 0x8, 0x9, 0xe43d, 0x5, 0x7, 0x5, 0x9}], "291e2e32dcb6164632f0ba751298f9e5dd85e858475f8dfbc3ad2f7ac1c597d9e7ea52a1cfbb58b4d4dca04e94bfa8f2d99d7c9ec16dec536a604d32fec490c24c4f663cc9941abfc9910ac2ac6113772e7ef9eb58a06896247532960060165f947978fe3745df76eecb71edda3a054164906c46f625d511bc02130a41a9", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7f6) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f0000004500)={{0x1, 0x1, 0x18, r1, {r4}}, './file1\x00'}) openat(r8, &(0x7f0000004540)='./file1\x00', 0x28000, 0xc2) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000004740)={'nat\x00', 0x0, 0x4, 0xff, [0x8, 0x7, 0x8, 0x800, 0x80000001, 0x40], 0x5, &(0x7f00000045c0)=[{}, {}, {}, {}, {}], &(0x7f0000004640)=""/255}, &(0x7f00000047c0)=0x78) 01:21:49 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff8880571114c8) 01:21:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 30) 01:21:49 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000000c0), 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000180)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r3, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1) getresgid(0x0, &(0x7f0000000280), 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000000c0), 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="200000006b000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000df159d37260000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='delallog,\x00']) 01:21:50 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00']) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) [ 2562.015991] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2562.017422] EXT4-fs (loop4): group descriptors corrupted! [ 2562.230049] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2562.242596] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2562.307942] FAULT_INJECTION: forcing a failure. [ 2562.307942] name failslab, interval 1, probability 0, space 0, times 0 [ 2562.309748] CPU: 1 PID: 12778 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2562.310747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2562.311940] Call Trace: [ 2562.312339] dump_stack+0x107/0x167 [ 2562.312869] should_fail.cold+0x5/0xa [ 2562.313422] ? __alloc_skb+0x6d/0x5b0 [ 2562.313974] should_failslab+0x5/0x20 [ 2562.314524] kmem_cache_alloc_node+0x55/0x330 [ 2562.315184] __alloc_skb+0x6d/0x5b0 [ 2562.315726] __ip_append_data+0x2930/0x3310 [ 2562.316388] ? raw_destroy+0x30/0x30 [ 2562.316944] ? ip_finish_output+0x330/0x330 [ 2562.317571] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2562.318301] ? memcpy+0x39/0x60 [ 2562.318785] ? raw_destroy+0x30/0x30 [ 2562.319332] ip_append_data+0x114/0x1a0 [ 2562.319920] raw_sendmsg+0xaa6/0x29d0 [ 2562.320490] ? dst_output+0x170/0x170 [ 2562.321045] ? __lock_acquire+0x1657/0x5b00 [ 2562.321687] ? perf_trace_lock+0xac/0x490 [ 2562.322301] ? SOFTIRQ_verbose+0x10/0x10 [ 2562.322899] ? __lockdep_reset_lock+0x180/0x180 [ 2562.323581] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2562.324322] ? find_held_lock+0x2c/0x110 [ 2562.324928] ? trace_hardirqs_on+0x5b/0x180 [ 2562.325556] ? dst_output+0x170/0x170 [ 2562.326111] inet_sendmsg+0x11d/0x140 [ 2562.326663] ? inet_send_prepare+0x540/0x540 [ 2562.327301] __sock_sendmsg+0x13c/0x190 [ 2562.327880] ____sys_sendmsg+0x334/0x870 [ 2562.328490] ? sock_write_iter+0x3d0/0x3d0 [ 2562.329097] ? do_recvmmsg+0x6d0/0x6d0 [ 2562.329658] ? perf_trace_lock+0xac/0x490 [ 2562.330266] ? __lockdep_reset_lock+0x180/0x180 [ 2562.330944] ? perf_trace_lock+0xac/0x490 [ 2562.331558] ___sys_sendmsg+0xf3/0x170 [ 2562.332125] ? sendmsg_copy_msghdr+0x160/0x160 [ 2562.332795] ? lock_downgrade+0x6d0/0x6d0 [ 2562.333406] ? lock_downgrade+0x6d0/0x6d0 [ 2562.334013] ? __fget_files+0x296/0x4c0 [ 2562.334602] ? __fget_light+0xea/0x290 [ 2562.335207] __sys_sendmmsg+0x195/0x470 [ 2562.335793] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2562.336417] ? lock_downgrade+0x6d0/0x6d0 [ 2562.337040] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2562.337746] ? wait_for_completion_io+0x270/0x270 [ 2562.338440] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2562.339237] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2562.340025] ? rcu_read_lock_any_held+0x75/0xa0 [ 2562.340698] ? __traceiter_irq_enable+0xc0/0xc0 [ 2562.341387] ? fput_many+0x2f/0x1a0 [ 2562.341926] ? trace_rcu_dyntick+0x2f/0x170 [ 2562.342584] __x64_sys_sendmmsg+0x99/0x100 [ 2562.343203] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2562.343963] do_syscall_64+0x33/0x40 [ 2562.344505] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2562.345257] RIP: 0033:0x7fe4a84d7b19 [ 2562.345801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2562.348488] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2562.349593] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2562.350646] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2562.351698] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2562.352736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2562.353785] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2562.369607] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2562.387032] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:22:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x91ffffff}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:22:17 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r0, 0x2) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00$\x00!\f\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\f'], 0x2c}}, 0x0) 01:22:17 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000001000000184e7b27539393f268000000", @ANYRES32=r0, @ANYBLOB="02000000000000002e2f66696c653000"]) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) r2 = gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000280)=ANY=[@ANYBLOB="b0024873edfe176313e675cba6c44c2c36db608502daa700b8461f2b6986a293b02b5a0f4d6b0456b1c223f4560ce623b3906cf073cc17fad0a456dd8fdf3303ce2d0006e4fcf727ac3d95d3380a3644455efd4d445808e9d237c9d8d22eee8aa46e0374aa4190a94ca290c5f39ce3dd9c3a036481d3f9d605a6205adbbd02b0aca0aaf7fb3294dcc256cb7c23f568334190d1d578a95f1ad69a23593732ffe7c54017d58573e7f47effa999a16422a5bffbf4137f25f31b0107d0669800000000"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(r2, &(0x7f0000000080)='net/ip6_tables_names\x00') ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r1, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:22:17 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x97ffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:17 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x4c000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:17 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff888057111698) 01:22:17 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x20, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0xc, 0x11, 0x0, 0x0, @u64}]}, 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) r2 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000002c0), &(0x7f0000001400)={'syz', 0x0}, 0x0, 0x0, r2) perf_event_open(&(0x7f0000001380)={0x4, 0x80, 0x7d, 0x0, 0x3, 0x7, 0x0, 0x4, 0xb2802, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2009, 0x4, @perf_bp={&(0x7f00000000c0), 0xb}, 0xc701, 0x400, 0x4405bac8, 0x8, 0x800000002, 0x4, 0x7f, 0x0, 0x7fffffff, 0x0, 0x401}, 0x0, 0x3, r0, 0x9) r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='syscall\x00') preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000001440)=0x8001, 0x4) add_key(0x0, &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r3) keyctl$KEYCTL_RESTRICT_KEYRING(0xa, 0x0, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000280)=@chain) r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000001300)={0x0, "846529d2bb616646c0f5687588b4b747009c198fc0e47f53037ecf9d278a7d7406a53d6355776dc74eab90dadf8eecdc78c7164781af7fd5e0afd2e2635dccb6", 0x21}, 0x48, 0x0) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, r5, 0x1) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x1c7a02, 0x0) 01:22:17 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 31) [ 2589.636804] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2589.636963] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2589.644908] FAULT_INJECTION: forcing a failure. [ 2589.644908] name failslab, interval 1, probability 0, space 0, times 0 [ 2589.646497] CPU: 1 PID: 12806 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2589.647453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2589.648557] Call Trace: [ 2589.648925] dump_stack+0x107/0x167 [ 2589.649427] should_fail.cold+0x5/0xa [ 2589.649944] ? create_object.isra.0+0x3a/0xa20 [ 2589.650569] should_failslab+0x5/0x20 [ 2589.651091] kmem_cache_alloc+0x5b/0x310 [ 2589.651665] create_object.isra.0+0x3a/0xa20 [ 2589.652258] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2589.652952] kmem_cache_alloc_node+0x169/0x330 [ 2589.653572] __alloc_skb+0x6d/0x5b0 [ 2589.654068] __ip_append_data+0x2930/0x3310 [ 2589.654665] ? raw_destroy+0x30/0x30 [ 2589.655187] ? ip_finish_output+0x330/0x330 [ 2589.655768] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2589.656451] ? memcpy+0x39/0x60 [ 2589.656895] ? raw_destroy+0x30/0x30 [ 2589.657400] ip_append_data+0x114/0x1a0 [ 2589.657947] raw_sendmsg+0xaa6/0x29d0 [ 2589.658474] ? dst_output+0x170/0x170 [ 2589.658981] ? __lock_acquire+0x1657/0x5b00 [ 2589.659599] ? perf_trace_lock+0xac/0x490 [ 2589.660150] ? SOFTIRQ_verbose+0x10/0x10 [ 2589.660704] ? __lockdep_reset_lock+0x180/0x180 [ 2589.661337] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2589.662020] ? find_held_lock+0x2c/0x110 [ 2589.662580] ? trace_hardirqs_on+0x5b/0x180 [ 2589.663170] ? dst_output+0x170/0x170 [ 2589.663683] inet_sendmsg+0x11d/0x140 [ 2589.664192] ? inet_send_prepare+0x540/0x540 [ 2589.664785] __sock_sendmsg+0x13c/0x190 [ 2589.665320] ____sys_sendmsg+0x334/0x870 [ 2589.665865] ? sock_write_iter+0x3d0/0x3d0 [ 2589.666428] ? do_recvmmsg+0x6d0/0x6d0 [ 2589.666949] ? perf_trace_lock+0xac/0x490 [ 2589.667528] ? __lockdep_reset_lock+0x180/0x180 [ 2589.668149] ? perf_trace_lock+0xac/0x490 [ 2589.668708] ___sys_sendmsg+0xf3/0x170 [ 2589.669226] ? sendmsg_copy_msghdr+0x160/0x160 [ 2589.669837] ? lock_downgrade+0x6d0/0x6d0 [ 2589.670400] ? lock_downgrade+0x6d0/0x6d0 [ 2589.670964] ? __fget_files+0x296/0x4c0 [ 2589.671521] ? __fget_light+0xea/0x290 [ 2589.672051] __sys_sendmmsg+0x195/0x470 [ 2589.672588] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2589.673164] ? lock_downgrade+0x6d0/0x6d0 [ 2589.673739] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2589.674387] ? wait_for_completion_io+0x270/0x270 [ 2589.675031] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2589.676228] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2589.677285] ? rcu_read_lock_any_held+0x75/0xa0 [ 2589.678189] ? __traceiter_irq_enable+0xc0/0xc0 [ 2589.679083] ? fput_many+0x2f/0x1a0 [ 2589.679846] ? trace_rcu_dyntick+0x2f/0x170 [ 2589.680502] __x64_sys_sendmmsg+0x99/0x100 [ 2589.681136] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2589.681899] do_syscall_64+0x33/0x40 [ 2589.682459] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2589.683229] RIP: 0033:0x7fe4a84d7b19 [ 2589.683782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2589.686511] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2589.687640] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2589.688715] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2589.689791] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2589.690866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2589.691950] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2589.719912] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2589.723861] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2589.736450] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2589.738072] EXT4-fs (loop4): group descriptors corrupted! 01:22:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xdb83c10d}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:22:17 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff888057111780) 01:22:18 executing program 7: ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000000c0)) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000130001000000000000000000070000000500000000000000100000800c001a000600000007"], 0x2c}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r2, r1) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x400000}, 0xc) 01:22:18 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x68000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:18 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r2, r0) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000540)={0x338, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1f}]}, @TIPC_NLA_NODE={0x260, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ID={0x6c, 0x3, "5b1d101b5668681bdcfdb5eb06934cba3ed09cdae5a3c3ea5e1356fdd7a93197e19030ef9a8e3d6ac28a2fd8657d2629615bc628bfb24b6e64623df3102858690a2ec837068d91d13e9fe331cdc26539235ddbe4ca699d7ec7e03692756bca17eac9a62a929afbb1"}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "4df776c335b0c1fbf463ef5fd67cc5341991b7cbe41a"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "ba928a91da271d725a0c15f8e5b6e919ad4b0227d0137a211a238ec9d5d65b29"}}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "39827dad9de21e536e71b08ebcbfb91fe173d9ac0322c7fbf194f45087e2c8346ecd58"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_ID={0x51, 0x3, "9f3bba5378afcf0a056114d5a9c31bc15c3cfd3367105751bbf8c56212283d08f1a9a98dca9ae89ae916b6ac87e23d647e674aee9d59ec43e78b619a4b40342a1e74b6b58dc4f9c25a2549f384"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf1}, @TIPC_NLA_NODE_ID={0xa8, 0x3, "e78faf417cccc6388bf274c4e0d233e9f553af4cc82a09630505bd19072bebce951cca483eaae8ebd3cf6049fbb9aa9493bb05bae73ae5ad3ed018477a0dd7a24614d22338146c63a2233903d54e612f5ca24f6cc3b7c364a7c30abf43c55b45334dc7b01121f07a30e270ee5667477d584fbd53c7698900b5afe213442d654dbcbe460e33455405dced85bdc5299b52e77344386d74ae13de394255c95ca8bd0dc7fdd0"}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x35ac}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x437}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xec}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x100}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}]}, 0x338}, 0x1, 0x0, 0x0, 0x40000}, 0x41) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r4, r3) close(r4) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x3035, 0x0) clone3(&(0x7f0000000ac0)={0x134064500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 2590.029543] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2590.048219] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2590.065230] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2590.082148] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:22:36 executing program 7: r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="9f04cd16b2f4dc73a49328916b685feda945324d89ba3f463ba563448011c0dc5812329889db0e227836d11c45f6ec015fbd01f3500dfad421c8e886845a3733e8a55a070905146b5f281503e88332ecc048ac05ecf5a03c9c383617688df59a34d3900b3b256396c4933b47e26dbd72037a94f1e4570ef5bdfe373007dc8144d88f283c8bda20169eb4a949fd223f8f0667d34cedf493172a6e7ecaaf228a305fd20ff746c97f39ecfb12ad0b65ee3fafc118e0e25a8337ec8f0aa5a07e2e143cc529f0fa7882f0a0b05536e2d641d34d7bc5f351d8594dffc37480277b484640f3cc4020232acb1d9bb939511ea355c4736fefbc57f8145d463abc6f", @ANYBLOB="7c9fe20c234c23fd18304ec3a7370200000020aec2293d6fe9094aa2d235e1edce3892104e69bec56d5617799747b7b6ea835feb464723000000000000000000000000000083c1b40e32c1e46a98abf0d6d601fac7111ddd6af6b2cf34a5c6e8eaa1abd18fe7a477c258719264d850feab41901ec4482c7e9ac29c4d9e23d060c087b0ca0b4dfbccb90e34104811137229649725c29b57be35988be80dd529ae2926627c2844daf1dde38844614f73931fa263645485b77d398e3046631919e43efa372420d434c5ce24b8c6e74d0d94b220519925838ee93a051efcbc4084b400000000000000"], 0x98a) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x102, 0x0, '\x00', [{}, {0x800, 0x0, 0x400000000000000}], ['\x00']}) finit_module(0xffffffffffffffff, 0x0, 0x0) kcmp(0x0, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x47, 0x8, 0x3, 0x0, 0x6, 0x41008, 0x7, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x10001, 0x2, @perf_config_ext={0x101, 0x6}, 0x4040a, 0x1, 0xef69, 0x2, 0x40, 0x83f, 0x4, 0x0, 0x4, 0x0, 0x9}, 0x0, 0xa, r1, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'macsec0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="3c000000010000000300000003000000022000000100010006000000070000000100008082243e2bdca3ac8f4516bef8fa320d97a21009a63c44aca4c4ebbca7ed109fd3a4262686037a9fe2d908fd22ce367ebf1a5af00c7cf58cf3418c52b2046cc4203f17e7911e3b303d19e18a93ba86fbdab5652aebfe6ffd10361015f3db50f4b42ab62e0934068da45aa49a40b7be4e7e8f613679fc2180414c3200effd95715b2a02b7538e37b05e3000fa4d3d1e1b12efb05c6fa0b955141f2ab6639a44ab4a4a22c04232bb74b8461206f87706f1588e4eeabc086a30a8408cf6e3c97befbc327ea3afff383f0611428ff5745b4fefb340ff1989776be7"]}) r3 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0x0, '\x00', [{0xfffffff8, 0x10000, 0x0, 0x80000001, 0x6}, {0x7, 0x0, 0x20, 0x2, 0x9, 0x8}], ['\x00', '\x00', '\x00', '\x00']}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) dup(0xffffffffffffffff) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$BTRFS_IOC_FS_INFO(0xffffffffffffffff, 0x8400941f, &(0x7f0000000800)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00'}) tee(r1, r4, 0x1, 0x6) unshare(0x48020200) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000040)='3', 0x1}, {0x0, 0x2}], 0x2) pidfd_getfd(0xffffffffffffffff, r2, 0x0) 01:22:36 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="625ab77600ff"]) r1 = memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)="573895ace7b4e3e1c34e03dc27e235f2ccf8c4d0a39a926af566bbf90c281d86fe0f61f4a0bed1e6e15838ae4ade7683d6b7e1497d8cadd520b46961e22d6234e3422372fd88177a7760fe1e02495762ad7d3e20f3089e785d248a8c25a84683c88bb8ac222659c67371d08d0e71699aab43479bdb5c1dbbb531294c3d58dc17", 0x80}, {&(0x7f0000000500)="dd2fe52b5c202af647a7248dcea0eb4ccf61db2b0b4f13963f246fd8be4b23728f5659cb66b48c8b92d74a5f6d438efe8c437f8496c9b0c8a14d9d03820c1a7dfb3f1e396de6984b864b8df02f603205ac25e00dbf8eb1e542dc4105874a86e4dfbe9792b311c168fb261483210f6b9189ccecc06db39ed31a795eef9d954a8da063ccc10fef66f6f292c53d88800f7eb4d7513b867574795eec744e3a487ebbe8c5f9a6798da9f727e980f43580ceb3b7d22f9d04e9af8639b42eda6daa83e2761db696e319661267af27856b1e74eb6f148f4e0a165b3d9b5805add836a75343c713627a3560d4362ccfa042b65c687b02eda37cbcdba52b6470efbb6618fc33650b939631f7c1fa21e911f78b55e3b63ca78e8a76f70cb2cc19bfb127d71e4bb68787c25d3d33ebd3a36f8157ec8894351555c07a34b1a693df1ac50589fcff77e7a1a0fe26b21e6b086562b32a88e08787a1998284b11dbd1466c25d4fbda91a2954b70026b9763317359f0d4fd9cd96d97f4ced80e63079497d62a9950e34cda0185974edc805111e6162531d17aaea5736508bef47c28c9bba3631e28d7a12adccd4d2d5ae6c2c265c75c1c1cc370f188d396cf64cbb09a6a892cf4d684148a5b58cd5bbb6f72a3a601115d61c0872e079c6ffaa73d5ca90a7dda3b320d324f87011581a38647e8df77ad1fb77f6dd5a7e58e1f059e15f4a559e5118510839d3d484d5f589ef0adaf3c572486279bf12e1b34a9b58a327841df53aaec7e03e532206eb75150efb237c6c2e65f811535500e4e6e8c958931a26380d1098abba8edcc8314ac1c018fc7ac5094d24d85c95a257d22773f076471fcc66bf07b7c5b2e4c1c478cb58424be206aea91e1e854635a4ca9766dee60bd580c280df2f27624033d97812be7ad8b6c0f1a82151b45236e1093d8e16a215a16e7cd11956c823c51ce8d77692507cca1b68378eb35a1f6c5b85b8178bae32ada6fba5a18bcea1cc9ffad4f173d08dc8b8fe61d7352e0912692ba9d530551ad7f65ca27680d534f0692cf59c069a071928ec2168f8245f7fe686d27824d8ccc740f88ce33cf083d40c01d81842615380d56d05cf2338d6d8bd335b2e3e1ee4489e4955be7f2f55f6fa1a5c0207cbadef3b6a261edc6f8c5e386128116d13a9fcb21382a8bf25b6d03545bb1ff628335cdd94758b9b995d0b98a4d676253007b8e1dd05808ae4ef2bd44e932294d9883fab224976435f543d5bb9d02b977202fc0adeccf5d5a60c0993e2fd833a81558d2d6d4a1414457d22ba678a1ea69d949ebc4aeea7993955f33507bc5bfa1e0777549804b1a0de6abd47a199f434a6b63f286a25e0a9dcafd66d813f2f4aa2e3d1bbf5d47337644deeb91fe0056bbc4ef0714d0c96a5d646628656f3aee74fb77d2b13734d61d70b847c5974b829a1553d4b0a7a9c7aa6f13352bb353ea54b35418902c5c3f2557ebc40024e9422e90ae64f23d64718c9ee62ae79ea5259787ff65d74655d3160a91cf6a58e32cd98728a93ef8bf942d5e09eb7539a8d90fb0b23cead8b788619a40eb1269f9c7e407dd2adf5e67ec56f6de2e08d2dc5800024cd2b293f7f409dc5a37670a6374a19f77d795aea29b496815a28d1cede27bbee6e2b6fd6de482ba6f1ef7bac561754a88d9b3d06f5cfa222455304284a37a3185aa80a6ec6032fdbacc55d7aadd2413ed4dd14a0bc7653c22c81c06cf2367f89bdedd1884465f01254a005e81d15567864933bd4049a9aa581c832329e8044730ee1196f5d4af70c286cc3e50951fcf025f9fc2dc916859d286d53cf0608a56b70a682992df799134cb90ad3c0edd7f8db3d2ea4509294211db715f3c165afb1c2e4b0fb0b7622db578d574f1aa87350755300ebe53365501249ec4294cdd4b19a77b557831ea254c62589ccbe655cc34c1b5a90c86909edb0108a3ee1fdd2c05340b3c40ab69b482b163cbc6be46549c21680e8beaf9694bfbdd372ae02f80933e7a078c79941f5babc51e23cf2d0b8a082ad189504fffbdc36aa9aa27e4ab0852210c9a18f2dadbaea297b4e7b3e5bf937ae8bf9aaf35bb0fa597f0f865a81eaf7278ae31bca911ee551eb0464387c949bbac65eea71f9a5379e88229f6be4a5d1de50e94917bc5fe85251d93c15e23059cfc109969fea422f281fdf28597345befeaecda88142e5c9064803adbfe493dbcc62420aa76f80cef83a1e63d0a8b4d111a1dcb4df83db3d981a5e7db39f220ff046a0e2bc8562ad8106366960f07b89c64e4cbd3eeacd6bbda46b352212fca5f151d12a0fd6a6825ac871099a9e4d4fe01e831de7c62eb25e1f61ca08b8107716faddd3a4fef6a4008f15e3635ba6377cde191e58b28a654c05404775829c22739abb9c79e0ac0d56de7238fef3864e0e269eafa80eac02d54718e3fc1d5e7a098f8e11fc0f8e4817effb4f9f0b8622772dcb966f96d120a190ca287ed8fb44e1513f7a9d25b9efb43012c053a7a70372990f899063e920e3f4a07647f97fe3d7d41f8b6c5d1064119d887c546f8b3ac896c538724baf9faad5f121672e51595ebb25216badc4a536f97e83377cd2656410c8331dfb0f86b6154f74db353cf0a6153c7659604b0d70369aa2f1c2813c7f4e9098efe5f126938b58335985ea78b69065d25a6757213ac4ad10a193b87f3e1f496a3d5b90b1551bb5490276db7bf330b1173f047e43a61f84107cca9dc1732270ffaffc8c4df31a378934d8afa72261117f6f6afc76a7e0d214f810fa517af6b85ef1400635da1544cffb4b0fe1ded68fa89d591e3741b745eba4505d123f13462a592725ca0483d460986222070b36dc612a2f54a5935093c231b1bf9bbda9ea817057e10bd2f023e278f42a551c079e0f846c9994bb8672eb27cd1c90ac79634c3927473adf6018c6d84da739c5c140b8932245081fba5c4ba2512679e342d6efb2899316913b5eb7ffcb188c2cc2fb3a2dc232ae0fd9b5bb5881061b408f5f5332b9499e5e4973b085211b50fd88e52f823115194573b4b1a69e44e9278438e61440305e693e716cf5356e85e1802af0dabe2a88eb747f86f2b747ec1dcfe5909b1a41165e059d38af9fda8e0814042d8412aa0e542a849779af6275f56f1e50693dd5ba1b1216f527f5b5eba34b20c73598c260fe4b1fde6d489aef0062f4776fcb0c7c56a2824da4b4c8740c1de7eb294fcb25591a6637bc3e999ee524543513b595a0abd3970945ced43235794564611c6538e9442821d5ff42387bbbb7461d316f6fdcd4696e088648251f3b8a5f5bc76f5f29daafb8d25f701e679058b04e6543e699e9e3da239d9607ca23bd74156c784747a3fbb25fa7cf8a263c4b8c9d16e316a2af4ffcb4d864deef5f1bccb1421d5a3be6c5c71f115be4e7c2c1587b31d0c0ef37941be0f8f8a2a44ca5a494d9e66757e8c1a9e9c79bd395aab447ebea44e19e3be85abb2fa7ed025a453ff1e627b14cf9a88efa30db5add99acf31276383d9aac5dde1d642819065a4179b7c15e107ec823b889e074f30becb65d23c549187cb395215549c48d20b179337bed0fb29cdbb3fe1841763b967d1d96e7b69dbf4091a39a106be5bbfff7a4c4a0102b3c807de890193f1f4e29edd837a467523f4d2d14246ce4e0210f0b6454a03b68b12721bf0dbf669887396666e487819274e2fd3b471af4667b5444f182e0a20ad6372dac158ce33954b0b5a42dcbf6774a376a8674a68afdeb92c44bd0f937ab9e9c159a77cad068115853ac54f3f87dfdba54ac9d15c64b21a5277b547bc03aef7a4c82376d0672dce57b3c572d27ef77a2b6a0c1740254c89591e4e1091e9854ba53f641dcc24ae77d62ad78f93b8486fbbfa92daf1681d9e2c3c92e2428907eb04e5e047c614e4f9d3f4156bae81fc74ff03519eef765567435dc901c4d4e358cfb3a87d99c36e25d0642144dbd036db73914629df3d07e509baba2a991c5f2eac4281d4a72e1db2b1e470e0176ca474f97730f86ce2bc39a4ab50dcf67c8508b6c0c826d07d4e0830382d31facb8bf54a96e63c287daa5a520518f3453a6ec8f4935f786b4924ca0a97905387542b5a9ce36f1e361166fcdf6190649302f608f608c5c73e9c379a6490b680169a687730583a3fd12f6884de2b2081c6258a6d86a0d7efc85e5b2b2fdd8c9b9bea7d3d85d26a6d5040e3cffa2ef51c4a66e371b9e68ff68438c7a04e11d81f8ed343a030a50ab1a40a03a47982e5fbb1796c06cc087c83f0bfa699ca31b4460f5e87fb5456a3efc7504f39b43e3d52fa04f77af10991ee089cbfb00287cc87a602eec707556f5b6808a383ca24534fb756f506760c80f93794dad18fc8ebe18e1ce5f9e47a24682738be7356c98fecf60864910734ffceffbc136af50a8d8d3187f4404208e61cb3294f592fd36fec12e5e549b07a886a539c27122c2b73846d112e77d32e445636c709243446e191664b1c333915f4f3103af405da62dbe6e9c707c8ea385f841540ad2840b9daba46a1acea832134209959a2feeb3c73989afd73aa413b1277363013af6a480b86cc494de018572b38a0f58bff2a4d0bb483bf0a6a1a1130e8a662f1f3f4fb117b8a38cd14f9e811a7c8252f88df3ed215838145114195e9c8f8a2da09117f896059ae462cb387cd8446e51e96ed79b10fc1f17f22d4fd20e203551608ce40986e712b4e84066b732b70167089bea1b3e6f7ffb6a10108d782515533070e12bb3e6a8607faefc4b1fa7d0c2292676c253e7ee27d639458c3df45452356b8ce0c426214d0c403ea867fe0114f1fbd41284bbc59c168eaf6a467975b8120ccd6460ca0bc4fdaba64f2eb844479bb18b527090e0ab015ba6a0e51e5cc6498a12b3fd2537ecfbe99a25f2ff15358ed507debd575d2a6e781796d6cae43a3f503f42fb8d309b6683da0b38dc05b0a2e370a9b82eaf793ead37765514a07e25b50caa1aec779c80072dfd87f74ddfd5684ab8b2805f2bffd6d3417e2d720a9fdb40fb0a84b0dfedbb21985b22743cdf9e69e1b255ac6ebdc0f2df52dc53ab508c5e295fb66b563291964f3b51adb05541aa6601731b4db8f29012d172583bafa0ca49d656053f682b97d9cd84207ef0d48c258ba8ce2816c4183a4894acc35e6c094cf2f33666d7e7d3636dc7bf4f525de7545b25550dbe8196345fe7883a509441080dfa2b15047656bffec0c723d00f9b8c7c42986a62444eecd1a2442b7d07498a22d0162abb75aaa390e0df92759933eb8615a47bf01b77fcf124940ac78b0c05a0ecb6b1c676209e3b0f8c555d01087889cd9f17189867206ea44c98f4e7528abf1ce072acd00d87a759c4e1dbcce3ca19b65cf42a238c263edb021f64e006f65d1c9a2dd432ea164a14c7a2f952a27a85b95cea84016d490bbf24ae33841f224d76ea8b6f4232a6696134129ef55c1a719aa711f7d4a4a5d9a180ccefa5f2c11ea500ed9d5674aa8e54c551c8a28eeca20f6a5654818a346857b1c10f07cc232a268d31f44f41f07fb7e5953236071a48110b299426b9e184a21820dc37676d3b6ed93e4d2538c8ec604f91d53bb080778cf695251404cee51313f793b13b4e7225a318185f906d94a2646e51f4ca9d7110f8ed640001e897e53315fd027af711a863b0bc2fc3dffaf23986069c9d91c16589cd4076e06717b1c79f612b66684294919dc3bee896d9b3ece7497f3ac21aa0c8e1cd5371f2a5041f0d6cee7fe0ef50a257ddc5497f26541090f56bbfc34dba4709a5ecc8c0e02f4f07f238959e", 0x1000}], 0x2) 01:22:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe8030000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:22:36 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000854, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/net', 0x0, 0x0) openat(r1, 0x0, 0x622040, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000140)=0x3, 0x4) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x35, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r3 = socket$inet(0xa, 0x3, 0xff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={@private0, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x400032, r4}) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0xd4, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) close(r2) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r5, 0x0, 0x10001, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x31d, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x12181, 0x0) write$binfmt_elf32(r8, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x8, 0xee, 0x1f, 0x9, 0x3, 0x6, 0x0, 0xc8, 0x38, 0x66, 0x1, 0x6, 0x20, 0x1, 0x8001, 0x3f, 0x4}, [{0x6, 0x101, 0xfffffff7, 0x5, 0x1000, 0x884d, 0x437, 0x8}, {0x70000000, 0x3d1488a7, 0x8, 0x32, 0xfffffff9, 0x8, 0x1000, 0x101}], "95533e19a575934a1355557c081520d9035b28bb8c3f3bc57db5cd86821f50272279894c48bca4097b081a66c000da11f72c482f733156", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8af) sendfile(r5, r7, 0x0, 0x20d315) 01:22:36 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf9fdffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:36 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:36 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff888057111868) 01:22:36 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 32) [ 2608.624117] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2608.624421] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2608.632043] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2608.633363] EXT4-fs (loop4): group descriptors corrupted! [ 2608.638020] FAULT_INJECTION: forcing a failure. [ 2608.638020] name failslab, interval 1, probability 0, space 0, times 0 [ 2608.639901] CPU: 1 PID: 12858 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2608.640866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2608.642014] Call Trace: [ 2608.642403] dump_stack+0x107/0x167 [ 2608.642928] should_fail.cold+0x5/0xa [ 2608.643505] should_failslab+0x5/0x20 [ 2608.644051] __kmalloc_node_track_caller+0x74/0x3b0 [ 2608.644776] ? __ip_append_data+0x2930/0x3310 [ 2608.645602] __alloc_skb+0xb1/0x5b0 [ 2608.646153] __ip_append_data+0x2930/0x3310 [ 2608.646969] ? raw_destroy+0x30/0x30 [ 2608.647539] ? ip_finish_output+0x330/0x330 [ 2608.648365] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2608.649114] ? memcpy+0x39/0x60 [ 2608.649735] ? raw_destroy+0x30/0x30 [ 2608.650424] ip_append_data+0x114/0x1a0 [ 2608.651189] raw_sendmsg+0xaa6/0x29d0 [ 2608.651934] ? dst_output+0x170/0x170 [ 2608.652639] ? __lock_acquire+0x1657/0x5b00 [ 2608.653404] ? perf_trace_lock+0xac/0x490 [ 2608.653994] ? SOFTIRQ_verbose+0x10/0x10 [ 2608.654638] ? __lockdep_reset_lock+0x180/0x180 [ 2608.655298] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2608.656041] ? find_held_lock+0x2c/0x110 [ 2608.656638] ? trace_hardirqs_on+0x5b/0x180 [ 2608.657261] ? dst_output+0x170/0x170 [ 2608.657825] inet_sendmsg+0x11d/0x140 [ 2608.658393] ? inet_send_prepare+0x540/0x540 [ 2608.659024] __sock_sendmsg+0x13c/0x190 [ 2608.659777] ____sys_sendmsg+0x334/0x870 [ 2608.660373] ? sock_write_iter+0x3d0/0x3d0 [ 2608.660979] ? do_recvmmsg+0x6d0/0x6d0 [ 2608.661690] ? perf_trace_lock+0xac/0x490 [ 2608.662342] ? __lockdep_reset_lock+0x180/0x180 [ 2608.663172] ? perf_trace_lock+0xac/0x490 [ 2608.663964] ___sys_sendmsg+0xf3/0x170 [ 2608.664714] ? sendmsg_copy_msghdr+0x160/0x160 [ 2608.665578] ? lock_downgrade+0x6d0/0x6d0 [ 2608.666384] ? lock_downgrade+0x6d0/0x6d0 [ 2608.667158] ? __fget_files+0x296/0x4c0 [ 2608.667784] ? __fget_light+0xea/0x290 [ 2608.668344] __sys_sendmmsg+0x195/0x470 [ 2608.668908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2608.669512] ? lock_downgrade+0x6d0/0x6d0 [ 2608.670121] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2608.670801] ? wait_for_completion_io+0x270/0x270 [ 2608.671489] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2608.672253] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2608.673021] ? rcu_read_lock_any_held+0x75/0xa0 [ 2608.673670] ? __traceiter_irq_enable+0xc0/0xc0 [ 2608.674397] ? fput_many+0x2f/0x1a0 [ 2608.674936] ? trace_rcu_dyntick+0x2f/0x170 [ 2608.675589] __x64_sys_sendmmsg+0x99/0x100 [ 2608.676216] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2608.676933] do_syscall_64+0x33/0x40 [ 2608.677454] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2608.678168] RIP: 0033:0x7fe4a84d7b19 [ 2608.678695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2608.681272] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2608.682325] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2608.683311] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2608.684307] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2608.685287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2608.686272] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2608.702661] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2608.721654] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2608.770199] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2608.771564] EXT4-fs (loop4): group descriptors corrupted! 01:22:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xf4010000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:22:37 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffff888057111c08) 01:22:37 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x74000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:37 executing program 1: mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='v7\x00', 0x20010, &(0x7f0000000180)='-\x00') r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000, 0x19, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000100000005000000000004000040000020000000d6f4655fd6f4655f0100ffff53ef010001000000d5f4655f000000000000000001000000000000000b0000000001000018000000c28500002b0200000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e38303439393233303000"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000f4e089668a0d4000840a22d1089d0f04010040000c00000000000000d5f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000500400000000000000000000000000000004300000000000000", 0x40, 0x540}, {&(0x7f0000010300)="02000000030000000400000019000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010400)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d5f4655fd5f4655fd5f4655f00"/4128, 0x1020, 0x1000}, {&(0x7f0000011500)="ed41000000080000d5f4655fd6f4655fd6f4655f00000000000004004000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x2100}, {&(0x7f0000011600)="200000006418e53c6418e53c00000000d5f4655f00"/32, 0x20, 0x2180}, {&(0x7f0000011700)="8081000000601020d5f4655fd5f4655fd5f4655f00000000000001004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d5f4655f00"/160, 0xa0, 0x2600}, {&(0x7f0000011800)="c041000000380000d5f4655fd5f4655fd5f4655f00000000000002004000000000000800000000000af301000400000000000000000000000700000020000000", 0x40, 0x2a00}, {&(0x7f0000011900)="20000000000000000000000000000000d5f4655f000000000000000000000000000002ea00"/64, 0x40, 0x2a80}, {&(0x7f0000011a00)="ed4100003c000000d6f4655fd6f4655fd6f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c6531000000000000000000000000000000000000000000000000000000be5839ad000000000000000000000000000000000000000000000000200000006418e53c6418e53c14f4f03bd6f4655f14f4f03b0000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x2b00}, {&(0x7f0000011b00)="ed8100001a040000d6f4655fd6f4655fd6f4655f00000000000001004000000000000800010000000af301000400000000000000000000000100000050000000000000000000000000000000000000000000000000000000000000000000000000000000f3be7438000000000000000000000000000000000000000000000000200000006418e53c6418e53c6418e53cd6f4655f6418e53c0000000000000000", 0xa0, 0x2c00}, {&(0x7f0000011c00)="ffa1000026000000d6f4655fd6f4655fd6f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3830343939323330302f66696c65302f66696c653000000000000000000000000000000000000000000000f583dfd0000000000000000000000000000000000000000000000000200000006418e53c6418e53c6418e53cd6f4655f6418e53c0000000000000000", 0xa0, 0x2d00}, {&(0x7f0000011d00)="ed8100000a000000d6f4655fd6f4655fd6f4655f000000000000010000000000000000100100000073797a6b616c6c65727300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005d8ee03e000000000000000000000000000000000000000000000000200000006418e53c6418e53c6418e53cd6f4655f6418e53c0000000000000000000002ea040700000000000000000000000000006461746106015400000000000600000000000000786174747231000006014c000000000006000000000000007861747472320000000000000000000078617474723200007861747472310000ed81000028230000d6f4655fd6f4655fd6f4655f00000000000002004000000000000800010000000af301000400000000000000000000000500000060000000000000000000000000000000000000000000000000000000000000000000000000000000bc01bc1f000000000000000000000000000000000000000000000000200000006418e53c6418e53c6418e53cd6f4655f6418e53c0000000000000000", 0x1a0, 0x2e00}, {&(0x7f0000011f00)="ed81000064000000d6f4655fd6f4655fd6f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c82b8fdd5000000000000000000000000000000000000000000000000200000006418e53c6418e53c6418e53cd6f4655f6418e53c0000000000000000000002ea040734000000000028000000000000006461746100000000000000000000000000000000000000000000000000000000000000006c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273", 0x100, 0x3000}, {&(0x7f0000012000)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009407090166696c652e636f6c64000000", 0x80, 0x8000}, {&(0x7f0000012100)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8070000", 0x20, 0x10000}, {&(0x7f0000012200)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x10800}, {&(0x7f0000012300)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x11000}, {&(0x7f0000012400)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x11800}, {&(0x7f0000012500)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x12000}, {&(0x7f0000012600)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x12800}, {&(0x7f0000012700)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x13000}, {&(0x7f0000012800)="504d4d00504d4dffd6f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7032390075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x20000}, {&(0x7f0000012900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x28000}], 0x0, &(0x7f0000012e00)=ANY=[@ANYBLOB="02"]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x20c) 01:22:37 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfbffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xf5ffffff}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2608.943781] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2608.959701] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:22:37 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 33) [ 2609.001753] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2609.037232] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:22:37 executing program 1: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0x0, 0x3) pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) perf_event_open(0x0, 0x0, 0x4, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100), 0x4) kcmp(0xffffffffffffffff, 0x0, 0x6, r0, 0xffffffffffffffff) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000200)=0x33e0, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040)=0x81, 0x4) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=[&(0x7f0000000240)='\x00', &(0x7f0000000280)='--\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='\x00'], &(0x7f0000000480)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='\x00', &(0x7f0000000440)='\\{\x00'], 0x400) sendfile(r3, r2, 0x0, 0x9bbb) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x5}, 0x1c) [ 2609.086704] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2609.088157] EXT4-fs (loop4): group descriptors corrupted! [ 2609.110853] FAULT_INJECTION: forcing a failure. [ 2609.110853] name failslab, interval 1, probability 0, space 0, times 0 [ 2609.112715] CPU: 1 PID: 12890 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2609.113676] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2609.114953] Call Trace: [ 2609.115333] dump_stack+0x107/0x167 [ 2609.116049] should_fail.cold+0x5/0xa [ 2609.116612] ? create_object.isra.0+0x3a/0xa20 [ 2609.117249] should_failslab+0x5/0x20 [ 2609.117818] kmem_cache_alloc+0x5b/0x310 [ 2609.118392] create_object.isra.0+0x3a/0xa20 [ 2609.119008] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2609.119908] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2609.120808] ? __ip_append_data+0x2930/0x3310 [ 2609.121438] __alloc_skb+0xb1/0x5b0 [ 2609.121980] __ip_append_data+0x2930/0x3310 [ 2609.122597] ? raw_destroy+0x30/0x30 [ 2609.123138] ? ip_finish_output+0x330/0x330 [ 2609.123811] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2609.124726] ? memcpy+0x39/0x60 [ 2609.125337] ? raw_destroy+0x30/0x30 [ 2609.125881] ip_append_data+0x114/0x1a0 [ 2609.126448] raw_sendmsg+0xaa6/0x29d0 [ 2609.127023] ? dst_output+0x170/0x170 [ 2609.127575] ? __lock_acquire+0x1657/0x5b00 [ 2609.128199] ? perf_trace_lock+0xac/0x490 [ 2609.128801] ? SOFTIRQ_verbose+0x10/0x10 [ 2609.129483] ? __lockdep_reset_lock+0x180/0x180 [ 2609.130336] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2609.131061] ? find_held_lock+0x2c/0x110 [ 2609.131664] ? trace_hardirqs_on+0x5b/0x180 [ 2609.132276] ? dst_output+0x170/0x170 [ 2609.132811] inet_sendmsg+0x11d/0x140 [ 2609.133347] ? inet_send_prepare+0x540/0x540 [ 2609.134063] __sock_sendmsg+0x13c/0x190 [ 2609.134675] ____sys_sendmsg+0x334/0x870 [ 2609.135538] ? sock_write_iter+0x3d0/0x3d0 [ 2609.136130] ? do_recvmmsg+0x6d0/0x6d0 [ 2609.136696] ? perf_trace_lock+0xac/0x490 [ 2609.137292] ? __lockdep_reset_lock+0x180/0x180 [ 2609.137956] ? perf_trace_lock+0xac/0x490 [ 2609.138557] ___sys_sendmsg+0xf3/0x170 [ 2609.139113] ? sendmsg_copy_msghdr+0x160/0x160 [ 2609.139794] ? lock_downgrade+0x6d0/0x6d0 [ 2609.140413] ? lock_downgrade+0x6d0/0x6d0 [ 2609.141137] ? __fget_files+0x296/0x4c0 [ 2609.141826] ? __fget_light+0xea/0x290 [ 2609.142533] __sys_sendmmsg+0x195/0x470 [ 2609.143123] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2609.143759] ? lock_downgrade+0x6d0/0x6d0 [ 2609.144385] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2609.145210] ? wait_for_completion_io+0x270/0x270 [ 2609.146180] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2609.146961] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2609.147896] ? rcu_read_lock_any_held+0x75/0xa0 [ 2609.148780] ? __traceiter_irq_enable+0xc0/0xc0 [ 2609.149456] ? fput_many+0x2f/0x1a0 [ 2609.149989] ? trace_rcu_dyntick+0x2f/0x170 [ 2609.150630] __x64_sys_sendmmsg+0x99/0x100 [ 2609.151245] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2609.151997] do_syscall_64+0x33/0x40 [ 2609.152539] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2609.153279] RIP: 0033:0x7fe4a84d7b19 [ 2609.153812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2609.156454] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2609.157550] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2609.158576] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2609.159611] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2609.160636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2609.161867] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2609.202981] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2609.203924] EXT4-fs (loop4): group descriptors corrupted! 01:22:54 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff) 01:22:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfc000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:22:54 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f0000001e00)=""/4098, 0x1002}], 0x1) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x2000003) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) dup3(r2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200100000a06030000000000000000000500000008000940000000090900020073797a3000000000080009400000000890000880100007800a001100b139c3e4ee28829dcc052200000c000780060004404e210000100007800a00110000000000000000000c000780060005404e2400000c00078006001d40000800000c00078008000a40000000031000078009001a00756e616d650000001c0007801800168014000240ff010000000000000000000000000001100007800c001680080001400a0101000800096a9d8203010500010007000000500008800c00078005001500000000000c0007800500150040000000100007800a0011000180c200000300000c00078005001500000000000c00078005001500020000000c00078006001d"], 0x120}, 0x1, 0x0, 0x0, 0x48e0}, 0x80) syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r5, r4) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000400)={{0x1, 0x1, 0x18, r6, {0x5}}, './file1\x00'}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2410d0, &(0x7f0000000100)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@uname={'uname', 0x3d, '.'}}, {@access_user}, {@debug={'debug', 0x3d, 0xfff}}, {@noextend}], [{@euid_eq={'euid', 0x3d, 0xee00}}]}}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 01:22:54 executing program 7: syz_io_uring_setup(0x3ac4, 0x0, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f00000001c0)) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r0, 0xffffffffffffffff}, 0x0) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) inotify_init() perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000001640), 0x10018c6, &(0x7f0000000200)=ANY=[]) lseek(r3, 0x7, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r5, 0x0, r5) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000300)='`', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000001740)=',', 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="100100ecb1000000000000f2561c030ffbbc000000"], 0x10}}], 0x2, 0x0) syz_io_uring_setup(0x313a, &(0x7f0000000340)={0x0, 0x0, 0x4, 0x1, 0x232}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000000440), &(0x7f0000000400)) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="a4000000", @ANYRES16=0x0, @ANYBLOB="000029bd7000fddbdf251700000014000780080002000000fcff08000100080000007c00028008000200ffffffff04000400080002004adc0000040004000400040008000100d01900005400038008000200d635000008000100ed82000008000200ffffff7f08000100090000000800021f879c00ff0f000008000200070000000800010002000000080002008000000008000100400000000800020000000000e4bb8b862ce4ca0c6c2b19d7f8900871371eccc75f187b9b8c3464649c6cff3dc95f32360cb9f533aeb47b4c702ee054998341a2bab3015fe72d5ca72642394c648865be93abd36f0759744e1307cf452ddea2aa013d5fdfd3cb310bc7a46380f39d41de32e20110e8a4988daf497cdd7ef45cb38d4c604bb9c781159c63eb007dfb1cc37bc2eddee7ad3ed75d328145c5ba3f48dd85988cc650e26bec43856221516f687b9feb5883d44092c3692224fd8922d7d8a5b4b31da0a351c3b7593387329e73fdda1b24ece44fc021771efd44cf5fb7342b93d2e935cc5afd66b904e2bc9ae2a67625de740421e9aace6c9c6ce93b73fe5f8a04bec0eb1286e43f2febbb9fd25b94d3e0bf7e51709fb1a75389e0c14ad0ffcb864e0c40dda09540d04f31ee5261ca34fc701d26d7d2d57670015157fb2ed696e5524b16e7094fcad247c4c8bc9979d3cbe9e85402b85f7572422e0425aeb20103c18f27a77ec3dd3f9c29abb78eb784c4581778b62441c7e8fc1ab3827d82474a3f6de85fec509f9e6ca0"], 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x80) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10009ff}], 0x0, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000640)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x100, 0x0, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_NAT_SRC={0x94, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}]}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}]}, @CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3400}, @CTA_SYNPROXY={0x34, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x401}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfff}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x18, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x14, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x3b}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x7f}]}}, @CTA_TUPLE_ORIG={0x4}]}, 0x100}, 0x1, 0x0, 0x0, 0x4040000}, 0x8010) 01:22:54 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x7a000000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:54 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 34) 01:22:54 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfcfdffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:54 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="052ba798533f"]) r1 = memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = dup2(r3, 0xffffffffffffffff) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r5, r4, 0x0, 0x7ffffff9) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd_index=0x2, 0x2659, {0x0, r2}, 0x400, 0x3, 0x0, {0x0, 0x0, r5}}, 0x4) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000052c00)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000053000)={0x376, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}], 0x6, "5c83c9bf8af498"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}], 0xad, "7e9ac7272717f4"}) ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f0000000500)={r6, 0x1}) [ 2626.601066] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2626.602675] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2626.612611] FAULT_INJECTION: forcing a failure. [ 2626.612611] name failslab, interval 1, probability 0, space 0, times 0 [ 2626.614675] CPU: 0 PID: 12913 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2626.615879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2626.617200] Call Trace: [ 2626.617635] dump_stack+0x107/0x167 [ 2626.618223] should_fail.cold+0x5/0xa [ 2626.618854] ? __alloc_skb+0x6d/0x5b0 [ 2626.619472] should_failslab+0x5/0x20 [ 2626.620092] kmem_cache_alloc_node+0x55/0x330 [ 2626.620816] __alloc_skb+0x6d/0x5b0 [ 2626.621413] __ip_append_data+0x2930/0x3310 [ 2626.622126] ? raw_destroy+0x30/0x30 [ 2626.622741] ? ip_finish_output+0x330/0x330 [ 2626.623440] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2626.624264] ? memcpy+0x39/0x60 [ 2626.624800] ? raw_destroy+0x30/0x30 [ 2626.625398] ip_append_data+0x114/0x1a0 [ 2626.626050] raw_sendmsg+0xaa6/0x29d0 [ 2626.626681] ? dst_output+0x170/0x170 [ 2626.627290] ? __lock_acquire+0x1657/0x5b00 [ 2626.628013] ? perf_trace_lock+0xac/0x490 [ 2626.628673] ? SOFTIRQ_verbose+0x10/0x10 [ 2626.629326] ? __lockdep_reset_lock+0x180/0x180 [ 2626.630083] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2626.630903] ? find_held_lock+0x2c/0x110 [ 2626.631585] ? trace_hardirqs_on+0x5b/0x180 [ 2626.632284] ? dst_output+0x170/0x170 [ 2626.632900] inet_sendmsg+0x11d/0x140 [ 2626.633515] ? inet_send_prepare+0x540/0x540 [ 2626.634220] __sock_sendmsg+0x13c/0x190 [ 2626.634861] ____sys_sendmsg+0x334/0x870 [ 2626.635518] ? sock_write_iter+0x3d0/0x3d0 [ 2626.636201] ? do_recvmmsg+0x6d0/0x6d0 [ 2626.636828] ? perf_trace_lock+0xac/0x490 [ 2626.637498] ? __lockdep_reset_lock+0x180/0x180 [ 2626.638238] ? perf_trace_lock+0xac/0x490 [ 2626.638910] ___sys_sendmsg+0xf3/0x170 [ 2626.639538] ? sendmsg_copy_msghdr+0x160/0x160 [ 2626.640286] ? lock_downgrade+0x6d0/0x6d0 [ 2626.640975] ? __fget_files+0x296/0x4c0 [ 2626.641629] ? __fget_light+0xea/0x290 [ 2626.642268] __sys_sendmmsg+0x195/0x470 [ 2626.642915] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2626.643614] ? lock_downgrade+0x6d0/0x6d0 [ 2626.644295] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2626.645119] ? perf_trace_preemptirq_template+0x266/0x400 [ 2626.645361] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12909 comm=syz-executor.7 [ 2626.645985] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2626.646008] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2626.648918] ? __traceiter_irq_enable+0xc0/0xc0 [ 2626.649666] ? fput_many+0x2f/0x1a0 [ 2626.650253] ? trace_rcu_dyntick+0x2f/0x170 [ 2626.650955] __x64_sys_sendmmsg+0x99/0x100 [ 2626.651646] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2626.652478] do_syscall_64+0x33/0x40 [ 2626.653073] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2626.653893] RIP: 0033:0x7fe4a84d7b19 [ 2626.654501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2626.657420] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2626.658633] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2626.659778] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2626.660915] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2626.662051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2626.663193] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2626.668209] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2626.680238] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2626.682911] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2626.683819] EXT4-fs (loop4): group descriptors corrupted! 01:22:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfe800000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2626.736481] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2626.737392] EXT4-fs (loop4): group descriptors corrupted! 01:22:54 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x9effffff, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:22:54 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:22:54 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 35) 01:22:55 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(0x0, 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000008e40)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_any}]}}) [ 2626.924760] FAULT_INJECTION: forcing a failure. [ 2626.924760] name failslab, interval 1, probability 0, space 0, times 0 [ 2626.925776] CPU: 1 PID: 12934 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2626.926359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2626.927048] Call Trace: [ 2626.927276] dump_stack+0x107/0x167 [ 2626.927587] should_fail.cold+0x5/0xa [ 2626.927915] ? create_object.isra.0+0x3a/0xa20 [ 2626.928298] should_failslab+0x5/0x20 [ 2626.928620] kmem_cache_alloc+0x5b/0x310 [ 2626.928973] create_object.isra.0+0x3a/0xa20 [ 2626.929345] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2626.929858] kmem_cache_alloc_node+0x169/0x330 [ 2626.930293] __alloc_skb+0x6d/0x5b0 [ 2626.930603] __ip_append_data+0x2930/0x3310 [ 2626.931127] ? raw_destroy+0x30/0x30 [ 2626.931531] ? ip_finish_output+0x330/0x330 [ 2626.931962] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2626.932394] ? memcpy+0x39/0x60 [ 2626.932669] ? raw_destroy+0x30/0x30 [ 2626.932984] ip_append_data+0x114/0x1a0 [ 2626.933318] raw_sendmsg+0xaa6/0x29d0 [ 2626.933643] ? dst_output+0x170/0x170 [ 2626.933957] ? __lock_acquire+0x1657/0x5b00 [ 2626.934326] ? perf_trace_lock+0xac/0x490 [ 2626.934668] ? SOFTIRQ_verbose+0x10/0x10 [ 2626.935015] ? __lockdep_reset_lock+0x180/0x180 [ 2626.935423] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2626.935949] ? find_held_lock+0x2c/0x110 [ 2626.936390] ? trace_hardirqs_on+0x5b/0x180 [ 2626.936754] ? dst_output+0x170/0x170 [ 2626.937077] inet_sendmsg+0x11d/0x140 [ 2626.937395] ? inet_send_prepare+0x540/0x540 [ 2626.937770] __sock_sendmsg+0x13c/0x190 [ 2626.938114] ____sys_sendmsg+0x334/0x870 [ 2626.938456] ? sock_write_iter+0x3d0/0x3d0 [ 2626.938822] ? do_recvmmsg+0x6d0/0x6d0 [ 2626.939146] ? perf_trace_lock+0xac/0x490 [ 2626.939615] ? __lockdep_reset_lock+0x180/0x180 [ 2626.940006] ? perf_trace_lock+0xac/0x490 [ 2626.940433] ___sys_sendmsg+0xf3/0x170 [ 2626.940892] ? sendmsg_copy_msghdr+0x160/0x160 [ 2626.941367] ? lock_downgrade+0x6d0/0x6d0 [ 2626.941718] ? lock_downgrade+0x6d0/0x6d0 [ 2626.942067] ? __fget_files+0x296/0x4c0 [ 2626.942415] ? __fget_light+0xea/0x290 [ 2626.942751] __sys_sendmmsg+0x195/0x470 [ 2626.943088] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2626.943442] ? lock_downgrade+0x6d0/0x6d0 [ 2626.943805] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2626.944208] ? wait_for_completion_io+0x270/0x270 [ 2626.944610] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2626.945064] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2626.945517] ? rcu_read_lock_any_held+0x75/0xa0 [ 2626.945899] ? __traceiter_irq_enable+0xc0/0xc0 [ 2626.946283] ? fput_many+0x2f/0x1a0 [ 2626.946589] ? trace_rcu_dyntick+0x2f/0x170 [ 2626.946945] __x64_sys_sendmmsg+0x99/0x100 [ 2626.947304] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2626.947732] do_syscall_64+0x33/0x40 [ 2626.948040] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2626.948462] RIP: 0033:0x7fe4a84d7b19 [ 2626.948771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2626.950264] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2626.950889] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2626.951476] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2626.952077] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2626.952666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2626.953254] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:22:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfec00000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2626.997191] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2627.001618] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2627.044675] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2627.045489] EXT4-fs (loop4): group descriptors corrupted! 01:22:55 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 36) 01:22:55 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xc00e0000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2627.211167] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2627.218763] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2627.219767] FAULT_INJECTION: forcing a failure. [ 2627.219767] name failslab, interval 1, probability 0, space 0, times 0 [ 2627.220699] CPU: 1 PID: 12950 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2627.221255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2627.221924] Call Trace: [ 2627.222148] dump_stack+0x107/0x167 [ 2627.222459] should_fail.cold+0x5/0xa [ 2627.222784] should_failslab+0x5/0x20 [ 2627.223104] __kmalloc_node_track_caller+0x74/0x3b0 [ 2627.223509] ? __ip_append_data+0x2930/0x3310 [ 2627.223881] __alloc_skb+0xb1/0x5b0 [ 2627.224179] __ip_append_data+0x2930/0x3310 [ 2627.224539] ? raw_destroy+0x30/0x30 [ 2627.224854] ? ip_finish_output+0x330/0x330 [ 2627.225206] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2627.225614] ? memcpy+0x39/0x60 [ 2627.225883] ? raw_destroy+0x30/0x30 [ 2627.226185] ip_append_data+0x114/0x1a0 [ 2627.226515] raw_sendmsg+0xaa6/0x29d0 [ 2627.226830] ? dst_output+0x170/0x170 [ 2627.227138] ? __lock_acquire+0x1657/0x5b00 [ 2627.227495] ? perf_trace_lock+0xac/0x490 [ 2627.227835] ? SOFTIRQ_verbose+0x10/0x10 [ 2627.228164] ? __lockdep_reset_lock+0x180/0x180 [ 2627.228546] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2627.228958] ? find_held_lock+0x2c/0x110 [ 2627.229298] ? trace_hardirqs_on+0x5b/0x180 [ 2627.229649] ? dst_output+0x170/0x170 [ 2627.229959] inet_sendmsg+0x11d/0x140 [ 2627.230267] ? inet_send_prepare+0x540/0x540 [ 2627.230624] __sock_sendmsg+0x13c/0x190 [ 2627.230951] ____sys_sendmsg+0x334/0x870 [ 2627.231287] ? sock_write_iter+0x3d0/0x3d0 [ 2627.231641] ? do_recvmmsg+0x6d0/0x6d0 [ 2627.231959] ? perf_trace_lock+0xac/0x490 [ 2627.232304] ? __lockdep_reset_lock+0x180/0x180 [ 2627.232677] ? perf_trace_lock+0xac/0x490 [ 2627.233015] ___sys_sendmsg+0xf3/0x170 [ 2627.233332] ? sendmsg_copy_msghdr+0x160/0x160 [ 2627.233702] ? lock_downgrade+0x6d0/0x6d0 [ 2627.234040] ? lock_downgrade+0x6d0/0x6d0 [ 2627.234380] ? __fget_files+0x296/0x4c0 [ 2627.234711] ? __fget_light+0xea/0x290 [ 2627.235033] __sys_sendmmsg+0x195/0x470 [ 2627.235361] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2627.235716] ? lock_downgrade+0x6d0/0x6d0 [ 2627.236064] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2627.236458] ? wait_for_completion_io+0x270/0x270 [ 2627.236842] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2627.237280] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2627.237723] ? rcu_read_lock_any_held+0x75/0xa0 [ 2627.238095] ? __traceiter_irq_enable+0xc0/0xc0 [ 2627.238464] ? fput_many+0x2f/0x1a0 [ 2627.238758] ? trace_rcu_dyntick+0x2f/0x170 [ 2627.239109] __x64_sys_sendmmsg+0x99/0x100 [ 2627.239449] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2627.239872] do_syscall_64+0x33/0x40 [ 2627.240173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2627.240586] RIP: 0033:0x7fe4a84d7b19 [ 2627.240885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2627.242333] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2627.242941] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2627.243505] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2627.244082] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2627.244651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2627.245218] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2627.364050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12953 comm=syz-executor.7 01:23:14 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff8001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x50102, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) dup2(r0, r0) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:23:14 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfdffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:23:14 executing program 7: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x490c00, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x4, 0xfff, 0x9, 0xff, 0x7fff, 0x2, 0x9}, 0x1c) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000300)=@req={0x100, 0xfffffe01, 0x6, 0x1}, 0x10) openat(r0, &(0x7f0000000280)='./file0\x00', 0x311402, 0x58) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r2, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000180)=""/103, 0x67}) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x1, 0x0, @private0}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private0}}}, 0x108) 01:23:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xff000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf0020000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:23:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 37) 01:23:14 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = dup2(r1, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r3, r2, 0x0, 0x7ffffff9) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0xa, 0x0, 0x0, 0x1, [@generic="487fec864b24"]}]}, 0x28}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18, r5, {r4}}, './file0\x00'}) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r5) sendmsg$TIPC_NL_BEARER_GET(r6, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x90, r7, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x7c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xdf00}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}]}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x393}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x90}, 0x40090) sendmsg$TIPC_NL_NAME_TABLE_GET(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x2d4, r7, 0x21ffdfea0854d67, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0xf0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2a6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x64010100}}}}]}, @TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000000}]}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x401}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6a4f}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}]}, @TIPC_NLA_BEARER={0x5c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x6, @mcast1, 0x7fff}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8001}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10001}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x75}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x9, @local, 0x1}}}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0x2d4}}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:23:14 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x74) close_range(r0, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f00000000c0)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x80, 0x6, 0x8, 0x2, 0x3, 0x6, 0x4, 0x383, 0x40, 0x26, 0x0, 0xfff7, 0x38, 0x2, 0x5, 0x7, 0x1}, [{0x1, 0x2, 0x6, 0x8, 0x3, 0x2, 0x8, 0xd0c9}], "fa16d64a891168bfb98cb5b51d7dcf47e0ba2bde74626c512adfaf1f0548448ae98d0401f6eb1eb47316ef968bf1cdfaebab4c4d2cbc44fbeac2393086aab5866c1a42fd151f21f9d731526ced30241e0167146f298f371b6c73681c89bbca480abaf9c6ce9bc2b003f58957f36d2a279ef3012b53c70dec7bdd2fc1c50ee3822bcd157ac021e9e99d12d92e29e4ef82277f9439283788b899c7e6bb6b562017f6bbb31b16b348d2e1901ee85855ca2209a5133cb62ccfe02df665f4833e98434653024e524662f8d8f17b6d3c83635a31cb02536af03f36e07149", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x953) sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0xd6, 0x97, 0xff, 0x1, 0x0, 0xfffffffffffffa7f, 0x42c08, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f00000001c0), 0xd}, 0x40000, 0x4, 0x6, 0x5, 0x1ff, 0x0, 0xa123, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x4, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)={[{@delalloc}]}) [ 2645.985958] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2645.991265] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2646.001082] FAULT_INJECTION: forcing a failure. [ 2646.001082] name failslab, interval 1, probability 0, space 0, times 0 [ 2646.002811] CPU: 0 PID: 12972 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2646.003913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2646.005308] Call Trace: [ 2646.005758] dump_stack+0x107/0x167 [ 2646.006340] should_fail.cold+0x5/0xa [ 2646.006952] ? create_object.isra.0+0x3a/0xa20 [ 2646.007683] should_failslab+0x5/0x20 [ 2646.008281] kmem_cache_alloc+0x5b/0x310 [ 2646.008941] create_object.isra.0+0x3a/0xa20 [ 2646.009620] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.010428] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2646.011234] ? __ip_append_data+0x2930/0x3310 [ 2646.011970] __alloc_skb+0xb1/0x5b0 [ 2646.012564] __ip_append_data+0x2930/0x3310 [ 2646.013260] ? raw_destroy+0x30/0x30 [ 2646.013845] ? ip_finish_output+0x330/0x330 [ 2646.014542] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.015349] ? memcpy+0x39/0x60 [ 2646.015893] ? raw_destroy+0x30/0x30 [ 2646.016491] ip_append_data+0x114/0x1a0 [ 2646.017113] raw_sendmsg+0xaa6/0x29d0 [ 2646.017740] ? dst_output+0x170/0x170 [ 2646.018321] ? __lock_acquire+0x1657/0x5b00 [ 2646.019004] ? perf_trace_lock+0xac/0x490 [ 2646.019646] ? SOFTIRQ_verbose+0x10/0x10 [ 2646.020311] ? __lockdep_reset_lock+0x180/0x180 [ 2646.021032] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2646.021848] ? find_held_lock+0x2c/0x110 [ 2646.022511] ? trace_hardirqs_on+0x5b/0x180 [ 2646.023196] ? dst_output+0x170/0x170 [ 2646.023784] inet_sendmsg+0x11d/0x140 [ 2646.024373] ? inet_send_prepare+0x540/0x540 [ 2646.025047] __sock_sendmsg+0x13c/0x190 [ 2646.025660] ____sys_sendmsg+0x334/0x870 [ 2646.026316] ? sock_write_iter+0x3d0/0x3d0 [ 2646.026961] ? do_recvmmsg+0x6d0/0x6d0 [ 2646.027553] ? perf_trace_lock+0xac/0x490 [ 2646.028203] ? __lockdep_reset_lock+0x180/0x180 [ 2646.028917] ? perf_trace_lock+0xac/0x490 [ 2646.029561] ___sys_sendmsg+0xf3/0x170 [ 2646.030167] ? sendmsg_copy_msghdr+0x160/0x160 [ 2646.030879] ? lock_downgrade+0x6d0/0x6d0 [ 2646.031536] ? __fget_files+0x296/0x4c0 [ 2646.032191] ? __fget_light+0xea/0x290 [ 2646.032802] __sys_sendmmsg+0x195/0x470 [ 2646.033429] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2646.034092] ? lock_downgrade+0x6d0/0x6d0 [ 2646.034770] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2646.035548] ? perf_trace_preemptirq_template+0x266/0x400 [ 2646.036386] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2646.037255] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2646.038093] ? __traceiter_irq_enable+0xc0/0xc0 [ 2646.038804] ? fput_many+0x2f/0x1a0 [ 2646.039387] ? trace_rcu_dyntick+0x2f/0x170 [ 2646.040099] __x64_sys_sendmmsg+0x99/0x100 [ 2646.040758] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2646.041582] do_syscall_64+0x33/0x40 [ 2646.042155] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2646.042942] RIP: 0033:0x7fe4a84d7b19 [ 2646.043536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2646.046520] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2646.048022] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2646.049458] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2646.050846] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2646.052157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2646.053309] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2646.074485] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2646.075690] EXT4-fs (loop4): group descriptors corrupted! 01:23:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xff0f0000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xf0ffffff, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2646.138585] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. 01:23:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 38) 01:23:14 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2646.286346] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2646.304250] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:23:14 executing program 7: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x2b9}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x4, 0x0, @fd=r0, 0x0, &(0x7f0000000080), 0x0, 0x1, 0x1, {0x3}}, 0x160) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x200001, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, 0x0, 0x4001) sendfile(r1, r6, &(0x7f0000000080)=0xa0, 0x6dc1) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x7ff, @initdev={0xfe, 0x88, '\x00', 0x7, 0x0}}, 0x1c) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c53b74be1cc06a8682449c18237d779b4f25f709ca", 0x1a}, {0x0, 0x39}, {0x0}, {0x0}], 0x4}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r7, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2646.342209] FAULT_INJECTION: forcing a failure. [ 2646.342209] name failslab, interval 1, probability 0, space 0, times 0 01:23:14 executing program 1: syz_io_uring_setup(0x4007f02, &(0x7f0000000240)={0x0, 0xfffffffe, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000002c0)=0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r2, 0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x24, 0x1d, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x1, 0x0, 0x0, @u32}]}, 0x24}}, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="b7919aa912b13233b6413a4163e70ac3e2f2e68bb4965f58737f1829014a75862d56584f3898953ee07e38f3e74cae1618df3b02707f64b5a873154cef1d031f431208e1182c72d213de6e10641bf27400549b4f38790f6d98d9c4629b7ac0dd7e723ee99fdb745c2301dbc73ec4ee8e8ce330b668000000000000004541fe1061801d0fcb5f6f9835b5fd50ec00"/154], 0x410) [ 2646.344245] CPU: 0 PID: 12993 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2646.345447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2646.346758] Call Trace: [ 2646.347190] dump_stack+0x107/0x167 [ 2646.347761] should_fail.cold+0x5/0xa [ 2646.348380] ? __alloc_skb+0x6d/0x5b0 [ 2646.349046] should_failslab+0x5/0x20 [ 2646.349660] kmem_cache_alloc_node+0x55/0x330 [ 2646.350359] __alloc_skb+0x6d/0x5b0 [ 2646.350954] __ip_append_data+0x2930/0x3310 [ 2646.351640] ? raw_destroy+0x30/0x30 [ 2646.352264] ? ip_finish_output+0x330/0x330 [ 2646.353016] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.354015] ? memcpy+0x39/0x60 [ 2646.354716] ? raw_destroy+0x30/0x30 [ 2646.355474] ip_append_data+0x114/0x1a0 [ 2646.356341] raw_sendmsg+0xaa6/0x29d0 [ 2646.357162] ? dst_output+0x170/0x170 [ 2646.357923] ? __lock_acquire+0x1657/0x5b00 [ 2646.358853] ? perf_trace_lock+0xac/0x490 [ 2646.359625] ? SOFTIRQ_verbose+0x10/0x10 [ 2646.360325] ? __lockdep_reset_lock+0x180/0x180 [ 2646.361112] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2646.361970] ? find_held_lock+0x2c/0x110 [ 2646.362663] ? trace_hardirqs_on+0x5b/0x180 [ 2646.363462] ? dst_output+0x170/0x170 [ 2646.364098] inet_sendmsg+0x11d/0x140 [ 2646.364689] ? inet_send_prepare+0x540/0x540 [ 2646.365367] __sock_sendmsg+0x13c/0x190 [ 2646.365996] ____sys_sendmsg+0x334/0x870 [ 2646.366627] ? sock_write_iter+0x3d0/0x3d0 [ 2646.367284] ? do_recvmmsg+0x6d0/0x6d0 [ 2646.367919] ? perf_trace_lock+0xac/0x490 [ 2646.368567] ? __lockdep_reset_lock+0x180/0x180 [ 2646.369280] ? perf_trace_lock+0xac/0x490 [ 2646.369923] ___sys_sendmsg+0xf3/0x170 [ 2646.370536] ? sendmsg_copy_msghdr+0x160/0x160 [ 2646.371260] ? lock_downgrade+0x6d0/0x6d0 [ 2646.371960] ? __fget_files+0x296/0x4c0 [ 2646.372590] ? __fget_light+0xea/0x290 [ 2646.373197] __sys_sendmmsg+0x195/0x470 [ 2646.373838] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2646.374507] ? lock_downgrade+0x6d0/0x6d0 [ 2646.375156] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2646.375948] ? perf_trace_preemptirq_template+0x266/0x400 [ 2646.376842] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2646.377700] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2646.378570] ? __traceiter_irq_enable+0xc0/0xc0 [ 2646.379318] ? fput_many+0x2f/0x1a0 [ 2646.379921] ? trace_rcu_dyntick+0x2f/0x170 [ 2646.380671] __x64_sys_sendmmsg+0x99/0x100 [ 2646.381343] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2646.382186] do_syscall_64+0x33/0x40 [ 2646.382784] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2646.383600] RIP: 0033:0x7fe4a84d7b19 [ 2646.384243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2646.387132] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2646.388330] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2646.389423] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2646.390544] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2646.391648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2646.392789] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2646.402252] EXT4-fs (loop6): Unrecognized mount option "€" or missing value 01:23:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xffffff7f}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xfffff000, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2646.464629] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2646.465694] EXT4-fs (loop4): group descriptors corrupted! [ 2646.538063] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2646.539360] EXT4-fs (loop4): group descriptors corrupted! [ 2646.661557] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2646.664685] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2646.895860] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2646.934523] EXT4-fs (loop6): Unrecognized mount option "€" or missing value 01:23:33 executing program 6: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) 01:23:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 39) 01:23:33 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x80480, 0x0) bind$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x3ff, @none, 0x401, 0x2}, 0xe) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @isdn={0x22, 0x20, 0x1, 0x2, 0x68}, @tipc=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x2, 0x4}}, @llc={0x1a, 0x103, 0x1, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:23:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff0f000000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:23:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xffffff7f, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:23:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xffffff91}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fcntl$lock(r2, 0x25, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000000)={0x8020}) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x0, 0x0) r5 = dup2(r4, 0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r5, 0x0, &(0x7f0000000240)=""/61, 0x3d}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, r1}, 0x5) readlinkat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000440)=""/192, 0xc0) syz_mount_image$nfs4(0x0, &(0x7f0000005040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r6, @ANYBLOB='\x00w\x00\x00\x00\x00\x00\x00./\x00\x00le0\x00']) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x1f, 0x7f, 0x8, 0xbc, 0x0, 0x1, 0x28000, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3f, 0x0, @perf_config_ext={0x7, 0x400}, 0x14b0c, 0x7, 0x6, 0x7, 0x3, 0x7de, 0x5b22, 0x0, 0xf922, 0x0, 0xd22c}, 0x0, 0x2, r7, 0x0) rmdir(&(0x7f0000000000)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x10}) [ 2664.883759] FAULT_INJECTION: forcing a failure. 01:23:33 executing program 7: r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) statx(r0, &(0x7f0000000180)='./file1\x00', 0x100, 0x2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000880)={{{@in6=@mcast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@remote}}, &(0x7f00000003c0)=0xe8) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000300), &(0x7f0000000340)=0x10) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@private, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@empty}}, &(0x7f0000000400)=0xe8) chdir(&(0x7f0000000380)='./file1/../file0\x00') write$binfmt_script(r0, &(0x7f0000000740)={'#! ', './file1', [{0x20, 'system.posix_acl_default\x00'}, {}, {}, {0x20, 'system.posix_acl_default\x00'}], 0xa, "a9d0760dbac567db75a3b2cc83f9698fbe6c6313c0454c2ed248037fdd1a1f91aa19c84bfb681a97ab424cf1ce682cecf3cc49d62e6ccddcb846d46a9967a700391728061e35e198ddef22abd1d41cec07bb67529ed5e101dac6236f02103476c0b80d224ecb9147941bb21120d8df02210a126ddf1ab21a566ab4d4935949aac5196f73329c67665e8d7e953f952f1509669a1a6da8c1404ab3a3c4ac3778e2453dfdaade65e99f3b94b8c3e8d67b3caff706763523170484821dfeae2e4f93983bd6bb6e967d2208e452ed3b6285607808f2f31551a2e1d8135c1c7fed0051f6f42988d70ee4"}, 0x128) creat(&(0x7f0000000440)='./file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', 0x0, &(0x7f00000005c0)={{}, {0x1, 0x2}, [{0x2, 0x1, r3}, {0x2, 0x0, r1}, {0x2, 0x4, r4}], {0x4, 0xa}, [{0x8, 0x1, r2}], {0x10, 0x5}}, 0x44, 0x1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000c40)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$VT_ACTIVATE(r5, 0x5606, 0x100) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) fstat(r6, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r5, &(0x7f00000000c0)='./file1/../file0\x00', r8, r2, 0xafc4f569300ba50b) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) [ 2664.883759] name failslab, interval 1, probability 0, space 0, times 0 [ 2664.885702] CPU: 1 PID: 13023 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2664.886696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2664.888085] Call Trace: [ 2664.888493] dump_stack+0x107/0x167 [ 2664.889085] should_fail.cold+0x5/0xa [ 2664.889850] ? create_object.isra.0+0x3a/0xa20 [ 2664.890559] should_failslab+0x5/0x20 [ 2664.891127] kmem_cache_alloc+0x5b/0x310 [ 2664.891741] create_object.isra.0+0x3a/0xa20 [ 2664.892412] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2664.893172] kmem_cache_alloc_node+0x169/0x330 [ 2664.893859] __alloc_skb+0x6d/0x5b0 [ 2664.894430] __ip_append_data+0x2930/0x3310 [ 2664.895095] ? raw_destroy+0x30/0x30 [ 2664.895669] ? ip_finish_output+0x330/0x330 [ 2664.896486] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2664.897459] ? memcpy+0x39/0x60 [ 2664.898046] ? raw_destroy+0x30/0x30 [ 2664.898588] ip_append_data+0x114/0x1a0 [ 2664.899189] raw_sendmsg+0xaa6/0x29d0 [ 2664.899772] ? dst_output+0x170/0x170 [ 2664.900347] ? __lock_acquire+0x1657/0x5b00 [ 2664.901009] ? perf_trace_lock+0xac/0x490 [ 2664.901630] ? SOFTIRQ_verbose+0x10/0x10 [ 2664.902252] ? __lockdep_reset_lock+0x180/0x180 [ 2664.902963] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2664.903801] ? find_held_lock+0x2c/0x110 [ 2664.904495] ? trace_hardirqs_on+0x5b/0x180 [ 2664.905144] ? dst_output+0x170/0x170 [ 2664.905927] inet_sendmsg+0x11d/0x140 [ 2664.906572] ? inet_send_prepare+0x540/0x540 [ 2664.907226] __sock_sendmsg+0x13c/0x190 [ 2664.907820] ____sys_sendmsg+0x334/0x870 [ 2664.908421] ? sock_write_iter+0x3d0/0x3d0 [ 2664.909044] ? do_recvmmsg+0x6d0/0x6d0 [ 2664.909623] ? perf_trace_lock+0xac/0x490 [ 2664.910245] ? __lockdep_reset_lock+0x180/0x180 [ 2664.911069] ? perf_trace_lock+0xac/0x490 [ 2664.911766] ___sys_sendmsg+0xf3/0x170 [ 2664.912497] ? sendmsg_copy_msghdr+0x160/0x160 [ 2664.913182] ? lock_downgrade+0x6d0/0x6d0 [ 2664.913809] ? lock_downgrade+0x6d0/0x6d0 [ 2664.914431] ? __fget_files+0x296/0x4c0 [ 2664.915042] ? __fget_light+0xea/0x290 [ 2664.915633] __sys_sendmmsg+0x195/0x470 [ 2664.916245] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2664.916887] ? lock_downgrade+0x6d0/0x6d0 [ 2664.917540] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2664.918272] ? wait_for_completion_io+0x270/0x270 [ 2664.919001] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2664.919817] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2664.920793] ? rcu_read_lock_any_held+0x75/0xa0 [ 2664.921574] ? __traceiter_irq_enable+0xc0/0xc0 [ 2664.922423] ? fput_many+0x2f/0x1a0 [ 2664.922968] ? trace_rcu_dyntick+0x2f/0x170 [ 2664.923603] __x64_sys_sendmmsg+0x99/0x100 [ 2664.924243] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2664.925002] do_syscall_64+0x33/0x40 [ 2664.925554] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2664.926311] RIP: 0033:0x7fe4a84d7b19 [ 2664.926860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2664.929716] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2664.931146] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2664.932202] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2664.933248] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2664.934296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2664.935362] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2664.937397] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2664.943361] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2664.969206] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:23:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xfffffff5}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2665.002256] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2665.003713] EXT4-fs (loop4): group descriptors corrupted! [ 2665.015932] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2665.031846] EXT4-fs warning (device sda): verify_group_input:170: Bad blocks count 0 01:23:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 40) 01:23:33 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f00000001c0)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000000140)="0200e6fc26b01df5cc06a306da9a7f31eb2c068c3959767f4cd95570f914c5029ed6aba346b47db3f6fd172c2ad38fdcf421c2ad81285f4fbe9eb15a500d6f2c34d218a086696aa64d3d822f34328eefa1cf9f8ddbb3a851000000000000", 0x5e, 0x800}, {&(0x7f0000000240)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee6ffe0220a7e4915e109a5a78b5991737ee07040e1ce45d0fa15f9e3878118d5878b4a5e87a5b713b5868059e497311f08e60ff7dfdd304a5d261ed051f0f182b7ab1a65f2dd6bfea98d0c15475b2434c8f445a9d1af300a2986203c0a11a3728592c0d74337d9699a83727d3c727496bf77ab046c91698649a893746b3f2ae0f8bbd718b9ad097fbd0cbc200", 0xae, 0x2100}], 0x8000, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) creat(&(0x7f0000000080)='./file0\x00', 0xac) [ 2665.159776] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2665.161355] EXT4-fs (loop4): group descriptors corrupted! 01:23:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xffffff9e, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:23:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:33 executing program 7: syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000140), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$SNAPSHOT_FREE(r1, 0x3305) 01:23:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfff7ffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2665.274049] FAULT_INJECTION: forcing a failure. [ 2665.274049] name failslab, interval 1, probability 0, space 0, times 0 [ 2665.275831] CPU: 1 PID: 13053 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2665.276895] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2665.278143] Call Trace: [ 2665.278561] dump_stack+0x107/0x167 [ 2665.279108] should_fail.cold+0x5/0xa [ 2665.279699] ? create_object.isra.0+0x3a/0xa20 [ 2665.280405] should_failslab+0x5/0x20 [ 2665.280987] kmem_cache_alloc+0x5b/0x310 [ 2665.281616] create_object.isra.0+0x3a/0xa20 [ 2665.282292] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2665.283071] kmem_cache_alloc_node+0x169/0x330 [ 2665.283786] __alloc_skb+0x6d/0x5b0 [ 2665.284358] __ip_append_data+0x2930/0x3310 [ 2665.285031] ? raw_destroy+0x30/0x30 [ 2665.285613] ? ip_finish_output+0x330/0x330 [ 2665.286267] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2665.287034] ? memcpy+0x39/0x60 [ 2665.287542] ? raw_destroy+0x30/0x30 [ 2665.288123] ip_append_data+0x114/0x1a0 [ 2665.288751] raw_sendmsg+0xaa6/0x29d0 [ 2665.289345] ? dst_output+0x170/0x170 [ 2665.289934] ? __lock_acquire+0x1657/0x5b00 [ 2665.290606] ? perf_trace_lock+0xac/0x490 [ 2665.291232] ? SOFTIRQ_verbose+0x10/0x10 [ 2665.291852] ? __lockdep_reset_lock+0x180/0x180 [ 2665.292582] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2665.293355] ? find_held_lock+0x2c/0x110 [ 2665.293989] ? trace_hardirqs_on+0x5b/0x180 [ 2665.294647] ? dst_output+0x170/0x170 [ 2665.295230] inet_sendmsg+0x11d/0x140 [ 2665.295812] ? inet_send_prepare+0x540/0x540 [ 2665.296490] __sock_sendmsg+0x13c/0x190 [ 2665.297095] ____sys_sendmsg+0x334/0x870 [ 2665.297715] ? sock_write_iter+0x3d0/0x3d0 [ 2665.298352] ? do_recvmmsg+0x6d0/0x6d0 [ 2665.298946] ? perf_trace_lock+0xac/0x490 [ 2665.299581] ? __lockdep_reset_lock+0x180/0x180 [ 2665.300298] ? perf_trace_lock+0xac/0x490 [ 2665.300932] ___sys_sendmsg+0xf3/0x170 [ 2665.301533] ? sendmsg_copy_msghdr+0x160/0x160 [ 2665.302233] ? lock_downgrade+0x6d0/0x6d0 [ 2665.302877] ? lock_downgrade+0x6d0/0x6d0 [ 2665.303512] ? __fget_files+0x296/0x4c0 [ 2665.304143] ? __fget_light+0xea/0x290 [ 2665.304749] __sys_sendmmsg+0x195/0x470 [ 2665.305361] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2665.306023] ? lock_downgrade+0x6d0/0x6d0 [ 2665.306676] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2665.307410] ? wait_for_completion_io+0x270/0x270 [ 2665.308149] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2665.308947] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2665.309744] ? rcu_read_lock_any_held+0x75/0xa0 [ 2665.310420] ? __traceiter_irq_enable+0xc0/0xc0 [ 2665.311097] ? fput_many+0x2f/0x1a0 [ 2665.311630] ? trace_rcu_dyntick+0x2f/0x170 [ 2665.312280] __x64_sys_sendmmsg+0x99/0x100 [ 2665.312894] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2665.313621] do_syscall_64+0x33/0x40 [ 2665.314164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2665.314893] RIP: 0033:0x7fe4a84d7b19 [ 2665.315438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2665.318008] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2665.319108] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2665.320146] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2665.321182] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2665.322208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2665.323238] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2665.333701] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2665.338741] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:23:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fcntl$lock(r2, 0x25, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000000)={0x8020}) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x0, 0x0) r5 = dup2(r4, 0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r5, 0x0, &(0x7f0000000240)=""/61, 0x3d}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, r1}, 0x5) readlinkat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000440)=""/192, 0xc0) syz_mount_image$nfs4(0x0, &(0x7f0000005040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r6, @ANYBLOB='\x00w\x00\x00\x00\x00\x00\x00./\x00\x00le0\x00']) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x1f, 0x7f, 0x8, 0xbc, 0x0, 0x1, 0x28000, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3f, 0x0, @perf_config_ext={0x7, 0x400}, 0x14b0c, 0x7, 0x6, 0x7, 0x3, 0x7de, 0x5b22, 0x0, 0xf922, 0x0, 0xd22c}, 0x0, 0x2, r7, 0x0) rmdir(&(0x7f0000000000)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x10}) 01:23:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xfffffff0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) [ 2665.441853] EXT4-fs (loop6): Unrecognized mount option "" or missing value 01:23:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 41) [ 2665.519661] EXT4-fs (loop6): Unrecognized mount option "" or missing value [ 2665.528754] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2665.530142] EXT4-fs (loop4): group descriptors corrupted! [ 2665.586801] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2665.610110] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2665.611457] EXT4-fs (loop4): group descriptors corrupted! [ 2665.613913] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 01:23:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x100000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2665.666190] EXT4-fs warning (device sda): verify_group_input:170: Bad blocks count 0 [ 2665.766449] FAULT_INJECTION: forcing a failure. [ 2665.766449] name failslab, interval 1, probability 0, space 0, times 0 [ 2665.768487] CPU: 0 PID: 13075 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2665.769618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2665.770960] Call Trace: [ 2665.771397] dump_stack+0x107/0x167 [ 2665.771996] should_fail.cold+0x5/0xa [ 2665.772729] ? create_object.isra.0+0x3a/0xa20 [ 2665.773479] should_failslab+0x5/0x20 [ 2665.774101] kmem_cache_alloc+0x5b/0x310 [ 2665.774772] create_object.isra.0+0x3a/0xa20 [ 2665.775492] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2665.776335] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2665.777163] ? __ip_append_data+0x2930/0x3310 [ 2665.777904] __alloc_skb+0xb1/0x5b0 [ 2665.778505] __ip_append_data+0x2930/0x3310 [ 2665.779223] ? raw_destroy+0x30/0x30 [ 2665.779845] ? ip_finish_output+0x330/0x330 [ 2665.780562] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2665.781387] ? memcpy+0x39/0x60 [ 2665.781931] ? raw_destroy+0x30/0x30 [ 2665.782541] ip_append_data+0x114/0x1a0 [ 2665.783204] raw_sendmsg+0xaa6/0x29d0 [ 2665.783845] ? dst_output+0x170/0x170 [ 2665.784477] ? __lock_acquire+0x1657/0x5b00 [ 2665.785201] ? perf_trace_lock+0xac/0x490 [ 2665.785875] ? SOFTIRQ_verbose+0x10/0x10 [ 2665.786545] ? __lockdep_reset_lock+0x180/0x180 [ 2665.787304] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2665.788150] ? find_held_lock+0x2c/0x110 [ 2665.788835] ? trace_hardirqs_on+0x5b/0x180 [ 2665.789538] ? dst_output+0x170/0x170 [ 2665.790166] inet_sendmsg+0x11d/0x140 [ 2665.790786] ? inet_send_prepare+0x540/0x540 [ 2665.791503] __sock_sendmsg+0x13c/0x190 [ 2665.792158] ____sys_sendmsg+0x334/0x870 [ 2665.792827] ? sock_write_iter+0x3d0/0x3d0 [ 2665.793509] ? do_recvmmsg+0x6d0/0x6d0 [ 2665.794141] ? perf_trace_lock+0xac/0x490 [ 2665.794822] ? __lockdep_reset_lock+0x180/0x180 [ 2665.795576] ? perf_trace_lock+0xac/0x490 [ 2665.796261] ___sys_sendmsg+0xf3/0x170 [ 2665.796902] ? sendmsg_copy_msghdr+0x160/0x160 [ 2665.797653] ? lock_downgrade+0x6d0/0x6d0 [ 2665.798352] ? __fget_files+0x296/0x4c0 [ 2665.799014] ? __fget_light+0xea/0x290 [ 2665.799662] __sys_sendmmsg+0x195/0x470 [ 2665.800323] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2665.801036] ? lock_downgrade+0x6d0/0x6d0 [ 2665.801726] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2665.802550] ? perf_trace_preemptirq_template+0x266/0x400 [ 2665.803441] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2665.804338] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2665.805235] ? __traceiter_irq_enable+0xc0/0xc0 [ 2665.805987] ? fput_many+0x2f/0x1a0 [ 2665.806587] ? trace_rcu_dyntick+0x2f/0x170 [ 2665.807298] __x64_sys_sendmmsg+0x99/0x100 [ 2665.807989] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2665.808829] do_syscall_64+0x33/0x40 [ 2665.809442] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2665.810271] RIP: 0033:0x7fe4a84d7b19 [ 2665.810880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2665.813835] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2665.815071] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2665.816233] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2665.817386] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2665.818538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2665.819691] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:23:53 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x40) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:23:53 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xffffffff, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:23:53 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, r0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x3, 0x5, 0x0, 0x0, 0x9, 0x2, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x42010, 0x0, 0x0, 0x0, 0x7fff, 0x1f, 0x6, 0x0, 0x120000, 0x0, 0x2}, 0x0, 0xc, r1, 0x9) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)=ANY=[@ANYBLOB="000021c40d5b0000000000000000"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r2, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:23:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x200000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:53 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 42) 01:23:53 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xfffffff0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001200cd61"], 0x38}}, 0x0) 01:23:53 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x5e7270a966ef3db7) r2 = creat(&(0x7f0000000280)='./file0/file0/file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) mknod$loop(&(0x7f00000002c0)='./file0\x00', 0x20, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001380)) openat(r3, &(0x7f0000000300)='./file0\x00', 0x446c84, 0x4a) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) openat(0xffffffffffffffff, 0x0, 0x404100, 0x0) write$P9_RREADLINK(r1, &(0x7f0000001800)=ANY=[@ANYRES64=r2, @ANYRES32, @ANYBLOB="fe4e6c036a75e557e7058833679325c74cb7acec2defc2021558ebe1b054392accb8e55c8084d90fc20599f6da760f2a5626d44e9a547c3884ff50e0b21e88d772c4e7193f3ec4271573d09513f911f2d2454a0c9f18d06ebdc2aff8e570056bc5d600419cbf831c0e9a4199c27873e9403a6b0f882ca34607fd0f20fa4e327dc0320f8617915b6636abfcb8097df0e8352f7cfd702824e3495eda9b957f117822fce07ee23f347df94b552cbccc1e2c0a8c882e459c385b278510dd36cded2992d0deda495c7ae89d946d76481390b1ac9c7dcb5b3cf19557d0adea20ac181310184f829bf94b32713b1e9f144260f9780136d5a37ef02fa5af89690858c93015bcd860032c28fc760538cbdb8d154147cf", @ANYRES64, @ANYRES16=r4, @ANYRESOCT, @ANYRESHEX=r1], 0x10) r5 = openat(0xffffffffffffffff, 0x0, 0x0, 0x120) getdents(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xfef) fstatfs(0xffffffffffffffff, &(0x7f00000000c0)=""/65) sendfile(r1, r3, 0x0, 0x20d315) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000001580)=ANY=[@ANYRESDEC=r5], 0x1c) futimesat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0/file0\x00', &(0x7f00000001c0)={{0x0, 0x2710}, {0x77359400}}) fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000001340)='system_u:object_r:hwclock_exec_t:s0\x00', 0x24, 0x1) 01:23:53 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffbffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2685.541127] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2685.542800] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2685.552515] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2685.558706] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2685.561356] FAULT_INJECTION: forcing a failure. [ 2685.561356] name failslab, interval 1, probability 0, space 0, times 0 [ 2685.563016] CPU: 1 PID: 13098 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2685.564017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2685.565212] Call Trace: [ 2685.565607] dump_stack+0x107/0x167 [ 2685.566142] should_fail.cold+0x5/0xa [ 2685.566700] ? __alloc_skb+0x6d/0x5b0 [ 2685.567257] should_failslab+0x5/0x20 [ 2685.567816] kmem_cache_alloc_node+0x55/0x330 [ 2685.568482] __alloc_skb+0x6d/0x5b0 [ 2685.569026] __ip_append_data+0x2930/0x3310 [ 2685.569675] ? raw_destroy+0x30/0x30 [ 2685.570233] ? ip_finish_output+0x330/0x330 [ 2685.570867] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2685.571604] ? memcpy+0x39/0x60 [ 2685.572093] ? raw_destroy+0x30/0x30 [ 2685.572648] ip_append_data+0x114/0x1a0 [ 2685.573243] raw_sendmsg+0xaa6/0x29d0 [ 2685.573820] ? dst_output+0x170/0x170 [ 2685.574378] ? __lock_acquire+0x1657/0x5b00 [ 2685.575027] ? perf_trace_lock+0xac/0x490 [ 2685.575632] ? SOFTIRQ_verbose+0x10/0x10 [ 2685.576230] ? __lockdep_reset_lock+0x180/0x180 [ 2685.576930] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2685.577680] ? find_held_lock+0x2c/0x110 [ 2685.578301] ? trace_hardirqs_on+0x5b/0x180 [ 2685.578949] ? dst_output+0x170/0x170 [ 2685.579512] inet_sendmsg+0x11d/0x140 [ 2685.580078] ? inet_send_prepare+0x540/0x540 [ 2685.580732] __sock_sendmsg+0x13c/0x190 [ 2685.581322] ____sys_sendmsg+0x334/0x870 [ 2685.581925] ? sock_write_iter+0x3d0/0x3d0 [ 2685.582545] ? do_recvmmsg+0x6d0/0x6d0 [ 2685.583118] ? perf_trace_lock+0xac/0x490 [ 2685.583741] ? __lockdep_reset_lock+0x180/0x180 [ 2685.584429] ? perf_trace_lock+0xac/0x490 [ 2685.585051] ___sys_sendmsg+0xf3/0x170 [ 2685.585632] ? sendmsg_copy_msghdr+0x160/0x160 [ 2685.586310] ? lock_downgrade+0x6d0/0x6d0 [ 2685.586941] ? lock_downgrade+0x6d0/0x6d0 [ 2685.587558] ? __fget_files+0x296/0x4c0 [ 2685.588159] ? __fget_light+0xea/0x290 [ 2685.588758] __sys_sendmmsg+0x195/0x470 [ 2685.589352] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2685.589986] ? lock_downgrade+0x6d0/0x6d0 [ 2685.590623] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2685.591338] ? wait_for_completion_io+0x270/0x270 [ 2685.592043] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2685.592856] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2685.593668] ? rcu_read_lock_any_held+0x75/0xa0 [ 2685.594351] ? __traceiter_irq_enable+0xc0/0xc0 [ 2685.595034] ? fput_many+0x2f/0x1a0 [ 2685.595579] ? trace_rcu_dyntick+0x2f/0x170 [ 2685.596218] __x64_sys_sendmmsg+0x99/0x100 [ 2685.596845] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2685.597602] do_syscall_64+0x33/0x40 [ 2685.598150] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2685.598902] RIP: 0033:0x7fe4a84d7b19 [ 2685.599452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2685.602129] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2685.603251] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2685.604304] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2685.605348] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2685.606391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2685.607420] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2685.622398] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2685.655569] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2685.657224] EXT4-fs (loop4): group descriptors corrupted! [ 2685.704603] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:23:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x300000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:23:53 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="0f0000001200cd61"], 0x38}}, 0x0) 01:23:53 executing program 7: set_tid_address(&(0x7f0000000000)) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x61, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 2685.738833] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2685.740339] EXT4-fs (loop4): group descriptors corrupted! [ 2685.745522] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:23:53 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 43) [ 2685.894436] FAULT_INJECTION: forcing a failure. [ 2685.894436] name failslab, interval 1, probability 0, space 0, times 0 [ 2685.896566] CPU: 1 PID: 13125 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2685.897673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2685.899204] Call Trace: [ 2685.899629] dump_stack+0x107/0x167 [ 2685.900319] should_fail.cold+0x5/0xa [ 2685.901007] ? create_object.isra.0+0x3a/0xa20 [ 2685.901681] should_failslab+0x5/0x20 [ 2685.902415] kmem_cache_alloc+0x5b/0x310 [ 2685.903169] create_object.isra.0+0x3a/0xa20 [ 2685.903809] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2685.904568] kmem_cache_alloc_node+0x169/0x330 [ 2685.905244] __alloc_skb+0x6d/0x5b0 [ 2685.905790] __ip_append_data+0x2930/0x3310 [ 2685.906436] ? raw_destroy+0x30/0x30 [ 2685.907004] ? ip_finish_output+0x330/0x330 [ 2685.907635] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2685.908432] ? memcpy+0x39/0x60 [ 2685.909060] ? raw_destroy+0x30/0x30 [ 2685.909784] ip_append_data+0x114/0x1a0 [ 2685.910491] raw_sendmsg+0xaa6/0x29d0 [ 2685.911242] ? dst_output+0x170/0x170 [ 2685.911832] ? __lock_acquire+0x1657/0x5b00 [ 2685.912677] ? perf_trace_lock+0xac/0x490 [ 2685.913432] ? SOFTIRQ_verbose+0x10/0x10 [ 2685.914144] ? __lockdep_reset_lock+0x180/0x180 [ 2685.915062] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2685.915916] ? find_held_lock+0x2c/0x110 [ 2685.916762] ? trace_hardirqs_on+0x5b/0x180 [ 2685.917513] ? dst_output+0x170/0x170 [ 2685.918346] inet_sendmsg+0x11d/0x140 [ 2685.918928] ? inet_send_prepare+0x540/0x540 [ 2685.919755] __sock_sendmsg+0x13c/0x190 [ 2685.920454] ____sys_sendmsg+0x334/0x870 [ 2685.921053] ? sock_write_iter+0x3d0/0x3d0 [ 2685.921672] ? do_recvmmsg+0x6d0/0x6d0 [ 2685.922266] ? perf_trace_lock+0xac/0x490 [ 2685.923043] ? __lockdep_reset_lock+0x180/0x180 [ 2685.923895] ? perf_trace_lock+0xac/0x490 [ 2685.924523] ___sys_sendmsg+0xf3/0x170 [ 2685.925095] ? sendmsg_copy_msghdr+0x160/0x160 [ 2685.925771] ? lock_downgrade+0x6d0/0x6d0 [ 2685.926519] ? lock_downgrade+0x6d0/0x6d0 [ 2685.927320] ? __fget_files+0x296/0x4c0 [ 2685.927920] ? __fget_light+0xea/0x290 [ 2685.928675] __sys_sendmmsg+0x195/0x470 [ 2685.929438] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2685.930065] ? lock_downgrade+0x6d0/0x6d0 [ 2685.930798] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2685.931752] ? wait_for_completion_io+0x270/0x270 [ 2685.932464] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2685.933261] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2685.934062] ? rcu_read_lock_any_held+0x75/0xa0 [ 2685.934741] ? __traceiter_irq_enable+0xc0/0xc0 [ 2685.935417] ? fput_many+0x2f/0x1a0 [ 2685.935951] ? trace_rcu_dyntick+0x2f/0x170 [ 2685.936600] __x64_sys_sendmmsg+0x99/0x100 [ 2685.937214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2685.937963] do_syscall_64+0x33/0x40 [ 2685.938509] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2685.939258] RIP: 0033:0x7fe4a84d7b19 [ 2685.939804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2685.942444] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2685.943545] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2685.944584] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2685.945617] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2685.946678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2685.947708] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:24:14 executing program 5: semtimedop(0xffffffffffffffff, &(0x7f0000000040)=[{0x3, 0xe8d, 0x800}, {0x0, 0x40}, {0x3, 0x80, 0x1000}, {0x4, 0x2, 0x1000}, {0x3, 0x2, 0xe11bd76d07cad8e5}, {0x1, 0x81, 0x1000}, {0x2, 0x0, 0x1800}, {0x2, 0x0, 0x1800}], 0x8, &(0x7f0000000080)={0x0, 0x989680}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) r1 = gettid() ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000500)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @any, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x337, 0x4, 0x5, 0x3, 0xde, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) r2 = syz_open_procfs(r1, &(0x7f0000000280)='timerslack_ns\x00') ioctl$F2FS_IOC_WRITE_CHECKPOINT(r2, 0xf507, 0x0) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:24:14 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff7f00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:24:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 44) 01:24:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x400000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:24:14 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000003c0)=0x10000, 0xffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9bbb) 01:24:14 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x2, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 01:24:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="600000001200cd61"], 0x38}}, 0x0) 01:24:14 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}, 0x804, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x50, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002020000082505a1a440000102030109023e000101c1e015090400fb0321550d24ff0000cb0351775d8bc25e8409017d09050302"], &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x34, &(0x7f0000000080)={0x5, 0xf, 0x34, 0x3, [@ptm_cap={0x3}, @ssp_cap={0x18, 0x10, 0xa, 0x47, 0x3, 0x3, 0x880, 0x3704, [0xbe00, 0xffc000, 0xde]}, @ssp_cap={0x14, 0x10, 0xa, 0x1, 0x2, 0x5, 0xf00, 0x3, [0x3f00, 0x3e8f]}]}, 0x1, [{0x2, &(0x7f0000000280)=@string={0x2}}]}) r0 = socket$netlink(0x10, 0x3, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f00000000c0)=0x3) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x24, 0x1d, 0xc21, 0x0, 0x0, {0xa}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x1, 0x0, 0x0, @u32}]}, 0x24}}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4040, 0x42) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 2705.978063] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2705.979342] EXT4-fs (loop4): group descriptors corrupted! [ 2706.003196] FAULT_INJECTION: forcing a failure. [ 2706.003196] name failslab, interval 1, probability 0, space 0, times 0 [ 2706.005550] CPU: 1 PID: 13143 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2706.006654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2706.007964] Call Trace: [ 2706.008403] dump_stack+0x107/0x167 [ 2706.009006] should_fail.cold+0x5/0xa [ 2706.009626] ? __alloc_skb+0x6d/0x5b0 [ 2706.010236] should_failslab+0x5/0x20 [ 2706.010842] kmem_cache_alloc_node+0x55/0x330 [ 2706.011557] __alloc_skb+0x6d/0x5b0 [ 2706.012145] __ip_append_data+0x2930/0x3310 [ 2706.012898] ? raw_destroy+0x30/0x30 [ 2706.013578] ? ip_finish_output+0x330/0x330 [ 2706.014443] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2706.015300] ? memcpy+0x39/0x60 [ 2706.015826] ? raw_destroy+0x30/0x30 [ 2706.016414] ip_append_data+0x114/0x1a0 [ 2706.017065] raw_sendmsg+0xaa6/0x29d0 [ 2706.017687] ? dst_output+0x170/0x170 [ 2706.018290] ? __lock_acquire+0x1657/0x5b00 [ 2706.018993] ? perf_trace_lock+0xac/0x490 [ 2706.019646] ? SOFTIRQ_verbose+0x10/0x10 [ 2706.020295] ? __lockdep_reset_lock+0x180/0x180 [ 2706.021045] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2706.021851] ? find_held_lock+0x2c/0x110 [ 2706.022514] ? trace_hardirqs_on+0x5b/0x180 [ 2706.023202] ? dst_output+0x170/0x170 [ 2706.023808] inet_sendmsg+0x11d/0x140 [ 2706.024411] ? inet_send_prepare+0x540/0x540 [ 2706.025110] __sock_sendmsg+0x13c/0x190 [ 2706.025742] ____sys_sendmsg+0x334/0x870 [ 2706.026388] ? sock_write_iter+0x3d0/0x3d0 [ 2706.027056] ? do_recvmmsg+0x6d0/0x6d0 [ 2706.027671] ? perf_trace_lock+0xac/0x490 [ 2706.028335] ? __lockdep_reset_lock+0x180/0x180 [ 2706.028623] udc-core: couldn't find an available UDC or it's busy [ 2706.029082] ? perf_trace_lock+0xac/0x490 [ 2706.030013] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 2706.030531] ___sys_sendmsg+0xf3/0x170 [ 2706.031958] ? sendmsg_copy_msghdr+0x160/0x160 [ 2706.032684] ? lock_downgrade+0x6d0/0x6d0 [ 2706.033341] ? lock_downgrade+0x6d0/0x6d0 [ 2706.033995] ? __fget_files+0x296/0x4c0 [ 2706.034629] ? __fget_light+0xea/0x290 [ 2706.035249] __sys_sendmmsg+0x195/0x470 [ 2706.035879] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2706.036557] ? lock_downgrade+0x6d0/0x6d0 [ 2706.037230] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2706.037992] ? wait_for_completion_io+0x270/0x270 [ 2706.038740] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2706.039594] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2706.040449] ? rcu_read_lock_any_held+0x75/0xa0 [ 2706.041177] ? __traceiter_irq_enable+0xc0/0xc0 [ 2706.041908] ? fput_many+0x2f/0x1a0 [ 2706.042483] ? trace_rcu_dyntick+0x2f/0x170 [ 2706.043167] __x64_sys_sendmmsg+0x99/0x100 [ 2706.043825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2706.044631] do_syscall_64+0x33/0x40 [ 2706.045217] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2706.046013] RIP: 0033:0x7fe4a84d7b19 [ 2706.046598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2706.049428] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2706.050615] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2706.051698] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2706.052790] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2706.053875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2706.054958] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2706.081461] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:24:14 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000003c0)=0x10000, 0xffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9bbb) 01:24:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x500000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:24:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 45) [ 2706.153644] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:24:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="c00000001200cd61"], 0x38}}, 0x0) 01:24:14 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2706.350685] FAULT_INJECTION: forcing a failure. [ 2706.350685] name failslab, interval 1, probability 0, space 0, times 0 [ 2706.352660] CPU: 0 PID: 13162 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2706.353835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2706.355175] Call Trace: [ 2706.355630] dump_stack+0x107/0x167 [ 2706.356243] should_fail.cold+0x5/0xa [ 2706.356896] ? create_object.isra.0+0x3a/0xa20 [ 2706.357642] should_failslab+0x5/0x20 [ 2706.358268] kmem_cache_alloc+0x5b/0x310 [ 2706.358952] create_object.isra.0+0x3a/0xa20 [ 2706.359681] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2706.360510] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2706.361361] ? __ip_append_data+0x2930/0x3310 [ 2706.362130] __alloc_skb+0xb1/0x5b0 [ 2706.362756] __ip_append_data+0x2930/0x3310 [ 2706.363495] ? raw_destroy+0x30/0x30 [ 2706.364140] ? ip_finish_output+0x330/0x330 [ 2706.364876] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2706.365715] ? memcpy+0x39/0x60 [ 2706.366268] ? raw_destroy+0x30/0x30 [ 2706.366895] ip_append_data+0x114/0x1a0 [ 2706.367586] raw_sendmsg+0xaa6/0x29d0 [ 2706.368217] ? dst_output+0x170/0x170 [ 2706.368865] ? __lock_acquire+0x1657/0x5b00 [ 2706.369610] ? perf_trace_lock+0xac/0x490 [ 2706.370306] ? SOFTIRQ_verbose+0x10/0x10 [ 2706.370994] ? __lockdep_reset_lock+0x180/0x180 [ 2706.371792] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2706.372662] ? find_held_lock+0x2c/0x110 [ 2706.373348] ? trace_hardirqs_on+0x5b/0x180 [ 2706.374073] ? dst_output+0x170/0x170 [ 2706.374711] inet_sendmsg+0x11d/0x140 [ 2706.375326] ? inet_send_prepare+0x540/0x540 [ 2706.376067] __sock_sendmsg+0x13c/0x190 [ 2706.376737] ____sys_sendmsg+0x334/0x870 [ 2706.377425] ? sock_write_iter+0x3d0/0x3d0 [ 2706.378130] ? do_recvmmsg+0x6d0/0x6d0 [ 2706.378785] ? perf_trace_lock+0xac/0x490 [ 2706.379483] ? __lockdep_reset_lock+0x180/0x180 [ 2706.380262] ? perf_trace_lock+0xac/0x490 [ 2706.380974] ___sys_sendmsg+0xf3/0x170 [ 2706.381631] ? sendmsg_copy_msghdr+0x160/0x160 [ 2706.382415] ? lock_downgrade+0x6d0/0x6d0 [ 2706.383105] ? __fget_files+0x296/0x4c0 [ 2706.383786] ? __fget_light+0xea/0x290 [ 2706.384427] __sys_sendmmsg+0x195/0x470 [ 2706.385110] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2706.385835] ? lock_downgrade+0x6d0/0x6d0 [ 2706.386550] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2706.387398] ? perf_trace_preemptirq_template+0x266/0x400 [ 2706.388315] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2706.389237] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2706.390152] ? __traceiter_irq_enable+0xc0/0xc0 [ 2706.390938] ? fput_many+0x2f/0x1a0 [ 2706.391559] ? trace_rcu_dyntick+0x2f/0x170 [ 2706.392300] __x64_sys_sendmmsg+0x99/0x100 [ 2706.393014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2706.393879] do_syscall_64+0x33/0x40 [ 2706.394511] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2706.395372] RIP: 0033:0x7fe4a84d7b19 [ 2706.395998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2706.398944] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2706.400211] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2706.401371] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2706.402535] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2706.403697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2706.404861] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:24:14 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000003c0)=0x10000, 0xffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9bbb) 01:24:14 executing program 6: syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x7, &(0x7f0000000a80)=[{&(0x7f00000005c0)="6252a891b26b6f8bf25023016881049defb568125052786cab5052570ec64c88bf0c9529597b333ca7f22f3d2fb996b9dda0d721c5cd1746dfce6f7333187faf526d1408d03ffb8273fdf45f820705a26d3d4906e5298649d0c1452ac6ac6ab41969fd19a2c32d7e6e961d58105c24a5ad6a4adf66a085c1154639b772eb8b559b6b4af65052795d1f", 0x89}, {&(0x7f0000000680)="6e22b8c24be68c071775f163e190b42b686339beeed8de3972ffe306cc0be0d6a6f716df999d5f1bb8ab399c3e48a6cd532bb9f9a3e0205cb165c64831f7a0f4b7af770a98e5048bee94d0f57f1ec259f0cd51e8c1320c45e526d6dc35d45e56e1151eb817791f98e40d4ca499d07ebbfb3267b719c983fea8d3b09d8856695f7cca56d538013e", 0x87, 0x80000000}, {&(0x7f0000000740)="f7711a505ac7c896a13b57071fcdc2e2010fc285df816431deada46c8545eaf2757c6351891f7369d465cc8bcc9e6271273dc2d1b6da3ac96ca5365ecd4847cc245fe6088f75be4ffb369cac56e84a9785c07bcf735d2240db3d50953fbf0855b8f7d9beb15ba15023fb7e14578eab5f1d02b2bfadbdd4bb461cdd790ddb6e841bba1142b39144", 0x87, 0x3}, {&(0x7f0000000800)="692f5f02c25f1815db202db49cf118efbc75245440b42b115974b853fc0ae3f81347a5489cdaa0f58d8bfd9b64c90404cc1f2b123e03494d25c980d9b259198f7ca736a3dea60cce139a45601ab5340545203442e5dfd39f5cd695d996d4ac2abc8255947554d1f466c0585bf00f386eaf2212b306802f6fe4b4abd4b64c9834275e1f766aa4c9690b82bc7814d14dc483e3b0054d4de707db15bc5c139e4d819ff0d9d6d537", 0xa6, 0x4}, {&(0x7f00000008c0)="01600527c4c3cfce753d25662d198fa79fe0d2e537818c71365a07e269a04e8dab72a2700aa41ae9d44ba699c9320b7a7f4ed678e6f590199f8cc8a2811f926eb22cd73dfdcc320a83ffa93f47b93a7b5f80127edbc165c1f66c3ada145de56ddff80e5a82995d1c652346934ab64b0dad4e3c956adf6e34a655b1d36ebaf10b6ef56e4eaeb3f03eed2d1a53adf3bfe682978a8b3b42e3d58ae9d5543d3e723c94e9cdbbe50a7061cd7feb0885992967e6c014dceb184b227f7c33bb1481ce76d41c52f810ae0e8d1935f15017251fa32107d96266d18abd9f6533fad2487cca356a5b8e182b715e2cdfd5aff1a893544a", 0xf1, 0x3}, {&(0x7f00000009c0)="65c7069fbf230901ad6fcb3c9a22418def017e95017329f47957c964a38f1aa507777bc08869f54a9ac9f459dda89cdcccfe239e83a4f755ad783485721966a0c956afd87876d67700c539c8ed6358e1a2bfff3176e6eb1d3b508e48653b8f03c15e3a72abedef9949a8c8dea23aa86d506c2a89d54af991c4c742a6df42142c8fc245866f8706e04c6c56924e61b92de502f602f669390562fca1cd6cb066b0ecaa01d699c9d038f35e050ea7f55326881b2d71f57f57bee03a53fc1a", 0xbd, 0x7b}, {&(0x7f0000000000)="361a80d67d8a004058004d91d5a773687ed959cd309a9e594be92e0ec37c4eb28ae8a826d3f88d780f8e06ec8bfc7babfbd5e3c5e702c5bb0a", 0x39, 0x6}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) chown(&(0x7f0000000240)='./file0\x00', 0xee01, 0xee01) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4000, 0x100) setresuid(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)={[{@journal_async_commit}, {@grpquota}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x800000000000002}}, {@init_itable}, {@resuid={'resuid', 0x3d, 0xffffffffffffffff}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*-/\x83]'}}, {@uid_gt}, {@euid_gt={'euid>', 0xee00}}]}) syz_mount_image$nfs4(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0xc755, 0x4, &(0x7f0000000500)=[{&(0x7f0000000280)="d31a77740af541c94d2b6af7ecd5d1f9181cfd2b162052e746f209243a27700229a63b5f080d05b0b9493595382a02785786e99ea94a6a9af500d81cf63f03ca283ac19126407a9244ded34c1162cbc051cd10027c2a35a296014fb920b53a5b2d1b3ff0abd79b392ef8b2f1407bbd71a38efdf60917fe5ec2723533a2662a61d7bb30fe7c93083fd3e6242e7ab4b9c4efd11d38c0db6c8453173ae31c072b3194a1d9159d92646932de367631adcb60badb34936bd65261fb8b3018ab08e5735a69cb7d09e309431288d5eecc0cab211e19413d607abfb0be2e3e343383d349379c71ae9fd726f7459ed01e31ca", 0xee, 0x100000001}, {&(0x7f00000001c0)="1559e00d42ca59035ced84af39252d", 0xf, 0x7500}, {&(0x7f0000000380)="eeb89bb9c6c83e5d9b137ee84a1b9e6b66ab48b64409a76a25b09fd441443e95fe27e3ed5d9fcbe17b309ad79796b82371dbb12018496cbb9778f0b2a15591434281d4", 0x43, 0xfff}, {&(0x7f0000000400)="6bdb805a6805fe0980385186f410f018beeeb26dba74b8a550c01694a0330a5a451907e5b47e8b570995fc31c6170795906b4970f0e6abb022f3351592d0bcff3b082f76331dac7d1a78867753bad2461fc8cd4ccbc93342aa0798e6c978dfae5880938703462b0e1b1c1c7893efcba2e34f99650978573b7a6ea313a984a5b98e3a8d2251fd9a2d0cbbef17ae44ab5e7e4b9a7f9d0fd556a791a08ab5f5e36a60994c02b99c31be4fb190a7265b37e63603967cc747dec5b549fd6fdcaf03031d9e1404d2cd0afa1bc758ca377d89e2fa4de6f7797f1904073c6af5592349afb992fc6a6d25", 0xe6, 0xfffffffffffffffd}], 0x33d59d10fb3259b3, &(0x7f0000000580)={[{'ext2\x00'}, {'ext2\x00'}, {'ext2\x00'}], [{@uid_lt}, {@mask={'mask', 0x3d, 'MAY_READ'}}]}) [ 2706.548415] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2706.550130] EXT4-fs (loop4): group descriptors corrupted! [ 2706.655513] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2706.657026] EXT4-fs (loop4): group descriptors corrupted! [ 2706.688146] EXT4-fs (loop6): VFS: Can't find ext4 filesystem [ 2706.812832] EXT4-fs (loop6): VFS: Can't find ext4 filesystem 01:24:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x600000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:24:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="c00e00001200cd61"], 0x38}}, 0x0) 01:24:33 executing program 7: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) fcntl$dupfd(r3, 0x0, r0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000004200210e000040000000000000000000"], 0x14}}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000340)=""/270, 0x10e}], 0x1, 0x0, 0x2) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @empty}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="0d2e2c4f4b4861777938e37cc6aa5e6317b632ef4fac2ae3a0bfa05063787f5f99462ff96073b36d0dfeec64c8612182a77458d9f01962ccf1fee60a7f2ca8ce21c049939c62508d63a620f81489d3173a184846ac17b880161bbed8d48d64550cd6802e3ba67c054c9fe640e32a3dbec96f8e7a2ed03feaaabb19f38ae4793f9886a30398e821982c8bb6e37ea10c78eb52c2a5ec2880fe0ebf0945ade0ab3646c04d11e50b13cd13972df1ac7cbe8a99950971"], 0xfdef) r5 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb357b87ae67d5b00d5a28eea29113393d0e1c7391515c7ab7c00", 0x2d}, 0x48, 0xffffffffffffffff) perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x40, 0xc6, 0x21, 0x4, 0x0, 0x9, 0x2, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8, 0x8000, 0x100, 0x2, 0x9, 0x3, 0x401, 0x0, 0xffff, 0x0, 0xfff}, 0xffffffffffffffff, 0xc, r1, 0x3) r6 = getegid() keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f0000000300)=@keyring={'key_or_keyring:', r5}) keyctl$chown(0x4, r5, 0xee01, r6) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0x4, 0x3}, 0x6) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) unshare(0x48020200) 01:24:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffffffff0700, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:24:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 46) 01:24:33 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000003c0)=0x10000, 0xffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9bbb) 01:24:33 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() r2 = memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) r3 = dup(r0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000002c0)=0x6, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r5, r4) write$binfmt_elf64(r3, &(0x7f0000000500)=ANY=[@ANYRES32=r4], 0x18b0) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r1, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) r7 = dup3(r6, r2, 0x80000) dup3(r7, r2, 0x0) r8 = syz_io_uring_setup(0x7147, &(0x7f0000000040)={0x0, 0x19de, 0x2, 0x3, 0x12c}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000300)=ANY=[@ANYBLOB="59317d2ad0a59baf0f1b73a694000000009e24", @ANYRES32=r8, @ANYBLOB="020057e8682b672843799e953e880000"]) socket$inet_icmp(0x2, 0x2, 0x1) sendfile(r0, r2, 0x0, 0xc) 01:24:33 executing program 6: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) statx(r0, &(0x7f00000001c0)='./file0\x00', 0x400, 0x800, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)={[{@journal_async_commit}, {@grpquota}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x800000000000002}}, {@init_itable}, {@resuid={'resuid', 0x3d, 0xffffffffffffffff}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*-/\x83]'}}, {@uid_gt={'uid>', r2}}, {@euid_gt={'euid>', 0xee00}}]}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = dup2(r4, r3) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r6, r5, 0x0, 0x7ffffff9) openat(r6, &(0x7f0000000440)='./file0\x00', 0x46401, 0x40) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r7, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000001480)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000001280)="6063f5f02f2048a0b05046f3ddd1193e22716ceb436b89fa223184f06d237974c341a45c9188af56d06abdb28ee20aa460f6168fb01a2f8d942e259d6ec57153213d09841b0fe8de6d2f5849c89f", 0x4e, 0x74}], 0x180011, &(0x7f0000001600)={[{@journal_async_commit}, {@grpquota}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x800000000000002}}, {@init_itable}, {@resuid={'resuid', 0x3d, 0xffffffffffffffff}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*-/\x83]'}}, {@uid_gt={'uid>', r7}}, {@euid_gt={'euid>', 0xee00}}]}) mount$9p_virtio(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x802220, &(0x7f0000000380)={'trans=virtio,', {[{@cache_mmap}, {@dfltgid}], [{@dont_appraise}, {@fowner_lt={'fowner<', r1}}, {@measure}, {@subj_role={'subj_role', 0x3d, '/'}}, {@euid_eq={'euid', 0x3d, r2}}, {@euid_lt={'euid<', r7}}]}}) [ 2725.614235] FAULT_INJECTION: forcing a failure. [ 2725.614235] name failslab, interval 1, probability 0, space 0, times 0 [ 2725.615934] CPU: 1 PID: 13203 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2725.616961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2725.618182] Call Trace: [ 2725.618585] dump_stack+0x107/0x167 [ 2725.619130] should_fail.cold+0x5/0xa [ 2725.619703] ? __alloc_skb+0x6d/0x5b0 [ 2725.620279] should_failslab+0x5/0x20 [ 2725.620855] kmem_cache_alloc_node+0x55/0x330 [ 2725.621528] __alloc_skb+0x6d/0x5b0 [ 2725.622080] __ip_append_data+0x2930/0x3310 [ 2725.622741] ? raw_destroy+0x30/0x30 [ 2725.623311] ? ip_finish_output+0x330/0x330 [ 2725.623955] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2725.624708] ? memcpy+0x39/0x60 [ 2725.625212] ? raw_destroy+0x30/0x30 [ 2725.625769] ip_append_data+0x114/0x1a0 [ 2725.626376] raw_sendmsg+0xaa6/0x29d0 [ 2725.626962] ? dst_output+0x170/0x170 [ 2725.627528] ? __lock_acquire+0x1657/0x5b00 [ 2725.628187] ? perf_trace_lock+0xac/0x490 [ 2725.628810] ? SOFTIRQ_verbose+0x10/0x10 [ 2725.629420] ? __lockdep_reset_lock+0x180/0x180 [ 2725.630122] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2725.630880] ? find_held_lock+0x2c/0x110 [ 2725.631499] ? trace_hardirqs_on+0x5b/0x180 [ 2725.632145] ? dst_output+0x170/0x170 [ 2725.632713] inet_sendmsg+0x11d/0x140 [ 2725.633286] ? inet_send_prepare+0x540/0x540 [ 2725.633938] __sock_sendmsg+0x13c/0x190 [ 2725.634530] ____sys_sendmsg+0x334/0x870 [ 2725.635138] ? sock_write_iter+0x3d0/0x3d0 [ 2725.635764] ? do_recvmmsg+0x6d0/0x6d0 [ 2725.636341] ? perf_trace_lock+0xac/0x490 [ 2725.636968] ? __lockdep_reset_lock+0x180/0x180 [ 2725.637658] ? perf_trace_lock+0xac/0x490 [ 2725.638282] ___sys_sendmsg+0xf3/0x170 [ 2725.638865] ? sendmsg_copy_msghdr+0x160/0x160 [ 2725.639681] ? lock_downgrade+0x6d0/0x6d0 [ 2725.640506] ? lock_downgrade+0x6d0/0x6d0 [ 2725.641137] ? __fget_files+0x296/0x4c0 [ 2725.641790] ? __fget_light+0xea/0x290 [ 2725.642416] __sys_sendmmsg+0x195/0x470 [ 2725.643174] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2725.643816] ? lock_downgrade+0x6d0/0x6d0 [ 2725.644456] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2725.645264] ? wait_for_completion_io+0x270/0x270 [ 2725.646048] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2725.647071] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2725.647874] ? rcu_read_lock_any_held+0x75/0xa0 [ 2725.648554] ? __traceiter_irq_enable+0xc0/0xc0 [ 2725.649248] ? fput_many+0x2f/0x1a0 [ 2725.649793] ? trace_rcu_dyntick+0x2f/0x170 [ 2725.650441] __x64_sys_sendmmsg+0x99/0x100 [ 2725.651068] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2725.651822] do_syscall_64+0x33/0x40 [ 2725.652375] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2725.653135] RIP: 0033:0x7fe4a84d7b19 [ 2725.653687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2725.656361] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2725.657632] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2725.658938] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2725.659978] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2725.661031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2725.662079] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:24:33 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="e03f03001200cd61"], 0x38}}, 0x0) 01:24:33 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000003c0)=0x10000, 0xffff) [ 2725.684857] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2725.686370] EXT4-fs (loop4): group descriptors corrupted! [ 2725.688787] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2725.746725] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:24:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 47) 01:24:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x700000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2725.792192] EXT4-fs (loop6): Unrecognized mount option "trans=virtio" or missing value 01:24:34 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffffffffff7f, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:24:34 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) 01:24:34 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000201200cd61"], 0x38}}, 0x0) [ 2725.946011] FAULT_INJECTION: forcing a failure. [ 2725.946011] name failslab, interval 1, probability 0, space 0, times 0 [ 2725.948078] CPU: 1 PID: 13225 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2725.949112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2725.950423] Call Trace: [ 2725.950882] dump_stack+0x107/0x167 [ 2725.951582] should_fail.cold+0x5/0xa [ 2725.952152] ? create_object.isra.0+0x3a/0xa20 [ 2725.952842] should_failslab+0x5/0x20 [ 2725.953412] kmem_cache_alloc+0x5b/0x310 [ 2725.954021] create_object.isra.0+0x3a/0xa20 [ 2725.954800] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2725.955713] kmem_cache_alloc_node+0x169/0x330 [ 2725.956401] __alloc_skb+0x6d/0x5b0 [ 2725.956962] __ip_append_data+0x2930/0x3310 [ 2725.957619] ? raw_destroy+0x30/0x30 [ 2725.958236] ? ip_finish_output+0x330/0x330 [ 2725.959017] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2725.959883] ? memcpy+0x39/0x60 [ 2725.960381] ? raw_destroy+0x30/0x30 [ 2725.960941] ip_append_data+0x114/0x1a0 [ 2725.961547] raw_sendmsg+0xaa6/0x29d0 [ 2725.962177] ? dst_output+0x170/0x170 [ 2725.962841] ? __lock_acquire+0x1657/0x5b00 [ 2725.963656] ? perf_trace_lock+0xac/0x490 [ 2725.964273] ? SOFTIRQ_verbose+0x10/0x10 [ 2725.964892] ? __lockdep_reset_lock+0x180/0x180 [ 2725.965591] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2725.966451] ? find_held_lock+0x2c/0x110 [ 2725.967182] ? trace_hardirqs_on+0x5b/0x180 [ 2725.967843] ? dst_output+0x170/0x170 [ 2725.968407] inet_sendmsg+0x11d/0x140 [ 2725.968977] ? inet_send_prepare+0x540/0x540 [ 2725.969626] __sock_sendmsg+0x13c/0x190 [ 2725.970269] ____sys_sendmsg+0x334/0x870 [ 2725.971002] ? sock_write_iter+0x3d0/0x3d0 [ 2725.971750] ? do_recvmmsg+0x6d0/0x6d0 [ 2725.972327] ? perf_trace_lock+0xac/0x490 [ 2725.972958] ? __lockdep_reset_lock+0x180/0x180 [ 2725.973643] ? perf_trace_lock+0xac/0x490 [ 2725.974265] ___sys_sendmsg+0xf3/0x170 [ 2725.974847] ? sendmsg_copy_msghdr+0x160/0x160 [ 2725.975532] ? lock_downgrade+0x6d0/0x6d0 [ 2725.976156] ? lock_downgrade+0x6d0/0x6d0 [ 2725.976788] ? __fget_files+0x296/0x4c0 [ 2725.977395] ? __fget_light+0xea/0x290 [ 2725.977991] __sys_sendmmsg+0x195/0x470 [ 2725.978592] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2725.979236] ? lock_downgrade+0x6d0/0x6d0 [ 2725.979880] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2725.980597] ? wait_for_completion_io+0x270/0x270 [ 2725.981315] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2725.982125] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2725.982939] ? rcu_read_lock_any_held+0x75/0xa0 [ 2725.983631] ? __traceiter_irq_enable+0xc0/0xc0 [ 2725.984321] ? fput_many+0x2f/0x1a0 [ 2725.984887] ? trace_rcu_dyntick+0x2f/0x170 [ 2725.985543] __x64_sys_sendmmsg+0x99/0x100 [ 2725.986171] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2725.986933] do_syscall_64+0x33/0x40 [ 2725.987487] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2725.988246] RIP: 0033:0x7fe4a84d7b19 [ 2725.988810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2725.991485] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2725.992608] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2725.993662] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2725.994712] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2725.995760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2725.996818] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:24:34 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x800000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2726.050867] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2726.052628] EXT4-fs (loop4): group descriptors corrupted! 01:24:34 executing program 1: syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) 01:24:34 executing program 7: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x21800, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2000, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40000, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40005, 0x5}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000f7ffffff00000000000000000800000000000000ff000000000000000000000001000000000000000000000000000000000000000000000000000000ff0f000002000000370000000000000001800000000000000900000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000170316f39f19420af9f90a63463621e7a37556f13aa02ff265a615b68387686a3910b6a549985157c4e17b71e9d56286eeb01af7e04e51430603b61045"]) write(r2, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x48a503, 0x0) execve(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000500)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='cgroup2\x00', &(0x7f0000000400)='&/(+\x00', &(0x7f0000000440)='cgroup2\x00', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='\xe7\x00'], &(0x7f0000000580)=[&(0x7f0000000540)='\\{,\x00']) mount$cgroup2(0x0, &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000280), 0x11000, 0x0) write$binfmt_aout(r3, &(0x7f0000000a80)={{0x107, 0x4, 0x73, 0x273, 0x3d0, 0x65, 0x1f8, 0x9}, "ad30f5a42d5ff550b6adc9c11229fec25a1afef40b24810c8f3ec75c30b5e894c71b1ecf868096d66e760eb263ba691d2abb44f99262d9b19a572be892e9549ccc74c5617d70d85d0e5c81606152fd8f7864992462e1af7a047d1ea5da3d", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x77e) r4 = dup2(r0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r4, 0x80086601, &(0x7f0000000340)) write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[], 0x10) openat(0xffffffffffffffff, &(0x7f0000000300)='./file0/file0\x00', 0x650483, 0x120) sendfile(r1, 0xffffffffffffffff, 0x0, 0x20d315) r5 = syz_open_dev$tty1(0xc, 0x4, 0x3) signalfd(r5, &(0x7f00000001c0)={[0x3]}, 0x8) 01:24:34 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xdc183db00000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:24:34 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="b80600201200cd61"], 0x38}}, 0x0) 01:24:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 48) 01:24:51 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) r1 = gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0302}}}, 0x14) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYBLOB="49c69f832eaf3a5bb010e82f080000003000"]) r4 = pidfd_open(r1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r6, r5) futimesat(r5, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={{0x0, 0xea60}}) dup2(r3, r4) 01:24:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280), 0x2095824, 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00') 01:24:51 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:24:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe00000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:24:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000300)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)="956f437a178b", 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000380)={0x53, 0xfc187de8f7c4ba4e, 0x6c, 0xfd, @scatter={0x1, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/223, 0xdf}]}, &(0x7f0000000180)="c8ca878de6854d140db38fcada95f66f3d9c5b6881da0f003c80f6ad5faf11deddb63054b595b33339f983010218f9abfcd9a1ab85c146d537fd25ef18b73e32bfb10a87e0f04643cdd2600dc3258d506a5d938a785e013f8aecb1abb8e75b16d8012911531593ec5c3133f1", &(0x7f0000000240)=""/16, 0x5, 0x30033, 0xffffffffffffffff, &(0x7f0000000280)}) 01:24:51 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="00f0ff7f1200cd61"], 0x38}}, 0x0) 01:24:51 executing program 1: syz_emit_ethernet(0x0, 0x0, 0x0) [ 2743.646691] FAULT_INJECTION: forcing a failure. [ 2743.646691] name failslab, interval 1, probability 0, space 0, times 0 [ 2743.647932] CPU: 1 PID: 13261 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2743.648669] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2743.649558] Call Trace: [ 2743.649845] dump_stack+0x107/0x167 [ 2743.650232] should_fail.cold+0x5/0xa [ 2743.650649] should_failslab+0x5/0x20 [ 2743.651064] __kmalloc_node_track_caller+0x74/0x3b0 [ 2743.651589] ? __ip_append_data+0x2930/0x3310 [ 2743.652185] __alloc_skb+0xb1/0x5b0 [ 2743.652578] __ip_append_data+0x2930/0x3310 [ 2743.653167] ? raw_destroy+0x30/0x30 [ 2743.653684] ? ip_finish_output+0x330/0x330 [ 2743.654136] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2743.654665] ? memcpy+0x39/0x60 [ 2743.655020] ? raw_destroy+0x30/0x30 [ 2743.655412] ip_append_data+0x114/0x1a0 [ 2743.655846] raw_sendmsg+0xaa6/0x29d0 [ 2743.656259] ? dst_output+0x170/0x170 [ 2743.656662] ? __lock_acquire+0x1657/0x5b00 [ 2743.657136] ? perf_trace_lock+0xac/0x490 [ 2743.657562] ? SOFTIRQ_verbose+0x10/0x10 [ 2743.658048] ? __lockdep_reset_lock+0x180/0x180 [ 2743.658602] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2743.659259] ? find_held_lock+0x2c/0x110 [ 2743.659758] ? trace_hardirqs_on+0x5b/0x180 [ 2743.660208] ? dst_output+0x170/0x170 [ 2743.660607] inet_sendmsg+0x11d/0x140 [ 2743.661013] ? inet_send_prepare+0x540/0x540 [ 2743.661468] __sock_sendmsg+0x13c/0x190 [ 2743.661883] ____sys_sendmsg+0x334/0x870 [ 2743.662319] ? sock_write_iter+0x3d0/0x3d0 [ 2743.662758] ? do_recvmmsg+0x6d0/0x6d0 [ 2743.663164] ? perf_trace_lock+0xac/0x490 [ 2743.663601] ? __lockdep_reset_lock+0x180/0x180 [ 2743.664083] ? perf_trace_lock+0xac/0x490 [ 2743.664521] ___sys_sendmsg+0xf3/0x170 [ 2743.664929] ? sendmsg_copy_msghdr+0x160/0x160 [ 2743.665417] ? lock_downgrade+0x6d0/0x6d0 [ 2743.665940] ? lock_downgrade+0x6d0/0x6d0 [ 2743.666425] ? __fget_files+0x296/0x4c0 [ 2743.666905] ? __fget_light+0xea/0x290 [ 2743.667421] __sys_sendmmsg+0x195/0x470 [ 2743.667902] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2743.668347] ? lock_downgrade+0x6d0/0x6d0 [ 2743.668794] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2743.669312] ? wait_for_completion_io+0x270/0x270 [ 2743.669805] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2743.670364] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2743.670927] ? rcu_read_lock_any_held+0x75/0xa0 [ 2743.671405] ? __traceiter_irq_enable+0xc0/0xc0 [ 2743.671879] ? fput_many+0x2f/0x1a0 [ 2743.672257] ? trace_rcu_dyntick+0x2f/0x170 [ 2743.672715] __x64_sys_sendmmsg+0x99/0x100 [ 2743.673159] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2743.673687] do_syscall_64+0x33/0x40 [ 2743.674072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2743.674697] RIP: 0033:0x7fe4a84d7b19 [ 2743.675115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2743.677127] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2743.677911] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2743.678649] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2743.679376] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2743.680099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2743.680821] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2743.705310] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2743.713978] ata1.00: invalid cdb length 6 01:24:51 executing program 1: syz_emit_ethernet(0x0, 0x0, 0x0) 01:24:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 49) [ 2743.756053] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2743.769359] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2743.770577] EXT4-fs (loop4): group descriptors corrupted! 01:24:52 executing program 6: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0)={0x0, 0x0}) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0x2]}, 0x8) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x81, 0x1, 0x1f, 0x60, 0x0, 0xc3, 0x2084, 0xe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x7, 0x800, 0x8, 0x9, 0x2, 0xe553, 0x0, 0x0, 0x0, 0x3}, r0, 0x3, r1, 0x8) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r3, r2) write$binfmt_elf64(r3, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0xc0, 0x9, 0x84, 0x4, 0x5, 0x3, 0x3b, 0x3, 0xfb, 0x40, 0x356, 0x1f, 0x2, 0x38, 0x2, 0x778c, 0x4, 0x8}, [{0x5, 0x5, 0x1ff, 0x9, 0x6, 0x100000000, 0x5, 0x1}, {0x4, 0x3, 0x0, 0x4, 0x40, 0x9, 0xffffffffd863c436, 0x1}], "32aaa4ac2e65724294b95c9acaabf9df2d196cb6e9705ccd0fe819aac4702304848d883e91777f8b3d92cc09d39036e00f61d4b55242eb8121831eb2a04178b625094a9e2dcc7d36ba7fcddc1939f4068ecfd8de1f9d641942e836e4c5b7092f0566a8b7d66d8be91e585e61781b582eb3b7da2bb40d8249106e2776ae139ee46c4e3b8d0f8b5da8196325786d6bd5529f6abfa35752b296a457ea3f1afedb2e8c13d7b0bebf076ed9a8a0453467ea96ad7febe1ebd498dc97db655dde440dee37e9b5174da2f0d99956d17e41d36546b68d831f6c4480f7be4d9f71dc6805d2fc0cc53f07b898f6c3eb32db11b65c56908b166a879aca7e961085aac334c2", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x9af) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) r4 = syz_open_dev$sg(&(0x7f0000000c80), 0x3, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r4, 0xf50f, 0x0) 01:24:52 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="effdffff1200cd61"], 0x38}}, 0x0) 01:24:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x1802000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2743.866691] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2743.867954] EXT4-fs (loop4): group descriptors corrupted! 01:24:52 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2743.920068] FAULT_INJECTION: forcing a failure. [ 2743.920068] name failslab, interval 1, probability 0, space 0, times 0 [ 2743.921143] CPU: 1 PID: 13286 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2743.921754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2743.922479] Call Trace: [ 2743.922717] dump_stack+0x107/0x167 [ 2743.923042] should_fail.cold+0x5/0xa [ 2743.923505] ? create_object.isra.0+0x3a/0xa20 [ 2743.923909] should_failslab+0x5/0x20 [ 2743.924307] kmem_cache_alloc+0x5b/0x310 [ 2743.924748] create_object.isra.0+0x3a/0xa20 [ 2743.925200] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2743.925651] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2743.926094] ? __ip_append_data+0x2930/0x3310 [ 2743.926497] __alloc_skb+0xb1/0x5b0 [ 2743.926918] __ip_append_data+0x2930/0x3310 [ 2743.927303] ? raw_destroy+0x30/0x30 [ 2743.927708] ? ip_finish_output+0x330/0x330 [ 2743.928177] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2743.928657] ? memcpy+0x39/0x60 [ 2743.928949] ? raw_destroy+0x30/0x30 [ 2743.929279] ip_append_data+0x114/0x1a0 [ 2743.929636] raw_sendmsg+0xaa6/0x29d0 [ 2743.929983] ? dst_output+0x170/0x170 [ 2743.930321] ? __lock_acquire+0x1657/0x5b00 [ 2743.930712] ? perf_trace_lock+0xac/0x490 [ 2743.931071] ? SOFTIRQ_verbose+0x10/0x10 [ 2743.931430] ? __lockdep_reset_lock+0x180/0x180 [ 2743.931843] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2743.932284] ? find_held_lock+0x2c/0x110 [ 2743.932654] ? trace_hardirqs_on+0x5b/0x180 [ 2743.933040] ? dst_output+0x170/0x170 [ 2743.933379] inet_sendmsg+0x11d/0x140 [ 2743.933713] ? inet_send_prepare+0x540/0x540 [ 2743.934099] __sock_sendmsg+0x13c/0x190 [ 2743.934447] ____sys_sendmsg+0x334/0x870 [ 2743.934804] ? sock_write_iter+0x3d0/0x3d0 [ 2743.935173] ? do_recvmmsg+0x6d0/0x6d0 [ 2743.935514] ? perf_trace_lock+0xac/0x490 [ 2743.935881] ? __lockdep_reset_lock+0x180/0x180 [ 2743.936283] ? perf_trace_lock+0xac/0x490 [ 2743.936648] ___sys_sendmsg+0xf3/0x170 [ 2743.936999] ? sendmsg_copy_msghdr+0x160/0x160 [ 2743.937400] ? lock_downgrade+0x6d0/0x6d0 [ 2743.937768] ? lock_downgrade+0x6d0/0x6d0 [ 2743.938140] ? __fget_files+0x296/0x4c0 [ 2743.938502] ? __fget_light+0xea/0x290 [ 2743.938847] __sys_sendmmsg+0x195/0x470 [ 2743.939203] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2743.939573] ? lock_downgrade+0x6d0/0x6d0 [ 2743.939951] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2743.940368] ? wait_for_completion_io+0x270/0x270 [ 2743.940780] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2743.941258] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2743.941737] ? rcu_read_lock_any_held+0x75/0xa0 [ 2743.942142] ? __traceiter_irq_enable+0xc0/0xc0 [ 2743.942545] ? fput_many+0x2f/0x1a0 [ 2743.942864] ? trace_rcu_dyntick+0x2f/0x170 [ 2743.943246] __x64_sys_sendmmsg+0x99/0x100 [ 2743.943614] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2743.944057] do_syscall_64+0x33/0x40 [ 2743.944378] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2743.944819] RIP: 0033:0x7fe4a84d7b19 [ 2743.945171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2743.946989] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2743.947658] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2743.948343] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2743.949123] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2743.949758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2743.950406] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2743.977890] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2743.987533] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2744.111612] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2744.200935] ata1.00: invalid cdb length 6 01:25:11 executing program 1: syz_emit_ethernet(0x0, 0x0, 0x0) 01:25:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 50) 01:25:11 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, r0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000000080)="0210002fa50000d603c24832c9513fb47964d6371a7ef30800", 0x19, 0x7fff}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYBLOB="218aafa207bece83141b4c253021bd5cc4615d43c5c142968f0431e7788936be3b120bc4b6f0425898f6d6f7969582bab65e91d5cfeef5e9f216235789e5921f8e65d335362a1b2cbdf97bcae76faaf30b3680506778de35f705a02eafb27803b4ab496352788249a241c79b957a5c6c0396787dc948dc9913693244d370127d4cd4560388225036fc97eefd4ddac32e9d2353ec2de5546d51d9ebb03677", @ANYBLOB="50dca82daef2332e1eb80d87e80d21003d54316acf6050e2b7369d0ded1109ba759802a61e41583f3f2ed787088871a576a03fd2c78057af553b4cb5d1e4ad453a6b7f612f5934", @ANYRESOCT=0x0, @ANYRESHEX=r1, @ANYRES64, @ANYRESDEC=r0]) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) statx(r1, &(0x7f0000000500)='./file0\x00', 0x400, 0x1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f00000003c0)="df23757b5970a6e343dcde15090b45e84036c199404fd5ce2b971899e6b00da4c31661a2a0a06b2e336c1b05c6992855b8719b83128f261e7d082aeca53cfcf6e4f3ef1cfccf9387119a63cbb5aadf97eff6ffe423544f5c3c811ae2cc36767c094b86753271c607cb35", 0x6a, 0x1}, {&(0x7f0000000440)="e0d9952a743494a4c958fc80abf02ecf424c6c6b87d9e8adebedaea6e290a7dbe015ec537b7f8233a46cac7a803dde05675b0d70c14165747ae60789963815a4a51e9c7ca99d73d1f171005e543fd17d351ca73ff3f131ebf6bf65ecddd604c0f431e0bb09ba3aad99f23771c4cdbea2fc0093c8f0483c2f07424b771cdea0d8859f16da7f01a14c6f376f564d80827c0cc27d", 0x93, 0x101}], 0x2c81, &(0x7f0000000640)={[{@iocharset={'iocharset', 0x3d, 'cp949'}}, {@numtail}], [{@fowner_eq={'fowner', 0x3d, 0xee00}}, {@permit_directio}, {@euid_lt={'euid<', r2}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}]}) 01:25:11 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000000f00cd61"], 0x38}}, 0x0) 01:25:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4000000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:25:11 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:25:11 executing program 7: sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x17}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x4880) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r2, r1) signalfd4(r1, &(0x7f0000000080)={[0x9]}, 0x8, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffffff9) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000640)) fallocate(r3, 0x0, 0x0, 0x1000002) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r3, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x5d, &(0x7f00000000c0)=[{&(0x7f0000000540)="4290542dbaca53ec017dfb5bf808a37882eaf24f71cb79c7b5cdba56d19e5806a691778b59774fba4d90e37b830fdd5da059dc5bf3fa9c239cdbf5218a7493fa1df744f2997d52f2a23a19fa8e0c0cb0cff28241437f371e455d0c1c1be37bf0ec1578d4c42d5dbc5c723aaaaa2598be9eb82bc367b3831003d75e505397478a0b47b2a68257d69cdb9b6ff175fdd638042698f355b25f03b884bf877a54dd8f6e4cb6407cf0e5eb82ed09b05b0bbbf71bcffa933b4f554d0f704b9f780ea38877", 0xc1}], 0x1}, 0x4044041) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380), 0xc, &(0x7f0000000440)={0x0}}, 0x20000800) 01:25:11 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) r1 = gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) kcmp(0x0, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = gettid() pidfd_open(r3, 0x0) r4 = gettid() pidfd_open(r4, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103000, 0x0) finit_module(r5, 0x0, 0x0) kcmp(r3, r4, 0x5, r2, r5) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x101000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x150, 0x1f, 0x800, 0x70bd2b, 0x25dfdbfc, {0x2}, [@generic="b8ec0918c4822e49e3422cc3423f22e7b6116c39ff7d0fa2820c15b6fd310f737a5b9234ee936d9ed7fff32c38064d486f8e1559994f368153e8d7a8064a8e9458e8b094e3020a02919f6c7185f7ecf1bfc34642ef7f1673b85d534c210e8a4ef4c2eba53a09e71083ab2cc55704a8b0db9ac129f7618ece632764bdc0d70fc51fbaaab43c72795cb27904ab14f67043c0a2c8a9661786", @nested={0x19, 0x50, 0x0, 0x1, [@generic="7a9ced80471162fbbb", @typed={0xc, 0x13, 0x0, 0x0, @u64=0x8}]}, @typed={0x8, 0x14, 0x0, 0x0, @uid}, @typed={0x14, 0x21, 0x0, 0x0, @ipv6=@loopback}, @nested={0xc, 0x2b, 0x0, 0x1, [@typed={0x8, 0x8f, 0x0, 0x0, @pid}]}, @typed={0x8, 0x59, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x7, 0x0, 0x0, @u64=0x8}, @generic, @typed={0x8, 0x79, 0x0, 0x0, @pid}, @nested={0x41, 0x91, 0x0, 0x1, [@typed={0x8, 0x41, 0x0, 0x0, @u32=0x7fffffff}, @typed={0x8, 0x70, 0x0, 0x0, @pid=r1}, @generic="03a865613fe143a8b8df8c951aa4c2d975e8a21b6f9de0023616f9e6bd4059e2dc3a09426b", @typed={0x8, 0x7, 0x0, 0x0, @pid=r4}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x4000040}, 0x44040) socket$inet_icmp(0x2, 0x2, 0x1) [ 2763.401883] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15 sclass=netlink_xfrm_socket pid=13322 comm=syz-executor.2 [ 2763.413885] FAULT_INJECTION: forcing a failure. [ 2763.413885] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.415234] CPU: 0 PID: 13321 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2763.415944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.416795] Call Trace: [ 2763.417081] dump_stack+0x107/0x167 [ 2763.417471] should_fail.cold+0x5/0xa [ 2763.417870] ? create_object.isra.0+0x3a/0xa20 [ 2763.418352] should_failslab+0x5/0x20 [ 2763.418750] kmem_cache_alloc+0x5b/0x310 [ 2763.419175] create_object.isra.0+0x3a/0xa20 [ 2763.419628] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2763.420160] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2763.420687] ? __ip_append_data+0x2930/0x3310 [ 2763.421160] __alloc_skb+0xb1/0x5b0 [ 2763.421553] __ip_append_data+0x2930/0x3310 [ 2763.422015] ? raw_destroy+0x30/0x30 [ 2763.422414] ? ip_finish_output+0x330/0x330 [ 2763.422862] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2763.423391] ? memcpy+0x39/0x60 [ 2763.423738] ? raw_destroy+0x30/0x30 [ 2763.424124] ip_append_data+0x114/0x1a0 [ 2763.424545] raw_sendmsg+0xaa6/0x29d0 [ 2763.424952] ? dst_output+0x170/0x170 [ 2763.425361] ? __lock_acquire+0x1657/0x5b00 [ 2763.425822] ? perf_trace_lock+0xac/0x490 [ 2763.426250] ? SOFTIRQ_verbose+0x10/0x10 [ 2763.426679] ? __lockdep_reset_lock+0x180/0x180 [ 2763.427168] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2763.427699] ? find_held_lock+0x2c/0x110 [ 2763.428131] ? trace_hardirqs_on+0x5b/0x180 [ 2763.428579] ? dst_output+0x170/0x170 [ 2763.428974] inet_sendmsg+0x11d/0x140 [ 2763.429374] ? inet_send_prepare+0x540/0x540 [ 2763.429831] __sock_sendmsg+0x13c/0x190 [ 2763.430241] ____sys_sendmsg+0x334/0x870 [ 2763.430662] ? sock_write_iter+0x3d0/0x3d0 [ 2763.431095] ? do_recvmmsg+0x6d0/0x6d0 [ 2763.431494] ? perf_trace_lock+0xac/0x490 [ 2763.431927] ? __lockdep_reset_lock+0x180/0x180 [ 2763.432408] ? perf_trace_lock+0xac/0x490 [ 2763.432841] ___sys_sendmsg+0xf3/0x170 [ 2763.433258] ? sendmsg_copy_msghdr+0x160/0x160 [ 2763.433733] ? lock_downgrade+0x6d0/0x6d0 [ 2763.434173] ? __fget_files+0x296/0x4c0 [ 2763.434593] ? __fget_light+0xea/0x290 [ 2763.435003] __sys_sendmmsg+0x195/0x470 [ 2763.435420] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2763.435864] ? lock_downgrade+0x6d0/0x6d0 [ 2763.436299] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2763.436820] ? perf_trace_preemptirq_template+0x266/0x400 [ 2763.437394] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2763.437960] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2763.438521] ? __traceiter_irq_enable+0xc0/0xc0 [ 2763.438999] ? fput_many+0x2f/0x1a0 [ 2763.439378] ? trace_rcu_dyntick+0x2f/0x170 [ 2763.439835] __x64_sys_sendmmsg+0x99/0x100 [ 2763.440273] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2763.440795] do_syscall_64+0x33/0x40 [ 2763.441179] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2763.441707] RIP: 0033:0x7fe4a84d7b19 [ 2763.442091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.443942] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2763.444720] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2763.445448] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2763.446176] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2763.446900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2763.447624] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2763.455363] EXT4-fs (loop6): Unrecognized mount option "" or missing value [ 2763.457986] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15 sclass=netlink_xfrm_socket pid=13327 comm=syz-executor.2 [ 2763.472102] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) 01:25:11 executing program 1: syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) [ 2763.512127] Module has invalid ELF structures [ 2763.557565] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2763.565816] EXT4-fs (loop6): Unrecognized mount option "" or missing value 01:25:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4002000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:25:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 51) 01:25:11 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001000cd61"], 0x38}}, 0x0) 01:25:11 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:25:11 executing program 1: syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x38, 0x3a, 0x0, @empty, @mcast2, {[@fragment={0x2b, 0x0, 0x1, 0x0, 0x0, 0x2, 0x65}], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) 01:25:11 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESHEX, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX, @ANYRES64=r0, @ANYRESOCT=0x0, @ANYRES64=r0, @ANYRESDEC=r0], 0x1278) writev(r0, &(0x7f0000000700)=[{&(0x7f00000001c0)="c8f63988fb210e3211cc4c59d259219b58", 0x11}], 0x1) 01:25:11 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r1, r0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = dup2(r3, r2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYRESDEC=r4]) r5 = syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000280)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{&(0x7f00000002c0)="f994d01d6dba5c3a84bfe14ce4", 0xd, 0x800}, {&(0x7f0000000300)="af4bd5e2914dea4883c53936fca8bcfc4fa135e96b93e1df4a19618a0118d540767de7197c40dfa9e0a32f4e997129290cc480fa4508d512823e1a8d479c0d166b5d53a638bd79441855efea3e25c24a3c99d051299cbf62dc8ee7dbc4f496326d3db0b209f87d66cbbee576bed8425bc08e1e63a53598fb2d7ee354e54eef4521cf71cd4158132c8dab9503c8324224a7e9793579d259a43fbc321898243e0a9bbc9fba35653715c8faec717e4612d1a9f211050c37a33b0dfcb5dbf5ac8f4676b10f3b700306d475a92fc03c68f52da205a15735e887a5ab6021e5acf6a9c500883567608f6fc3", 0xe8, 0x6}], 0x80000, &(0x7f0000000440)=ANY=[@ANYBLOB='*,smackfsdef=ext2\x00,uid=', @ANYRESDEC=0x0, @ANYBLOB="cc6bd49364fcd9af620000007573000000002c736d61636b66736861743d2f6465762f7663736123002c726f6f74636f6e746578743d726f6f742c646f6e745f686173682c00"]) sendfile(r5, 0xffffffffffffffff, &(0x7f00000004c0)=0x800, 0x8) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105143, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = dup2(r7, r6) ioctl$FS_IOC_FSGETXATTR(r8, 0x801c581f, &(0x7f0000000080)={0x80000001, 0x1, 0x7, 0x8f, 0x8000}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2ba181, 0x0) sendfile(r9, r8, 0x0, 0x7ffffff9) r10 = syz_open_dev$vcsa(&(0x7f0000000140), 0xffffffff, 0x100) openat(r10, &(0x7f0000000180)='./file2\x00', 0x802c1, 0x140) openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x470042, 0xa0) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) [ 2763.711233] FAULT_INJECTION: forcing a failure. [ 2763.711233] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.713196] CPU: 1 PID: 13347 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2763.714198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.715364] Call Trace: [ 2763.715752] dump_stack+0x107/0x167 [ 2763.716277] should_fail.cold+0x5/0xa [ 2763.716825] ? __alloc_skb+0x6d/0x5b0 [ 2763.717382] should_failslab+0x5/0x20 [ 2763.717929] kmem_cache_alloc_node+0x55/0x330 [ 2763.718580] __alloc_skb+0x6d/0x5b0 [ 2763.719108] __ip_append_data+0x2930/0x3310 [ 2763.719735] ? raw_destroy+0x30/0x30 [ 2763.720283] ? ip_finish_output+0x330/0x330 [ 2763.720905] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2763.721643] ? memcpy+0x39/0x60 [ 2763.722124] ? raw_destroy+0x30/0x30 [ 2763.722649] ip_append_data+0x114/0x1a0 [ 2763.723235] raw_sendmsg+0xaa6/0x29d0 [ 2763.723799] ? dst_output+0x170/0x170 [ 2763.724348] ? __lock_acquire+0x1657/0x5b00 [ 2763.724984] ? perf_trace_lock+0xac/0x490 [ 2763.725594] ? SOFTIRQ_verbose+0x10/0x10 [ 2763.726179] ? __lockdep_reset_lock+0x180/0x180 [ 2763.726854] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2763.727590] ? find_held_lock+0x2c/0x110 [ 2763.728349] ? trace_hardirqs_on+0x5b/0x180 [ 2763.729168] ? dst_output+0x170/0x170 [ 2763.729773] inet_sendmsg+0x11d/0x140 [ 2763.730432] ? inet_send_prepare+0x540/0x540 [ 2763.731304] __sock_sendmsg+0x13c/0x190 [ 2763.731892] ____sys_sendmsg+0x334/0x870 [ 2763.732666] ? sock_write_iter+0x3d0/0x3d0 [ 2763.733406] ? do_recvmmsg+0x6d0/0x6d0 [ 2763.733968] ? perf_trace_lock+0xac/0x490 [ 2763.734766] ? __lockdep_reset_lock+0x180/0x180 [ 2763.735565] ? perf_trace_lock+0xac/0x490 [ 2763.736169] ___sys_sendmsg+0xf3/0x170 [ 2763.736728] ? sendmsg_copy_msghdr+0x160/0x160 [ 2763.737397] ? lock_downgrade+0x6d0/0x6d0 [ 2763.738004] ? lock_downgrade+0x6d0/0x6d0 [ 2763.738609] ? __fget_files+0x296/0x4c0 [ 2763.739199] ? __fget_light+0xea/0x290 [ 2763.739773] __sys_sendmmsg+0x195/0x470 [ 2763.740358] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2763.740978] ? lock_downgrade+0x6d0/0x6d0 [ 2763.741602] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2763.742297] ? wait_for_completion_io+0x270/0x270 [ 2763.742970] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2763.743757] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2763.744542] ? rcu_read_lock_any_held+0x75/0xa0 [ 2763.745204] ? __traceiter_irq_enable+0xc0/0xc0 [ 2763.745877] ? fput_many+0x2f/0x1a0 [ 2763.746407] ? trace_rcu_dyntick+0x2f/0x170 [ 2763.747033] __x64_sys_sendmmsg+0x99/0x100 [ 2763.747641] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2763.748359] do_syscall_64+0x33/0x40 [ 2763.748895] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2763.749637] RIP: 0033:0x7fe4a84d7b19 [ 2763.750168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.752751] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2763.753834] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2763.754841] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2763.755848] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2763.756856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2763.757871] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:25:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x4eabee3e00000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2763.854404] EXT4-fs (loop6): Unrecognized mount option "0x0000000000000003ÿÿÿÿ00000000000000000005" or missing value [ 2763.860657] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2763.891959] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) 01:25:12 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380000001100cd61"], 0x38}}, 0x0) 01:25:12 executing program 1: syz_emit_ethernet(0x6a, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x2e, 0x0, @empty, @private0}}}}}}}, 0x0) 01:25:12 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 2763.937759] EXT4-fs (loop6): Unrecognized mount option "0x0000000000000003ÿÿÿÿ00000000000000000005" or missing value [ 2764.021751] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2764.029149] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2764.082816] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2764.107592] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) 01:25:31 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 52) 01:25:31 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x8c3, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000400)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345}, 0x5) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r5, r4) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x0, @fd=r4, 0x2, 0x2, 0x40, 0x1, 0x1}, 0x9) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x1, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x1c6, 0x0, 0x0, 0x0, 0x0) read$hidraw(0xffffffffffffffff, 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = dup2(r7, 0xffffffffffffffff) r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r9, r8, 0x0, 0x7ffffff9) ftruncate(r8, 0x3) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) 01:25:31 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000ebffeeff"]) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) ioprio_set$pid(0x1, r1, 0x4000) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:25:31 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:25:31 executing program 6: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) getdents64(r0, &(0x7f0000000140)=""/126, 0x7e) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) readlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)=""/237, 0xed) 01:25:31 executing program 1: syz_emit_ethernet(0x6a, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x0, 0x0, @empty, @private0}}}}}}}, 0x0) 01:25:31 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380200001200cd61"], 0x38}}, 0x0) 01:25:31 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x5400000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2783.246773] FAULT_INJECTION: forcing a failure. [ 2783.246773] name failslab, interval 1, probability 0, space 0, times 0 [ 2783.249108] CPU: 0 PID: 13390 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2783.250444] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2783.252025] Call Trace: [ 2783.252544] dump_stack+0x107/0x167 [ 2783.253244] should_fail.cold+0x5/0xa [ 2783.254000] should_failslab+0x5/0x20 [ 2783.254735] __kmalloc_node_track_caller+0x74/0x3b0 [ 2783.255695] ? __ip_append_data+0x2930/0x3310 [ 2783.256570] __alloc_skb+0xb1/0x5b0 [ 2783.257283] __ip_append_data+0x2930/0x3310 [ 2783.258088] ? raw_destroy+0x30/0x30 [ 2783.258700] ? ip_finish_output+0x330/0x330 [ 2783.259399] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2783.260212] ? memcpy+0x39/0x60 [ 2783.260747] ? raw_destroy+0x30/0x30 [ 2783.261350] ip_append_data+0x114/0x1a0 [ 2783.262014] raw_sendmsg+0xaa6/0x29d0 [ 2783.262643] ? dst_output+0x170/0x170 [ 2783.263255] ? __lock_acquire+0x1657/0x5b00 [ 2783.263968] ? perf_trace_lock+0xac/0x490 [ 2783.264634] ? SOFTIRQ_verbose+0x10/0x10 [ 2783.265289] ? __lockdep_reset_lock+0x180/0x180 [ 2783.266056] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2783.266884] ? find_held_lock+0x2c/0x110 [ 2783.267557] ? trace_hardirqs_on+0x5b/0x180 [ 2783.268254] ? dst_output+0x170/0x170 [ 2783.268871] inet_sendmsg+0x11d/0x140 [ 2783.269491] ? inet_send_prepare+0x540/0x540 [ 2783.270204] __sock_sendmsg+0x13c/0x190 [ 2783.270847] ____sys_sendmsg+0x334/0x870 [ 2783.271502] ? sock_write_iter+0x3d0/0x3d0 [ 2783.272177] ? do_recvmmsg+0x6d0/0x6d0 [ 2783.272938] ? perf_trace_lock+0xac/0x490 [ 2783.273622] ? __lockdep_reset_lock+0x180/0x180 [ 2783.274356] ? perf_trace_lock+0xac/0x490 [ 2783.275023] ___sys_sendmsg+0xf3/0x170 [ 2783.275647] ? sendmsg_copy_msghdr+0x160/0x160 [ 2783.276384] ? lock_downgrade+0x6d0/0x6d0 [ 2783.277061] ? __fget_files+0x296/0x4c0 [ 2783.277720] ? __fget_light+0xea/0x290 [ 2783.278345] __sys_sendmmsg+0x195/0x470 [ 2783.278987] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2783.279674] ? lock_downgrade+0x6d0/0x6d0 [ 2783.280344] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2783.281149] ? perf_trace_preemptirq_template+0x266/0x400 [ 2783.282036] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2783.282928] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2783.283840] ? __traceiter_irq_enable+0xc0/0xc0 [ 2783.284596] ? fput_many+0x2f/0x1a0 [ 2783.285216] ? trace_rcu_dyntick+0x2f/0x170 [ 2783.285931] __x64_sys_sendmmsg+0x99/0x100 [ 2783.286619] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2783.287456] do_syscall_64+0x33/0x40 [ 2783.288067] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2783.288882] RIP: 0033:0x7fe4a84d7b19 [ 2783.289520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2783.292466] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2783.293719] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2783.294875] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2783.296042] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2783.297201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2783.298372] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 01:25:31 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x6200000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2783.332765] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2783.341965] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2783.359602] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue [ 2783.389376] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) 01:25:50 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x50102}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) gettid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)=ANY=[@ANYBLOB="0000d0ffeeff"]) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_TIMEOUT_REMOVE, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x8007, @fd_index, 0x100, &(0x7f0000000800)=[{&(0x7f0000000040)=""/59, 0x3b}, {&(0x7f0000000280)=""/123, 0x7b}, {&(0x7f0000000300)=""/218, 0xda}, {&(0x7f0000000500)=""/248, 0xf8}, {&(0x7f0000000080)=""/22, 0x16}, {&(0x7f0000000400)=""/97, 0x61}, {&(0x7f0000000600)=""/177, 0xb1}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f00000001c0)=""/14, 0xe}, {&(0x7f0000000740)=""/177, 0xb1}], 0xa, 0x0, 0x1}, 0x1) memfd_create(&(0x7f0000000100)='$$*/\x00', 0x2) r5 = accept4(r0, &(0x7f0000000900)=@in={0x2, 0x0, @multicast1}, &(0x7f0000000980)=0x80, 0x80800) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000001b40)=@IORING_OP_WRITEV={0x2, 0x1, 0x2000, @fd=r5, 0x3, &(0x7f0000001b00)=[{&(0x7f00000009c0)="c92df90d308419e24c2076b1a009529295e733b93b6763d2816910898fb71c2f21c0f6a26ed54269f6e3c2930502418f4e5d5be804959181cad4e6d8f8783d9d99a5d6f6f59b0626d38774eeb679a981f89d01387ece5053e917512b2f101c37d98cb952e4214ba331efc9dd7e02ce91728f88f0ea83c114b1ed9587467a269940d9acd32784f8", 0x87}, {&(0x7f0000000a80)="1cd162e474c424f2e76f7a60e04d504bd42f7f7abdb0febbc1735d326a296cfe46a1ccaab310eb922c260ff0fa62defe365abbf99adf376393c2017df5ce43bfd6fd1bad0b9d51f86979e33ebac34bee2a7471ae17421417e32bf7072c2c9908509dfb98277226a5e9003d4281717a6387c45398d7283bbe361cf7b3083b7e6d2480e1f97f57202d020302c51b7ef597ef5eb99ebd51e8997fe929ad057d6041da114041d87ebc6008c0d294b3fde363c87eaceb85fee3af0b174e2e58758852eabf3e565122e7787b570a5a36607bab9571323bb6b8a1156081f04d80335c470f6086ed6c30cab31ddbb5c699dbf5a6594c9d8853fdc0d0751206b484853c262936290f7b2e79448e35a4d41f9cc09d7bf92a07038f6566ca40d1d3530413c6483ee5a0940edba716fbed1603547780813a3ad7e3bb3975709b5b41f343ecb4de1df10680224a8241e3df2b4176a3784575445a4b4c08894280c0b845ac0836af65b812290cdfee4d382475b343284369e51aacecb5e021a6f7505ef3b541ef6cb59d1b8277c432abd56332ad5b7ec853b273efedbf7c05af227f586431880fba23f075331e44cba306519462c1b6dae0cdb64fd915d5b6272c93c7d15a7d78bda10a322f13e38b67b6ccfe60d7148c69b8f6d6de1a4fe185abdb243d8381f25d367b85cd4c9fd4cf9be95320019d6dd09f18a31c8ef1c1558cb1f83090bfb8395f4edf18a15b1bb97aa797364f5a22ff21ae66ac15d4503b84d1aafaf323348c3273d489fb2d679f490f21263c1b64f2774e02d86d9a95fafa1d38ba3543415dff3d0969564ac1665b1e1c56a530813c259818a0c1fcf6556967d83378a6c04aa75ab91f6f3eeff8bce0a10696f8dd662ee076c328c8a162aa6b8f9f1f426ee43690cdbdd8470c48b6e74bc0d1b4774a27af37fbbadb58f4ad525901f11b54c66e607e8d3fb7e67e93613a1cb020b2832cd207b7483527f69a0e7dc0fbc90677db66dec100babeb6656f14384bbd043c113ae25b6ad219a85e6ad43adf44380c4bb1762dfe4852e48771f7a2321b705017d439d7b6e61ebef849eed18142777e11e0f121d8eef982272164f514f38736e64ad4ddfc50673308a8ff0dbfa144e13d780089938d4fa845de070a759fb8a6bf6d2a8c2a108ee88f978f5582842bc57965bb33a320b871afc1b613afdb9d8dfa8890062927c0d46d10a3a292cc5ab86534144719058a2cf93d8774f31522b975af5d4884d60930ca8f33a5195d401b4ccf74849fd0de9d50c16fe3179fc3a91f0e7388f74eb8a8a3f7db8ead8693943c2e2f5a453c1c3bd4d893d0a56960ca0bc9abca96c8f9663f4ba6e625e7cf173c3ffc14973783601b10c1c1e93e33ec92885394a22161b506c362ca793b29b9da2dbc59209c7def0c911730b8a898eb803b9f35aa04f77564e0d5292a41d594418c07571b8189250f8cabb0885b23453461b906f68e162615eff2be738cb029411979e8c187b81dff0608d7214b0bfcd813561ad97413fa83691b8b8c67fcef22453a762cffdf29d2e3b791f3ef55cadd1c81492464764522a8f246d26715fcdcd9a0326144e03a7b0446f2fcb5cc7c67cce1291b6a400ffda3377a9728a2542d4a385876eb76533fecb570c17e4fb86a4ea7e11f34cad9ba887ba42758fdc3e72977cad3b8b413c7bf4e80bf2fc2b82c54cef0563c9285a3ad0c0b7765b40724c4e91b0986c1b647e1523cdf024efef8b30225dc38992eccaaafe10357236a7c5f452bdbae69179d5184347ef08551681228773579912a416593084b0d6e064bffc8deed90838ad69efc8649dcc501664843508d437824348d4da67a8fd3feab1323bac1b4457b952a273e7c77c9c2642374e3bada301788d440e71c5a5856ae4e4055632b599a6b7a0c4ea6fcb813c35b1cf15c4abdd873c1b538d46b6e67abcf3e5a371ee79d67869e06395a9efb46b0b79c83c877e8e27b120593409609f4675575b76a1286ee05aead1950cf61c257d6636904d405eacf4238f4ec43c91d25814b02d8a57a9b719c2b80c4e5f74b782fa1f1948c22236a62e14d19e828ed409ce8f6e0688bc22b210021991f29b7820d6df212b68c457b876b9a1f1e9acd6c38a1f5bbd6eaef3b8dc681c6014379f0e83c7994570d0f78e032bb1185c17f986c6db351b56603d5363872abd779d0f7c95fa7e7f7c3d67d85216d18f40240625cda8710a49334f64e36e5ad7c6586fea7c5db226a4b3ff8f4a179a631a3ef207d958037ca3ca89f04f98fb445d8914d84eb5a5aa1bd7a41a3378f7b90f99fcbb33772e670cc651e713e93f7b0a2c865d534e94e44fc8c59451193ea84df14c09878243be677efeb5334519e3c6f1d4b822fe9cb6596ef09903a14163ff1a6fccd0262492ea7e9a161362849b720e69f6ea6b0781dc8228db86f9295c0c1d1ecaa91e5d2ce08276a5c5e9619954ff4cf6ab75236f0662ffaa5b929c4ee4d73f0db83596865f679fbeb48e9e9d888e9754d57d5bf9591726bdfb41f7e8ae86cf1babbf52ea71ecd5df99f617dcab1164e89c2aa46d7581310e1ad9e27b3fc3db912d3e5699e3fa528ba6424bc16edb543873913213f703ee4d7518e0818f8c5cc298374453a089dc42d7391fff899b51898b20e12620ba23ca84f06febb90d75a2c727bdde5775b77c7ed14557df742e21b417beb0aa459b2c5ebcd67f65bb6ec1f96e92ec9da27b498c2885dade80389a4535354526f4b30d26f8ea9f4eabd5ea0e55a4366d011fb583737cd29034dc3ed2a4d2022a1689eda36a196b062f024faa6c49716844ec094f2c93191077288892d5a5dbbb1843970f09e2c238ab74944222265bcde6bdea7bf09f825b0a44a5345882e6e50c6bc34df342cb3f5ad6ac04f2f7b3a30020f965f780476d5609c92ac508251cb882f3f47b849a5b8f2b3367fa312d29a8335100346bd506a7f4b2705e59bf5e3ba2c9454844256e459ede47df4e90b2faccbab5918904b91e9ad08a317cb5249807df6e88517c1773222864c04c37966e1d8741bfbde778c87a1b9d45a73a1bcf5e19935050857be599fbda3521f7f3e9aa7e9aa9949cc7c5a5db1fbb9547a09d21c551268ba019c09801f248b1d91fb0e50296223d38286384249fa40fb00e112b532e8b3c8c7c8cf01fb6010beec87c0d9dd6e2d523978c8c658e3f40894a2de94d128dc4d11a6c70a01ad6841d5aa9dd76dc18edb9b41d53a782eed88fbace8fc18bcd549eaccad724db68fb6d557f127f25c29eb4d99951c1170c84d435cbdba7e29f539c647c20b2d787f1f8b7835e58dd5614e999a875d6a89b69378019429ee39c7350ac45a5bce816d4b926fdfa6757d3e5cca3f59a645ba3d897a7e9a8b7fcad8a278b882a469fed2bfe920a77a1d58664fc9d8c5bce43092db1c8c76c3851242aedab5469a749e3df8b246e5af45bdf21cf50d01e1d8d0c49190bd2372f978b3b142924884e02640f35c18ceff8fe7116053b7b5a1322e37ed293337b79f2f60df6459e065b5c5d826735c58daa2463d31bf0aabea42764c1b62463a85c5aad523aeef65e85c4212bee3bb5777565a858a3614306b5e5402bbb021db7047fb6a83c6599f761fd37153590ca840334f89ff4c378f9b9d9bd7b1583df6cc5d93f3d94e3dbe8fc3d507ded2921d52ac485a864038d04b3888d63ad00fb1a6d52c0284d951e3cb7f8dee7371e4df3ce9f732ede5af0faea057b0dc9b582b1485a9aaf15278aa1af6743677ba7c8d31ebf8ce4e78d9541550b981238b724fe6c1d5a20c08bb8bfc3b874264769fc287c6ccd093195a006d9f5a3a33dc6d737903c90048014ffae65ecdbad0c03c89cecb1108ff432b3f5128f7f1933cdd96c4e814fed2d886d93bed36f1b0530a0bacd39b0ed86bebfb9a390f387ae2693df210a74f95ef19a9698e9496cc59fdee23305ef4a2a0084c16e316968dc8b5d7ac89be1487263f944f90e97193b7bf7104d26acfec0aff9ce97060cf72346bc1db28e71851c81c398afbad59c4381817d33a8be62c5216031773b8de9c81b126ef7a89966b2d0843d1f9a1c9abe56ee71e6764089ec5ae8b5cfa6d16ea2059e0f8f8bf411cb992215c652f0e85348d801d71af95f88be795bb8abec27ad378370b5ae13294963ae4828dcfd80d9bc157ddbb23243ba68f19f685f21bbb650bc9b0c08e01db5874b5cfef0da6cda2bb13e8f74125ca875af63fa09c57344e5ac80998a4b381b7c6cfa950fab7dbb3e457b31d4f64c7aa9e42be6b7f120e3dcacd90be154ae98db18670397607ebc0c81882af02c445a2f1fb82395225268a7c70e79ce3103734e98c2d3c2409f2a596b567949a1f683fdbe0c77dc8d69bc7ee771134324a3346ea6451ae498643ce8d4563226618d75b73067b0148c8bc0a729edd7e10af941bb7ff60598676c157d8287c4a0013cc7f5d74a126fc5d7acdc0de2e1ad1e7cff86524ab306bc16ff6c89a144882be8e54492ebef83ce066c32b59deb16488e43549775891929c940cf1cae453b46872cc67861d0a640aa91d4d672d0abea7fd8d8a5b988374668c9f4547b2a8f37be78a672256269fea4126cdd09992a23378433274ecb4d71311b1dc8cb40266f22b5b0cdb2062d11e424d03cb1989bf5b6c83359a7e46ade488aeff51945d8fa963438e1f26cb74aae35934411c4caf4ac5959dd85a50f323e663144b3cf8a5e25362743ab4252eb746d03c5b9e7b926df7ef1817cefd6f782aa5d29a4aad420bb51f42859d60e7c369ac0b7f550b72fc07f005dd9510971522baf996ce3b73b2509c68cee277ef133f772f85b13b5e883a0b14ad058a979014393fc5b099eabef1ce944e950b00ddf6dab8a4c3fb60d386aa8dd3296c5100197fdafe946a9790dbfa3960eb10702f1d4532e0456ee91f957b0f387fbed410ef17046cce91135c6dac18e75506995e86e6803d3f71e90f357aacc4888534251ecea7eb4148289abe60d8eeffab7651e789e9e7e69534fb89653f8e69ef3bdeba03a5e0863caefb01fc9c2b207161694a9477af12225f6a01d7f95e0e3371414c9f6c1d395e727ad2208bdd79f6a72871412c1de3e0ab27991a311d8bafdc096b2b28ef78eddf5a189631d7824e107db5f573635960f72b9866a6b2be1468d38431c48e2f57d0b89ff9eb8717e735be9f9f2ae032b14caae73929950b0680e2b9d52d96194c5ac7c716ecdb2acd61325702b050f9e3e31e05dc33e5fdde9143ac841f1bc62a13372ffab109d572350e0b8b1eb77da4192bac92f99ab971873286f66daf2a4581b69ff2f0b15f7b1b4eddb0f53386a078e254d3d1c317c1c809554f809586c13077647fa86bbcc4669be84928859ca5d00cd007d7317f92480a5dd854cd3b9afda6c8f0eb5c98cdfae4fc076ad2eb44e4ac888c5735af95d7ee088fdb2958059e46f568fa4f84ae1eb3671a6f05b0db91eabe059578915009b9d94ecde01f49d2d782a5f651805dce1e576ef6417937484cde4e31b01d3032992bb54707c1e9095a6f2786cc7e32be4b2cb873e1dadfa2964d3cd146d80b0b1b22b3ea66d9d8949f0c5c74deba39bec7b2f531cb12acb952b6df2dbad99a458cd82a9dfbfd3bee993e4761d146e5a1fbefb703752738261b2834d746196c8758c80422ecf3f05769c81461dc11a984c6a9b67b1fea89cdbcc1b3a0f53bf60c2f881c75a6cc715f6ab1e82166ce179fbee30df34490e695b621f253d2d80ec5801bc348bcef3435ac070a68c241efc1665090b8993c25ba9222d8", 0x1000}, {&(0x7f0000001a80)="6dddeafc00733864fea15258a073ad3c49f35ed589cd1a9b4115d3", 0x1b}, {&(0x7f0000001ac0)="82d5b9d33c820f05b14dd876504a96f3952308a1f043c335b37653455b3cc2345f41bb3c8822fd4f7c7e27324a", 0x2d}], 0x4, 0xf3ae7a7a844bb83e, 0x1, {0x3, r6}}, 0x4a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x9}, @tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x3}, 0x1}}, @llc={0x1a, 0x103, 0x4, 0x5, 0x3, 0xe2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x3, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='veth0_to_batadv\x00', 0x4, 0x71c7, 0x9}) sendmmsg(r0, &(0x7f0000001040), 0x3fffffffffffdca, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 01:25:50 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:25:50 executing program 1: syz_emit_ethernet(0x6a, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x0, 0x0, @empty, @private0}}}}}}}, 0x0) (fail_nth: 1) 01:25:50 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getdents64(r0, &(0x7f0000000280)=""/226, 0xe2) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) sendfile(r4, r3, 0x0, 0x7ffffff9) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000340), 0x26dc0, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r5, 0x40046210, &(0x7f0000000380)=0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r5, 0x40089416, &(0x7f00000005c0)=r6) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000380)={{r3}, r6, 0xc, @unused=[0x8, 0x6, 0x40000000000, 0x3], @name="e7e4bfc8e5cb2c37a12d87dee09b79fc75cbb9a6eccf3ce4e5adf9e55d8a3b69d5c041e84e2b1b8189cf37c6a6407ad008f65a776af17ca114aa66f8ec7025c4808d078d82cc5c4f196de3c3fb5d762648c0c1c2542c589dfbbabe1d26f19ca795abb84456b5b77bdf676530205221f3221422de848f50840a3e02698446e2b3dd695c96f6e951d778196528dd1889776792dbd61b54ef19fdd4eceefa15ec14a4f59fad321630824b0856dc14c9edbfef649cc387d3769d52dafa048bd4ed6769bdfa4130bebd518a924e61a65a4ef558ac83b989987061b5b57bb17ed60c225c44a2d4de9b4886ea987886ad38a7d85587b1b1c424cdf17d8accc11ebebd3c177448d0b65f956bb787fca14b535b8d94790a7d0b79dca3c08171fee3f2b826917216b8c24157660e00923daa69e48a16465356134f074b809c828cc876e5c91fa562547bd03ecd8e2b56b2fe88e3e56c1f910f37cb39f4b79039f41dba9b29a94ea3a33e0ccafc7bdb6af86f2b45cac2b8463389ec25eb77460512b63a1f655e1348b5544cbd6102e2ab8aca788340015e0b0afe225d0d573139c2d163cb565e7c3ec32e63577e598c163bd47649993483c2db683385c3b31e2088a8233ef545ec23bc532e72016a892e4efd5eb6a88197e4ebe35b156765255bdb34be32db340b0c761be8a768990adc0416377f46a45852a5cefa5fa59d04ce2a048c6857f6f7e3f878bb5e6590882dd5b3ce85310ae43772c5e9996717ae053ccb52e575f4b3ad74ea3d3538b085c3651e48c8768035d51ae9ccee916a6cf65a730af7a6f12dbf1490d215a0a6980ca79c435c608ff714a4111b3b786dd77dc63fe3abcbc92ce777db6403db213f6f1a8f97b711f462f490737bf1afaa75c1c883ab951b8b03a0945fa46eaebaaf0dac53310b285cb88ab3a7d0edd20c69db97faf03d04ce09ec8dd65b72767a3bf53420488a13161f3e93f08600523917aa3c2c701edf44edc719901faf642b194e41daca16600967cba84ba4b27c406cf3b394df119411de2ddad535338e81ca4d38f3bd36996e10e227cb0b01a53c86f8d719024b233c440585bcff7caaaef3e1e2f3f14b57bc92ba6acbee59b13f8b8db9a9a136eeef04256730833a23fa660fac971a473d21786d360c5b9eeaed2c36423b2a6b24ba230ab3b53253d92ae3f2a4921be34d2ea2df84385ec3932b735a2a655a7f73d4d7c7cb03a786f3ff6978c9199a713f44d4aaf3f1b707c45c933d530d48bd49830b1bb7d2cae1ffb03cb26b326836ab62de59b4e366f0ee4a3d3cd52338fa2acdbf0c0584e59e7cfd631bd91fded6aa2360182459104f2907b42f12efbc713361bac37ca0ba837c2ea4101a68723ae0978b205106b60b27ab312b057bfa2f7473521d1ff50905b55febf6bd2c182012f31de82cfd32438ac0ba8c1f9cbe139515acd3108a22895a3253c2cc4d629c7fa7ff206eb841c330c8ce7c890531e69143df4f0e993ef0c33b6eda8a17604ab885d3f009c346ea9f485641446ac9f57c492def881eb4c338f4c9304c79bb71107c0dc8d8ad14d7f0ddf80df730fa72d944119b574097c3541b58480ef9eb8c8a570b4a8db49c0f9da105a6441bfe1065f3f148943026efb74920f85c9bd5be3e7f59250583c15b4c6ca79626752a0e27d922f2ea86f906968657e4d8197f998921e2631e21c05e0b537a295bbdcba99fd60bd8f3885deb706977cfbfa9a7cd6696564a36f8916a2df1f06c93c5fd8ec6e338207ff67464c6d6b8dd7e3687238c2dfe05c4f0e3db121e3b83f1ae691cef1bdfabbe886fa9bec5b5efad6726d22ab5533fc3968b75c271dc90ee3d6c42e06d6e18b18e67a6ee49171057531c92f0f90f889bb24cbb30302e216f6928f55b96b3aec53ff6d56b69968e3502a163638c2b55ba941f59ffbfeda1494fc5dead54829284d82abf85e4bedb00e97c522f6bfe7c6646994803e0a811f2af30d97b8f7d727a10eebf0a04b1b13d5e633c32de602755efcf11dde38062348707f97961890cda37d79a862f5f4b294158773dcab9a62b484a8c310ae0814a3399f26d61e9ad67c5a7b35e75cc4342f62e0bed7480fec9ab8f214704a6cadc0867f05171b20e1d00d9911a6aa35b9ffbfca9f0a43ded03e5e662af03138e00b730b1f04b39048aaa8e5fd8753a14a3cf84134050340304cfd899b172f5c8de69d85a34e478d0e07d1907a46681f7f861784cda6c8dbf1e67998e511f751d8b5283910642172e7da4b8021b1c27ec4d878a3be8797ee0abf882819526f6b52bf416377810603bdfdd1e7a8b5281b9efaceb4585ac74f04ac69b5a87546048e132d00d960fbb0d15a5375d8371ba322853f9e85f4e7f8735c0fb8e086045f61c0754df8560cde94609b20806a613cddbeff81776862a62baef0ec7787e3c577c24b432bc4e6510e7c20c9ea78a53ee7b35bf244978ab766203d44555631b105f410694fedfbd152ff09b476b67fc0266b2c6a570aa97b792de5c25fdc201c9d1ca0a238212962874fdec7de906e7eca88050bad3d3af57264b089ab2539f95d16e7924ea4b28288c62ba49022842b57185373ff08a2faec871e847f994d315bdf5ef3e30138c0db593cc5f6509fdf353127510be0448db1e607fcb21569f189ab7a47956c8243d691ba240474a15a41c52c640eccc5024d26a52e0ec68e270f75beeccb2f4c5257eb26c89a39f64b89bfdc4c007a59756bf6261678db293299c5048557e13fc45c62c9566f89eef7af8bd6ab76cb0b5887e6562b2c7f3485d1da0cea56bf818af3ae4ae94ab37593d40f876e39dbbcbcc57810b0f7e509b459eab0f3ab3c7eb258751c3de490714596ec27e39725f061204ff01782becc931896dab4007f9b672ee6979e2545d0d2b0b2a4247ed3cb9c271be8a1e87c988321f4172be1bbc81161dcdfe660f7e97e28b007966996b4af2d41b84024da8f31ebdd97688b0a3994dafa20202b29cef7311b99ee0e36d0090f39cf57b627898feab84c4665cf809d386adc058405b6b43e81ecae4c98bcc290c41b453b23c12f30ef5acfa25649c30a2ec72f6476d60dbd170a7c93840b3e48d1841bda918bcf00a1f8ecb031ed315fa78647c84b49ee0b1268b31cefdf4a83e48ad2b8def541a6f0ef5e3c8cdec95659ce0ee0448ad370908e55451e0e96375d53f36e80c803a7010060cf259c8e0718ede8f813883c39998946f89334e21e682dfcc3f8ffd3061c2a2039a40494c1cb707081f3fb9a521818521c6315c7161fd30f26191b48a4fbf5cfe96534da0847d5c32a8dab80467df65bc37c633e31af11254ca2b8ef62392947845568079e26f63f06949ab5ad0847fe632485a2b2b0bc700c5b366c13d1bdd21f37a96748de01ade824a65407efc3e97390b4f2f1e8f4772abe0f13db16143b530f2b3588bc68ab77cf5f1847945359d85541365a28a336b8a1b831dd0c1aed7dcc54d69775977a7c7a60c1003802f4dcf4bfaf276794385d324cd389755a0e2faf33a5dc3e088f475a293716c354fe1af19f1beffb77dcc57e7b8a592f8d5984817066816e15fe2d64cc41c3834d10db18aaf8843d3f66c4114621f14e2ed12828578144d7be9d86a2e0af6eecc7a0fb44fc8c7b27e69cffc689cd746f027f01adfe096550f92dc2abbcff482c6a3fab9611fa422908ddb82442057af771a198322ebba34ded05c5bde85fdb9a2cc07d74c698578e4e88edc337b35c87cc486dfe9ba4994a5ee1c5dd2df72eb7f63cb5dad3c073217fea1a80b7c8481f1bb5954ba226dfd1cf557f142c27d3d2bc8dc207ae487740fc9d7606f13ae5defcde5401fa2c207a48ce6087a8e94d76fa19245dc5540066cd5d9205fa5b895c7e68b45d91f809f36d184e03e67b557623a696ec61c479e78343b318896a267193074464c4993aa71aec53ab8c38a153ac10ed8fcfb9380579f08fb923dcf3bc7ffd42c85a0a900a74f7b21e0f41346a013bc10762eb65dfba776c7be487905e3af43dca1e52d63926d6e17aa9fa5df2c4479d10443566c94467ae8aaf63f0588d3965381429133001f0e130508b9ef43e6a34cd144d23c14aa0feb590fe6bf5ba666472199853c80ed08ce96d99cb74d9e8bb83c5a1b47c5984fae115d2f31477df91eaa4ec1858f4aa77c600fe464e7adf220879e3c5e1071c0837f39e60fd2a30e33a1f3c6f7d8ff32210bc9e433dcd5002d9b4acdcdcfa4529a6f3bccb0b491950cdb50e320204a5824859f23b5d35f1f9795093d0fe7a97d64d27b19179b176a5b211fa70e282fb030230d0fe79cb7b6c959b1eb1ddedd39e0bdd5944bc4119dd3266672edf8ff67af08a3404f6b14cf2026781623432c229fee198c69e6830db04ad3f197e5f01d195b2fb5af55c55f5cce5fe4e5e15fc556d04f329db5c48d90d76d5938cb771cc7adc62e73d6968520020a85642a6c612276251c9cdd566829c4e6914e26ed143df650feb23a6b5ab610e84c04a54fe9706a6d208cde3eb86b99d2b02bd9a2c20a7d05dff5d542375b3d4f7051126accec9db7bf5c7e0030150c42d31a2f6ccc9f087cf288dbd97b5a9c266cabe067dc669c419261f763b5e9e8e4df73bceb012579e1274c137fef4248e383fb1fc2f364a00a2115702db4dab902065a053f9ac0274fb844df7838e43fa993b7d7008f2044d26bfeb582f7d56b1bb990aac4e5b46f52ad03ec56577929676cdec3d11fc654c0390835f65aa93fa7184df5c70d6106a471efa44ff1d4cc92716acc2121a6affd96cedfc90baba5610a5694a6997d195a656c5ec39d8a8b6bedb1d8d373af047d01f673abc20bc1ac0a2cb4a58e41178a6bbdaf9966df577b438df59db5d3866f55e2627d48fc9b3d4cdf7213679310104d4cd1570fbcaef03e4471548a6c01bc0b68c96b95b99dcf827071207ed2f457a70242214c0259de7fe7c43e5826aeef3c4e2e42219cf32262ec98e935724039f8dfff831cf143032ca40b0b991382a8136ec90d9e999009681245c73e5474856e08c2624d3c78f66116cbc6c31af90d5f8ae8edabd9d806a16cb70a219bea290548d4b5af932039e98834fc5e54ef3c026195816232ca0c878d291cf5a46678750d68558eefb37db7fff6722cdfdc1fbb0c070fab13f374a09a997c5244b3bee533859693645d917fe833cd865653ada6297dfc97c3f1fe59e5b03f827b5345cc6c0a43cce983d7cf4e59d6447c5aa3f45141bd4ab1b34913297d12b610033b1eaaa7c1d9165b80232d3e376937e342ad02115fe8e62907280abc8e1b38322f30e2ff4e8c98c32334adddd243f4f711f38459ab4b11e8eb2ca5d4d97c4e76ada276ba89f831854027083b815a9fdf60c6d71db7eeb5c4f32f0546cd161619619ee8b10168dce9005a7a7c11b3dc0b33e1ec09f3775a7e4b1190839865cb97ec963b646348480044b182d39370bedc7c8afdac899f9878ffada5743621d735168816e184c4ab154d07a74f1d8096ae878de63a1c2f47f1b9d7bc3f9133532e95649b843ff3ebbd872b779a289d97171fbd9bb57d6cff8016212aad1981f6a800b19380d575c02a5edc1cb7d005d73c8c4d026364ed0c909b25c41566384b21cb9298a13391164325b3df4b9fb8650e9a0afe74b26d7f7866d6b7d4d7b5839248ae0cc6afe9735117b900dd2f3d20b53425a38dc15a4d44ce4fe8526b145a"}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup2(r8, r7) fchmod(r7, 0x80) 01:25:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x91ffffff00000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:25:50 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 53) 01:25:50 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380300001200cd61"], 0x38}}, 0x0) 01:25:50 executing program 7: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\x00', 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='u', 0x1}], 0x1, 0x100009, 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f000005ed80)=ANY=[@ANYRES64=0x0, @ANYBLOB="ee0c000000000000090000000000000002000000000000000100000000000000fbffffffffffffff080000000000000001010000040000000001000001000000ee00000000009600ffff000000000000bdf9000000000000ffff0000000000002000"/136]) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f000005ee40)={0x0, 0x0, "78089de4ebd9e4b9313b8838f9d9cac873ff2d33f03129fbdbc68186340398a6fa6dd9369c5fb487c86a990a1717588814812f80b07f841df4d91d9fee479c5acc209d5f0d495658dd14c07893968ec855ef6e1aca403476c72b37d49a06330e12b8367397d21ed331d3600764303594ed089f292fead67456712dc454adcb18c1811d4ea252e5543a2f75e9f1bae45f8b3b20c9e3c7675756e01ab94b78d778120e1c0c40d63a2335be082b196465552077c92140c50c8c76eadd30604e9b7259562eaa8fb2ffc16eea48da8f597cb6f63dd1e846799ac8bfcd337dbe7487f31ae29747d3e72c0045a212e8d0aaac0a433e3acee40499840bba3bedaa27c56a", "6494769111f37ab87333feeb125070f5daa359b85606b90378ac4c79ea0bfe260e45f52d6958423abcd272642154437364dd46c4e5d6cfbb1d7d4095c97937f4fa1987fe1c750dd45eafd572158d526bfbf6b28de4024c6fa0f89348a6b6a6f9164a66bf4e48840b746341c68ef89192162890a83e38dcb8cae3f0343f6af6dc4c1f7eea812a3be9b4931b8134eb74cf49250c77ff2e3726614673fd2965626ba9a6a7fc31aa10c6631b8f43d379aba443c00361a254619a24fddfd151fe3bd4f65917ce74b6c12c05e7615a6d2dce5a091ffcdcd61477947b2a862226964a1de1880dfcb4c4ec8cf8b0903724dc520c3e4205a7710efbbf8dae5b9142285d1d2af3e3c279606fe20ae21773f75286a3c4ea01d7640d7d54811f5969bfbf63dddb79b7ea8cb63f1fe413fe7a262de83ae3ba0a5d48e16ed163cbd8dc4359ce953c1a55d119bcd9da89c1bf4614f141229b9381ed7ce6ed99f82ac6ffeb1e2b3756d4da6bbf208a846879c25bbba6e4dae94873629b14ca0a4077fbe7c0fcd2c82e75dc1770a8d1e6d0e23b7948c19a768ccca49cde5a47dbd7fc30754d5489d3dc927c655413efb0b9f8d53b5319d37c35eadb1ec45ce1e5606a4f9e568caf1f3b15dfd69275b468ff553273bf5a9d6503e0308b24e5e38581b2b3791bef4a1dfc5c04511606896186350ee6ae61b61401a8f0645294dfa5d87088094a33f85e4d147c28dd301627d9f213b0b2b9f27f5defff7039633da043597d89cc4e80313377eac3454e5558e3da9b1060fd914b2455147fa959e9bcdd589af19408c5300dcae70ba3eaf356a20e77e21f82949c7a41b3d9dcd3f7c684b18729633295a5b7122492e1f79e60cdf715d84f5b1306dbaf8d307179230331b5f3ad67bacdf31fdf75ddbbdd4f86dcb2db1d3c036f36a5743ac2ee4063ef64107805f280b5948f14cac011eb2fa68aac6f4503a0bf85c98e206168a1828fa84d407cf2fa13eac79ca92a6749685648a230de96e81ec647ccbd1d0e6e2e7f4cf08972deb536ea8482cab1b660cf98199c34e7658fbe934309d3047f4e2ceba8f933384b10cc60baa9a5210f625b43c167b45b82f6d73b1f50751e7c3fcb3b24b8c465afee8de8d875bd7327fa904387a4b3ebb69ba88a512f53c1d8bce3d0826afdc2a6aa1a73d43151c94495e6e26c6e90bfcde7150372127258199fa98005fda0ba0a7c9fbe8f5e042d3a4cb602a89b247e7cead55a90b9e989a05e4b207f2660d598b338ee7f929919e7b09807162f2f19db4ff4b0ad2a3cbebe29afb351b48e1f770b99ac51fa46537ec71aedb023578cf633a25128110147a7fe8527d051ac5a632ed81659a3f9e081f326eb096ba9fc23d6d4fc323bfe453f3153a8cd4489f1da69b04d3b24e42ec6e054fe628769d233792bc3b7291ea80cfe3ba7944912823cee639b26bf6e28176fffe6e47d3586521f8d024a96c76a7ef148bcad10060ae732151351fe27079431a8ca90562c83bf4d5391c80901e2590a8011f53a1ecfda01b8a5e655806ac7621d69069150ab235dbe1c1bc496a35e243bbe52f577daf2c6466218ef3b508830c6837319ae5373fdfbfdad8fce3e9077ecfa5b2625f0cdfc1c08d17b7c2ed7f5b72ffb1b36c0d22afe5c4493124373d16c7660b120c422a180027b9435e0a8b27f51c1c997ada10ba714ee04d42227768e9e9e374dbbbe8cd959634da3e33f465f521ee52afcb57735b3c5e7d46b5aa5f657a1fd1810b6f0caf4dba819b9238eb8305ba961c6f54a9f56c276e6d26e29cfb80fda8c5b52e90ebbd782ea2f943ba4c654048f1623fc732c2a4720d6ca9affa73325fa28816509559ef4c02fb3e747905edeef9df206f85de00f1b3675c2b0f4ba19c80b38f638d81393bbb74329a39aae2a22845e9994fbaeba5a00b8f44dc66339ca9cbcefbe79c5c1e6a506b967fd260750f9d1ca0265b38d0db78f536bea3b377e5d4101e5d4736b02f53920ba749f0f12db8c75876d38253c54ebbbc63999f8dddd6bed9dd38e955c56d959b3d9e4f170eeab37a4f314eeed4f7f5233854f6283a22a41ca3772f2310e6fde79373ac3b6c9a694e66a124cd644428b66df787fbac2afee66b4455f01bc1bf3ad0c87d016f360aba1771e1866d7e2d24109e5e9c9d9d18ef7f15008ca659a89177fdc6767838ff43a36ccd9c9912e19637418005ef244fb13cdd02328a2caf0860813dc221dff55623b909d39ff60078f15d4e8cfca06a3533481c43de116cac0127b24ecfb8564b9ef01323cc7b57ed038e3c0ad5f72c234bbbb1de2716fb7da324399c01cbb49f209108d2c65964e75140e2c12382be7de5364da95a1e8371efc4168bb3eaa9493aede744e5c00ba32b0afbddeecdd451a6dc3b98f04b70825cccbeaa4013b2909b9972438ba7a141706ce5bcc63b4f19abde2503e767f45d5a69efdb5f79f263f78c64030c2865cd8d45e5fb483c6c29db8e68f7bae39f9ba62fbaf3f8dedad4baa4858a2748d88690dbea8953894e0ad1d0c53f80f8a622403d37c976ae479a2e5f5252bf2dc2827b6b72922250f694e9e8470bc08d88d6b825a42fc146a7aaed9b5a58f8248c04727062cedd80dc9493de3aa575c8e1837eabf36aec414a6f915aa6796ac0be683d0ed087f3ee593209171eb62d0035a45243c72d6d05ce6ee5e02dcf4ac0c6e5f0d573dc14182c49f91fdd1bcdf4cdeded3f2fdc9053e2344bf627f100b64992bd9160974f435e26da741992c9185a454e0dad2413d867140c9271dba47f905ce8906958661f1faa3cf7b7eca3e74e2123e0d1f559d2eb7574e4bf007cdc9ea2f11de1d5af6f885fab2e3c93669e340d077e3703b40f84d2fd6dd22e4666a0033545bd98daa7b8a81d93fa4ae7bce40624efe2e96407039d3c20bf9a27761bde87365561ec2acafb015d727349ad0556061796df2c9baf6d361eb5ab4ff933e6ce4021405ab02d02ef438b661ab75f5cdcff81c1f4d83af4068554a82392fd0221cd4880f80530c974a1d75cd303523665f37548c0f331fcaed6b3b7d90e967ce5d249b651bcb6fb4bf822a7ebe9c927773ea795bc097e400302e37d01ce6dcf3b3bbc2c7cfa89258c583a06127d525aca7fd0205f958efd26ed97d61e20f55dc37a18731b4ffbb2dfce70a8e2affd3371222c7b241abe303b35ca7e3608de9f6206a205881840d0abb28e092f004e8e7717a995c058b8c33d8263125372315f08035c15d188512baf28f6c279b6f8fcdfe3e00dac9d4854319fd785f2990e64731a9ca924b320bf6b612496f22bd376387711b4dbee8eb27775508eabaf6a929bfc12ef0b88b58afb9f06609eef84ea1689441a2f2594d7a764cdb2bee33de038b778d55b42e30cc4dbc4e590c9c53d3f5986cf3f4f9f5f18d704867a9595dd91d885a7a9b7881bd4e5e2843551d55ea289f21afd0957948696411adc67fe4ba7d9fd7526889e122e4da85945f351ec7b2ea6a86dc75a2a7022d1a4d6d0e58f59ab07d41ea8d7980435a3b4e653c547a19aa77588e9bee1930d8dbb79b995ee18f50e40935064a74018418862f3e6cbde91d342597a5c8cc6d3b39ebf68a30c2fd7aef8d91e8f833757252c2abdb78f6cb5277ffe38ac6dce20f4ab420a03e18d394c561cbc37854bf97c7b7d30ba2245450ff68c103895942a61916390dec4941a5cc114643e29d0a408c72cdfac7210d2ffc6ee805bb2e8ddcd4cd73ef2ba2fc4122ec1d7dda26ba1bfb56f92f962c02ba0ecec6ee01f2d7475fc6bbc985c7394cb72f9fa3aa0bc9b5a4e338febabf538a7b2335924ce2a9a91227d7948a3aec3da4ccb2a0c46e8120c6bd22bc4cb4b29abf25d618ca49782e5cbfc32f583a9b3bfaead9e80decc578fb4a839074b72dee3c8c740a5766ec7ed7cc38cd0ab19eb4109323fd50ad9c5a569a532d10d2cc09aba5a019067aa33955356d0c321f79ace504ce29fd8e500e9c60c11b36d7c0ff80e8e580ba670df3d434d201b8af9753842bfe9eb7c2c3ed9e74b3f4d7513b9b47070cafc72bb0667b2844bd02c38f75a980ecce0d44822239091b22f45dc3db01d19dd376bbc43c66c396e3eb4756cf8d14f4fbc0adbefa046f3c02bc2ae1fc1bebc0a2c1f424337b25e7e076c7d6cd4d5a00d1e5b80421b78183f22d0c38549a75178aca2261d29f5edae1287980817b33af8d4206d30fb2011f2535f2cf2ee09726ff1b3bbb5c4bb5f001bfd72b3fef735307e41805c688685c17024dd3082eeee4cfd99a5c0edfa4a4e06a92408768d805f6c8a6c414c22dea8db83351bf64e0299d46ba12ae081d1938e78e71a35b142e813ceb5528cdb56a8cd3e50ae332c17a70d100bc6a5b0a6e1911d0873e406b765e01fec248413a71277bd25a0eab12c7ecb8e79a9ea43a0d12d567a120a47c0d5723c8b0c8ecab67b07aece1c39a4025b59a7b80bb0e2f944be5f1d8b36893ba9606eb2e16ff129f0ed9b79acdce719ebad7a3bd08ae25107b1b90bea65de7af38f7808bebea4f318a04cb18d6350e5d8a2b275f1e38f18e703c6fb10566e1b9fa28d562ed446d59a10235a97cf063396abbcfe2a7dd25f04bc83234f11afe140126d557b6b344e4862ec192390eb66255fabb5f648c4332e1de3c998b37cd928fdaa34f01f117a35fa0be1dbbab9d6b51d9714fd73b99c174c8a570f68c1680ed0bc7dad96b2ada65ed9a2930c9322cf9cab419b1e791e4c2c76e2004ce0baa875c9778b7b5de9ae3d13ebfc4cab576cec5ed7c991579077cd91a876aa2cf10179a5542f139f8681ee4a2704dc5459614d2c70206fd5ab799d0f398c6c7696a2244ea891c1bcf4bcb23a5f1599b4e1474fe13de024bd11358be700b1ef9cd10557d9b905c7c6219e7cc562b05ad6a967664a7e607142f0c334d9440c15622dc6acfad499828531382cd004ab3d703b42fb5ec12c9b1db5045e958053791e45ffa1879c9e7171927ac75a92e4fdddba1d5f54a09d2db9a245a4e058edf940e88470dfedc17e50f365fed179033014f585db13b75ef60ccf9cbd8213f98ef5a2aad57ac8101d85bbff76797d3518eb3169c28c623258e5c2b993d18da19a41c391012d07ba11a44a8e7109b774ef3b3db8422b9a5575b59bf057612c6279cd0ab3e7489023fc6ff07bfaf2adaeb4bcb6c56d1ad034a0f52314fac5645cc61f4c7d2ff27efcfbb68e68a7fdad7cb8841d93c220055e5268ae95c9baae332c512ad1572c05c203cbdf98e2a187fb731c0bac83d183a35968975ef4f6d77d082bbc2ba3f156fd3b27bdf87202e57db017cd777e64f6958c7bc9ff874a6b3b246919aba1be40311db51e92afd8426d3a82f9f379dd681780c2794433d344f8c378c1498558136f3210c24292666dbc4edf199b36f6c1d"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000052c00)={0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000053000)={0x376, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}], 0x6, "5c83c9bf8af498"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}], 0xad, "7e9ac7272717f4"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f000005fe40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x7f, "f21e81b72ac3ec"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000060e40)={0xfffffffffffffff9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3, r4}, {r5, r6}], 0x1, "2dda243edb8437"}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2802.351527] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2802.361535] FAULT_INJECTION: forcing a failure. [ 2802.361535] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2802.363465] CPU: 0 PID: 13422 Comm: syz-executor.1 Not tainted 5.10.218 #1 [ 2802.364563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2802.366038] Call Trace: [ 2802.366469] dump_stack+0x107/0x167 [ 2802.367048] should_fail.cold+0x5/0xa [ 2802.367666] __alloc_pages_nodemask+0x182/0x600 [ 2802.368406] ? __lockdep_reset_lock+0x180/0x180 [ 2802.369154] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2802.370137] ? tun_build_skb+0x181/0xfe0 [ 2802.370796] alloc_pages_current+0x187/0x280 [ 2802.371512] skb_page_frag_refill+0x27c/0x490 [ 2802.372240] tun_build_skb+0x1fa/0xfe0 [ 2802.372880] ? mark_lock+0xf5/0x2df0 [ 2802.373484] ? tun_xdp_act+0x6f0/0x6f0 [ 2802.374123] ? __lock_acquire+0xbb1/0x5b00 [ 2802.374828] tun_get_user+0x6c1/0x32f0 [ 2802.375457] ? usage_accumulate+0xf0/0x110 [ 2802.376163] ? tun_build_skb+0xfe0/0xfe0 [ 2802.376826] ? rtl8211b_config_intr+0x10/0x100 [ 2802.377563] ? lock_downgrade+0x6d0/0x6d0 [ 2802.378240] ? perf_trace_lock+0xac/0x490 [ 2802.378905] ? SOFTIRQ_verbose+0x10/0x10 [ 2802.379580] tun_chr_write_iter+0xe1/0x1e0 [ 2802.380265] new_sync_write+0x42c/0x660 [ 2802.380908] ? new_sync_read+0x6f0/0x6f0 [ 2802.381563] ? _cond_resched+0x12/0x80 [ 2802.382202] ? avc_policy_seqno+0x9/0x70 [ 2802.382857] ? selinux_file_permission+0x92/0x520 [ 2802.383638] ? __fget_files+0x296/0x4c0 [ 2802.384295] vfs_write+0x747/0xa70 [ 2802.384874] ksys_write+0x12d/0x260 [ 2802.385463] ? __ia32_sys_read+0xb0/0xb0 [ 2802.386133] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2802.386980] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.387812] do_syscall_64+0x33/0x40 [ 2802.388413] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2802.389245] RIP: 0033:0x7f5d4394c5ff [ 2802.389855] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2802.392773] RSP: 002b:00007f5d40f0f150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2802.393993] RAX: ffffffffffffffda RBX: 00007f5d43aacf60 RCX: 00007f5d4394c5ff [ 2802.395135] RDX: 000000000000006a RSI: 0000000020000140 RDI: 00000000000000f0 [ 2802.396270] RBP: 00007f5d40f0f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.397406] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2802.398547] R13: 00007ffcccb7daff R14: 00007f5d40f0f300 R15: 0000000000022000 [ 2802.413044] FAULT_INJECTION: forcing a failure. [ 2802.413044] name failslab, interval 1, probability 0, space 0, times 0 [ 2802.415055] CPU: 0 PID: 13423 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2802.416220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2802.417544] Call Trace: [ 2802.417979] dump_stack+0x107/0x167 [ 2802.418568] should_fail.cold+0x5/0xa [ 2802.419182] ? create_object.isra.0+0x3a/0xa20 [ 2802.419918] should_failslab+0x5/0x20 [ 2802.420534] kmem_cache_alloc+0x5b/0x310 [ 2802.421199] create_object.isra.0+0x3a/0xa20 [ 2802.421913] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2802.422735] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2802.423549] ? __ip_append_data+0x2930/0x3310 [ 2802.424281] __alloc_skb+0xb1/0x5b0 [ 2802.424876] __ip_append_data+0x2930/0x3310 [ 2802.425586] ? raw_destroy+0x30/0x30 [ 2802.426210] ? ip_finish_output+0x330/0x330 [ 2802.426906] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2802.427721] ? memcpy+0x39/0x60 [ 2802.428258] ? raw_destroy+0x30/0x30 [ 2802.428856] ip_append_data+0x114/0x1a0 [ 2802.429510] raw_sendmsg+0xaa6/0x29d0 [ 2802.430147] ? dst_output+0x170/0x170 [ 2802.430761] ? __lock_acquire+0x1657/0x5b00 [ 2802.431471] ? perf_trace_lock+0xac/0x490 [ 2802.432137] ? SOFTIRQ_verbose+0x10/0x10 [ 2802.432793] ? __lockdep_reset_lock+0x180/0x180 [ 2802.433550] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2802.434368] ? find_held_lock+0x2c/0x110 [ 2802.435040] ? trace_hardirqs_on+0x5b/0x180 [ 2802.435726] ? dst_output+0x170/0x170 [ 2802.436335] inet_sendmsg+0x11d/0x140 [ 2802.436935] ? inet_send_prepare+0x540/0x540 [ 2802.437630] __sock_sendmsg+0x13c/0x190 [ 2802.438277] ____sys_sendmsg+0x334/0x870 [ 2802.438927] ? sock_write_iter+0x3d0/0x3d0 [ 2802.439595] ? do_recvmmsg+0x6d0/0x6d0 [ 2802.440215] ? perf_trace_lock+0xac/0x490 [ 2802.440884] ? __lockdep_reset_lock+0x180/0x180 [ 2802.441627] ? perf_trace_lock+0xac/0x490 [ 2802.442301] ___sys_sendmsg+0xf3/0x170 [ 2802.442922] ? sendmsg_copy_msghdr+0x160/0x160 [ 2802.443660] ? lock_downgrade+0x6d0/0x6d0 [ 2802.444341] ? __fget_files+0x296/0x4c0 [ 2802.444993] ? __fget_light+0xea/0x290 [ 2802.445624] __sys_sendmmsg+0x195/0x470 [ 2802.446271] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2802.446957] ? lock_downgrade+0x6d0/0x6d0 [ 2802.447629] ? perf_trace_run_bpf_submit+0xf4/0x190 [ 2802.448445] ? perf_trace_preemptirq_template+0x266/0x400 [ 2802.449326] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2802.450201] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2802.451075] ? __traceiter_irq_enable+0xc0/0xc0 [ 2802.451812] ? fput_many+0x2f/0x1a0 [ 2802.452397] ? trace_rcu_dyntick+0x2f/0x170 [ 2802.453095] __x64_sys_sendmmsg+0x99/0x100 [ 2802.453773] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.454585] do_syscall_64+0x33/0x40 [ 2802.455177] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2802.455989] RIP: 0033:0x7fe4a84d7b19 [ 2802.456582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2802.459482] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2802.460689] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2802.461831] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2802.462957] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.464084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 01:25:50 executing program 1: syz_emit_ethernet(0x6a, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x0, 0x0, @empty, @private0}}}}}}}, 0x0) (fail_nth: 2) [ 2802.465213] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2802.484329] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2802.510908] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem 01:25:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xe803000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) [ 2802.557737] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue 01:25:50 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf465030000005f0100ffff53ef010001000000d9f400200000000001", 0x49, 0x400}], 0x0, &(0x7f0000000280)=ANY=[]) 01:25:50 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0) (fail_nth: 54) 01:25:50 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="380400001200cd61"], 0x38}}, 0x0) [ 2802.669816] FAULT_INJECTION: forcing a failure. [ 2802.669816] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2802.671620] CPU: 1 PID: 13439 Comm: syz-executor.1 Not tainted 5.10.218 #1 [ 2802.672651] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2802.673876] Call Trace: [ 2802.674282] dump_stack+0x107/0x167 [ 2802.674829] should_fail.cold+0x5/0xa [ 2802.675407] copy_page_from_iter+0x40a/0x900 [ 2802.676070] tun_build_skb+0x2d3/0xfe0 [ 2802.676661] ? tun_xdp_act+0x6f0/0x6f0 [ 2802.677243] ? __lock_acquire+0xbb1/0x5b00 [ 2802.677890] tun_get_user+0x6c1/0x32f0 [ 2802.678471] ? usage_accumulate+0xf0/0x110 [ 2802.679119] ? tun_build_skb+0xfe0/0xfe0 [ 2802.679732] ? rtl8211b_config_intr+0x10/0x100 [ 2802.680408] ? lock_downgrade+0x6d0/0x6d0 [ 2802.681017] ? perf_trace_lock+0xac/0x490 [ 2802.681629] ? SOFTIRQ_verbose+0x10/0x10 [ 2802.682253] tun_chr_write_iter+0xe1/0x1e0 [ 2802.682890] new_sync_write+0x42c/0x660 [ 2802.683481] ? new_sync_read+0x6f0/0x6f0 [ 2802.684083] ? _cond_resched+0x12/0x80 [ 2802.684659] ? avc_policy_seqno+0x9/0x70 [ 2802.685257] ? selinux_file_permission+0x92/0x520 [ 2802.685986] ? __fget_files+0x296/0x4c0 [ 2802.686588] vfs_write+0x747/0xa70 [ 2802.687207] ksys_write+0x12d/0x260 [ 2802.687811] ? __ia32_sys_read+0xb0/0xb0 [ 2802.688407] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2802.689167] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.689935] do_syscall_64+0x33/0x40 [ 2802.690481] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2802.691225] RIP: 0033:0x7f5d4394c5ff [ 2802.691778] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2802.694428] RSP: 002b:00007f5d40f0f150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2802.695529] RAX: ffffffffffffffda RBX: 00007f5d43aacf60 RCX: 00007f5d4394c5ff [ 2802.696568] RDX: 000000000000006a RSI: 0000000020000140 RDI: 00000000000000f0 [ 2802.697599] RBP: 00007f5d40f0f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.698640] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2802.699675] R13: 00007ffcccb7daff R14: 00007f5d40f0f300 R15: 0000000000022000 01:25:51 executing program 1: syz_emit_ethernet(0x6a, &(0x7f0000000140)={@local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "96153f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "550365", 0x0, 0x0, 0x0, @empty, @private0}}}}}}}, 0x0) (fail_nth: 3) 01:25:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0xf401000000000000}}, 0x1c, 0x0}}], 0x1, 0x20000019) 01:25:51 executing program 7: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x30f5, &(0x7f0000000080), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x20801, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r6}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r3, 0x8000000) syz_io_uring_submit(r7, r5, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4000, @fd_index, 0x4, 0x0, 0x0, 0x8}, 0x80000001) io_uring_enter(r3, 0x58ab, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000004200210e000040000000000000000000"], 0x14}}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000340)=""/270, 0x10e}], 0x1, 0x0, 0x2) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @empty}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="0d2e2c4f4b4861777938e37cc6aa5e6317b632ef4fac2ae3a0bfa05063787f5f99462ff96073b36d0dfeec64c8612182a77458d9f01962ccf1fee60a7f2ca8ce21c049939c62508d63a620f81489d3173a184846ac17b880161bbed8d48d64550cd6802e3ba67c054c9fe640e32a3dbec96f8e7a2ed03feaaabb19f38ae4793f9886a30398e821982c8bb6e37ea10c78eb52c2a5ec2880fe0ebf0945ade0ab3646c04d11e50b13cd13972df1ac7cbe8a99950971"], 0xfdef) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb357b87ae67d5b00d5a28eea29113393d0e1c7391515c7ab7c00", 0x2d}, 0x48, 0xffffffffffffffff) perf_event_open(&(0x7f0000000580)={0x0, 0x80, 0x40, 0x3, 0x21, 0x4, 0x0, 0x9, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x1f, 0x3f94}, 0x8, 0x8000, 0x100, 0x2, 0x9, 0x1, 0x401, 0x0, 0x80, 0x0, 0xfff}, 0xffffffffffffffff, 0xa, r1, 0x3) [ 2802.882622] FAULT_INJECTION: forcing a failure. [ 2802.882622] name failslab, interval 1, probability 0, space 0, times 0 [ 2802.884497] CPU: 1 PID: 13451 Comm: syz-executor.0 Not tainted 5.10.218 #1 [ 2802.885511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2802.886719] Call Trace: [ 2802.887119] dump_stack+0x107/0x167 [ 2802.887655] should_fail.cold+0x5/0xa [ 2802.888218] ? create_object.isra.0+0x3a/0xa20 [ 2802.888889] should_failslab+0x5/0x20 [ 2802.889448] kmem_cache_alloc+0x5b/0x310 [ 2802.890059] create_object.isra.0+0x3a/0xa20 [ 2802.890701] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2802.891448] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2802.892188] ? __ip_append_data+0x2930/0x3310 [ 2802.892853] __alloc_skb+0xb1/0x5b0 [ 2802.893392] __ip_append_data+0x2930/0x3310 [ 2802.894053] ? raw_destroy+0x30/0x30 [ 2802.894610] ? ip_finish_output+0x330/0x330 [ 2802.895240] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2802.895970] ? memcpy+0x39/0x60 [ 2802.896455] ? raw_destroy+0x30/0x30 [ 2802.896994] ip_append_data+0x114/0x1a0 [ 2802.897583] raw_sendmsg+0xaa6/0x29d0 [ 2802.898168] ? dst_output+0x170/0x170 [ 2802.898727] ? __lock_acquire+0x1657/0x5b00 [ 2802.899373] ? perf_trace_lock+0xac/0x490 [ 2802.899977] ? SOFTIRQ_verbose+0x10/0x10 [ 2802.900571] ? __lockdep_reset_lock+0x180/0x180 [ 2802.901257] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2802.902009] ? find_held_lock+0x2c/0x110 [ 2802.902618] ? trace_hardirqs_on+0x5b/0x180 [ 2802.903250] ? dst_output+0x170/0x170 [ 2802.903806] inet_sendmsg+0x11d/0x140 [ 2802.904362] ? inet_send_prepare+0x540/0x540 [ 2802.904997] __sock_sendmsg+0x13c/0x190 [ 2802.905577] ____sys_sendmsg+0x334/0x870 [ 2802.906186] ? sock_write_iter+0x3d0/0x3d0 [ 2802.906800] ? do_recvmmsg+0x6d0/0x6d0 [ 2802.907366] ? perf_trace_lock+0xac/0x490 [ 2802.907972] ? __lockdep_reset_lock+0x180/0x180 [ 2802.908648] ? perf_trace_lock+0xac/0x490 [ 2802.909258] ___sys_sendmsg+0xf3/0x170 [ 2802.909835] ? sendmsg_copy_msghdr+0x160/0x160 [ 2802.910517] ? lock_downgrade+0x6d0/0x6d0 [ 2802.911132] ? lock_downgrade+0x6d0/0x6d0 [ 2802.911743] ? __fget_files+0x296/0x4c0 [ 2802.912336] ? __fget_light+0xea/0x290 [ 2802.912920] __sys_sendmmsg+0x195/0x470 [ 2802.913509] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2802.914149] ? lock_downgrade+0x6d0/0x6d0 [ 2802.914772] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2802.915485] ? wait_for_completion_io+0x270/0x270 [ 2802.916180] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2802.916972] ? perf_trace_preemptirq_template+0x26d/0x400 [ 2802.917775] ? rcu_read_lock_any_held+0x75/0xa0 [ 2802.918451] ? __traceiter_irq_enable+0xc0/0xc0 [ 2802.919122] ? fput_many+0x2f/0x1a0 [ 2802.919658] ? trace_rcu_dyntick+0x2f/0x170 [ 2802.920290] __x64_sys_sendmmsg+0x99/0x100 [ 2802.920909] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.921650] do_syscall_64+0x33/0x40 [ 2802.922205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2802.922951] RIP: 0033:0x7fe4a84d7b19 [ 2802.923489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2802.926140] RSP: 002b:00007fe4a5a4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2802.927235] RAX: ffffffffffffffda RBX: 00007fe4a85eaf60 RCX: 00007fe4a84d7b19 [ 2802.928282] RDX: 0000000000000001 RSI: 0000000020002040 RDI: 0000000000000004 [ 2802.929319] RBP: 00007fe4a5a4d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.930366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2802.931400] R13: 00007ffd6d8b960f R14: 00007fe4a5a4d300 R15: 0000000000022000 [ 2802.942009] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2802.999678] EXT4-fs (loop4): bad geometry: block count 128 exceeds size of device (1 blocks) [ 2803.110917] FAULT_INJECTION: forcing a failure. [ 2803.110917] name failslab, interval 1, probability 0, space 0, times 0 [ 2803.112252] CPU: 0 PID: 13458 Comm: syz-executor.1 Not tainted 5.10.218 #1 [ 2803.113033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2803.113992] Call Trace: [ 2803.114308] dump_stack+0x107/0x167 [ 2803.114731] should_fail.cold+0x5/0xa [ 2803.115175] ? __build_skb+0x21/0x60 [ 2803.115607] should_failslab+0x5/0x20 [ 2803.116042] kmem_cache_alloc+0x5b/0x310 [ 2803.116519] __build_skb+0x21/0x60 [ 2803.116929] build_skb+0x1a/0x220 [ 2803.117336] __tun_build_skb+0x2c/0x260 [ 2803.117803] tun_build_skb+0x62c/0xfe0 [ 2803.118256] ? tun_xdp_act+0x6f0/0x6f0 [ 2803.118710] ? __lock_acquire+0xbb1/0x5b00 [ 2803.119205] tun_get_user+0x6c1/0x32f0 [ 2803.119656] ? usage_accumulate+0xf0/0x110 [ 2803.120154] ? tun_build_skb+0xfe0/0xfe0 [ 2803.120632] ? rtl8211b_config_intr+0x10/0x100 [ 2803.121155] ? lock_downgrade+0x6d0/0x6d0 [ 2803.121633] ? perf_trace_lock+0xac/0x490 [ 2803.122109] ? SOFTIRQ_verbose+0x10/0x10 [ 2803.122596] tun_chr_write_iter+0xe1/0x1e0 [ 2803.123079] new_sync_write+0x42c/0x660 [ 2803.123547] ? new_sync_read+0x6f0/0x6f0 [ 2803.124012] ? _cond_resched+0x12/0x80 [ 2803.124469] ? avc_policy_seqno+0x9/0x70 [ 2803.124924] ? selinux_file_permission+0x92/0x520 [ 2803.125490] ? __fget_files+0x296/0x4c0 [ 2803.125971] vfs_write+0x747/0xa70 [ 2803.126383] ksys_write+0x12d/0x260 [ 2803.126798] ? __ia32_sys_read+0xb0/0xb0 [ 2803.127267] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2803.127867] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2803.128463] do_syscall_64+0x33/0x40 [ 2803.128892] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2803.129482] RIP: 0033:0x7f5d4394c5ff [ 2803.129918] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2803.132011] RSP: 002b:00007f5d40f0f150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2803.132882] RAX: ffffffffffffffda RBX: 00007f5d43aacf60 RCX: 00007f5d4394c5ff [ 2803.133681] RDX: 000000000000006a RSI: 0000000020000140 RDI: 00000000000000f0 [ 2803.134489] RBP: 00007f5d40f0f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2803.135288] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2803.136093] R13: 00007ffcccb7daff R14: 00007f5d40f0f300 R15: 0000000000022000 [ 2803.324898] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 2803.341768] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue BUG: leak checking failed VM DIAGNOSIS: 01:25:51 Registers: info registers vcpu 0 RAX=00000721451af534 RBX=0000000000000000 RCX=00000000000006e0 RDX=0000000000000721 RSI=ffff88806ce27980 RDI=00000000000514a6 RBP=ffff88806ce27980 RSP=ffff88806ce09ec8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=00000000000514a6 R13=0000000000000000 R14=ffff88806ce2eab8 R15=0000000000000000 RIP=ffffffff810e06b1 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc4f043e8c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e0c85cda38 CR3=000000004ee70000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=00000000000d0602 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000ff000000000000000000000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000000c0000000b000055e0c85b8f40 XMM06=000055e0c85ac9b00000000b00000006 XMM07=00000000000000000000000000000000 XMM08=000055e0ff00ffff00ff020101020201 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000004 RBX=0000000000000000 RCX=ffffffff8126cb4c RDX=0000000000000002 RSI=0000000000000008 RDI=ffff88804a2f23a9 RBP=ffff88804a2f23aa RSP=ffff88805463f7d8 R8 =0000000000000000 R9 =ffffffff868646f7 R10=fffffbfff0d0c8de R11=0000000000000001 R12=ffff88804a2f1a40 R13=ffff88804a2f2388 R14=0000000000000000 R15=0000000000040000 RIP=ffffffff8126ce92 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc4f043e8c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e0c85cda38 CR3=00000000532ee000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffff00000000ffff0000000000000000 XMM01=00007fc4f09bdc0034706f6f6c2f2e2e XMM02=ffffffffff0f0e0d0c0b0a0908070605 XMM03=0000000000ff0000000000ff000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=000055e0c85b455000000000ffffffff XMM07=00000000000000000000000000000000 XMM08=75253a75252f73252f7665642f007261 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000