0x7f0000000100)=""/174, &(0x7f00000001c0)=0xae) syz_open_dev$vcsa(&(0x7f00000000c0), 0x6, 0x2040) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000040)=@req={0x4, 0x1f, 0x38, 0x81}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) syz_open_dev$vcsa(&(0x7f0000000200), 0x79a5, 0x100) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x6, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x10}, {[@noop]}}}}}) (async) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000240)={r4, 0x1, 0x6}, 0x10) (async) accept4$packet(r0, 0x0, &(0x7f0000000000), 0x80800) (async) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/174, &(0x7f00000001c0)=0xae) (async) syz_open_dev$vcsa(&(0x7f00000000c0), 0x6, 0x2040) (async) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000040)=@req={0x4, 0x1f, 0x38, 0x81}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000200), 0x79a5, 0x100) (async) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x6, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x10}, {[@noop]}}}}}) (async) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000240)={r4, 0x1, 0x6}, 0x10) (async) accept4$packet(r0, 0x0, &(0x7f0000000000), 0x80800) (async) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/174, &(0x7f00000001c0)=0xae) (async) syz_open_dev$vcsa(&(0x7f00000000c0), 0x6, 0x2040) (async) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000040)=@req={0x4, 0x1f, 0x38, 0x81}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(&(0x7f0000000200), 0x79a5, 0x100) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x6, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x10}, {[@noop]}}}}}) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000240)={r4, 0x1, 0x6}, 0x10) accept4$packet(r0, 0x0, &(0x7f0000000000), 0x80800) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/174, &(0x7f00000001c0)=0xae) syz_open_dev$vcsa(&(0x7f00000000c0), 0x6, 0x2040) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000040)=@req={0x4, 0x1f, 0x38, 0x81}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x134, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}, @policy_type={0xa}]}, 0x134}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x134, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}, @policy_type={0xa}]}, 0x134}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x134, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}, @policy_type={0xa}]}, 0x134}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, 0x0, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0xbc) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x6, 0x10001, 0x8a, 0x1ff, 0x5, 0x7, 0x2}, 0x1c) r6 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r7 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000680)=ANY=[@ANYBLOB="740400000000000000714018fba05d032b756e6c3000000000000000000000007035311534ce2b938ab07a78df1d439bf12a4742d78769ca323b786b1b2c643b6ef095dd212426f28a2811e1a1ca75a06154a03bc140bfb66c6d9e88f988558542570d40cb389d7d3e2806fc4c12e45accaaa5f74ab0f906f23f20783659ddc83ff78a1b6ffa7744064206a0e4c5834447c9", @ANYRES32=r8, @ANYBLOB="0040008000000004000000074604001820680000082f9078ff000000000000000404010064644de97890a9b2959492b45294fc6260afa39626e89f5010a181cd8531280f23822bca7fc0d7f75a0bc62b346ab0d23bd7b11624ccb8d855198d1ec980794be986ffcd85ed57bd3dca04e78c0325be20f7d8ada53f26b3c20cb56146c6caec0d8dcd9b3205091c82abe7b86ecb252deef85b2d6fea1e031425b0f272dc484038edd8f5d474d6533b00510544e3b6eadbfd8b8676e8967a29e4e33d7c5fe57226df22ed68af9cc795100eab01c14d05306b5a4474e2d0"]}) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={r8, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000005c0)={0x5, 0x0, [{0x2000, 0x31, &(0x7f0000000140)=""/49}, {0x3000, 0x3b, &(0x7f0000000240)=""/59}, {0x3000, 0x55, &(0x7f00000003c0)=""/85}, {0x4800, 0xd4, &(0x7f0000000440)=""/212}, {0x1, 0x6a, &(0x7f0000000540)=""/106}]}) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40180) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000040)={0x6, 0x155}) setsockopt$packet_int(r1, 0x107, 0x10, &(0x7f0000000000)=0x5, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x128, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) (async) r2 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, 0x0, 0x0) (async) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0xbc) (async) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x6, 0x10001, 0x8a, 0x1ff, 0x5, 0x7, 0x2}, 0x1c) (async) r6 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) r7 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000680)=ANY=[@ANYBLOB="740400000000000000714018fba05d032b756e6c3000000000000000000000007035311534ce2b938ab07a78df1d439bf12a4742d78769ca323b786b1b2c643b6ef095dd212426f28a2811e1a1ca75a06154a03bc140bfb66c6d9e88f988558542570d40cb389d7d3e2806fc4c12e45accaaa5f74ab0f906f23f20783659ddc83ff78a1b6ffa7744064206a0e4c5834447c9", @ANYRES32=r8, @ANYBLOB="0040008000000004000000074604001820680000082f9078ff000000000000000404010064644de97890a9b2959492b45294fc6260afa39626e89f5010a181cd8531280f23822bca7fc0d7f75a0bc62b346ab0d23bd7b11624ccb8d855198d1ec980794be986ffcd85ed57bd3dca04e78c0325be20f7d8ada53f26b3c20cb56146c6caec0d8dcd9b3205091c82abe7b86ecb252deef85b2d6fea1e031425b0f272dc484038edd8f5d474d6533b00510544e3b6eadbfd8b8676e8967a29e4e33d7c5fe57226df22ed68af9cc795100eab01c14d05306b5a4474e2d0"]}) (async) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={r8, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) (async) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000005c0)={0x5, 0x0, [{0x2000, 0x31, &(0x7f0000000140)=""/49}, {0x3000, 0x3b, &(0x7f0000000240)=""/59}, {0x3000, 0x55, &(0x7f00000003c0)=""/85}, {0x4800, 0xd4, &(0x7f0000000440)=""/212}, {0x1, 0x6a, &(0x7f0000000540)=""/106}]}) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40180) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000040)={0x6, 0x155}) (async) setsockopt$packet_int(r1, 0x107, 0x10, &(0x7f0000000000)=0x5, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x120, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}]}, 0x120}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x74, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x12c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @policy_type={0xa}]}, 0x12c}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) (async) r2 = socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, 0x0, 0x0) (async, rerun: 64) r4 = socket$packet(0x11, 0x2, 0x300) (rerun: 64) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0xbc) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x6, 0x10001, 0x8a, 0x1ff, 0x5, 0x7, 0x2}, 0x1c) r6 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async, rerun: 32) r7 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async, rerun: 32) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000680)=ANY=[@ANYBLOB="740400000000000000714018fba05d032b756e6c3000000000000000000000007035311534ce2b938ab07a78df1d439bf12a4742d78769ca323b786b1b2c643b6ef095dd212426f28a2811e1a1ca75a06154a03bc140bfb66c6d9e88f988558542570d40cb389d7d3e2806fc4c12e45accaaa5f74ab0f906f23f20783659ddc83ff78a1b6ffa7744064206a0e4c5834447c9", @ANYRES32=r8, @ANYBLOB="0040008000000004000000074604001820680000082f9078ff000000000000000404010064644de97890a9b2959492b45294fc6260afa39626e89f5010a181cd8531280f23822bca7fc0d7f75a0bc62b346ab0d23bd7b11624ccb8d855198d1ec980794be986ffcd85ed57bd3dca04e78c0325be20f7d8ada53f26b3c20cb56146c6caec0d8dcd9b3205091c82abe7b86ecb252deef85b2d6fea1e031425b0f272dc484038edd8f5d474d6533b00510544e3b6eadbfd8b8676e8967a29e4e33d7c5fe57226df22ed68af9cc795100eab01c14d05306b5a4474e2d0"]}) (async, rerun: 64) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={r8, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) (async, rerun: 64) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000005c0)={0x5, 0x0, [{0x2000, 0x31, &(0x7f0000000140)=""/49}, {0x3000, 0x3b, &(0x7f0000000240)=""/59}, {0x3000, 0x55, &(0x7f00000003c0)=""/85}, {0x4800, 0xd4, &(0x7f0000000440)=""/212}, {0x1, 0x6a, &(0x7f0000000540)=""/106}]}) (async, rerun: 64) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (rerun: 64) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40180) (async) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000040)={0x6, 0x155}) setsockopt$packet_int(r1, 0x107, 0x10, &(0x7f0000000000)=0x5, 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (rerun: 32) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x80, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy_type={0xa}]}, 0x80}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:58 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x20000000) 17:07:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x20000000) 17:07:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:07:59 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x40000) getsockopt$packet_buf(r2, 0x107, 0x7, &(0x7f00000001c0)=""/17, &(0x7f0000000200)=0x11) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000300)={r3, 0x1, 0x6, @local}, 0x10) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', r3, 0x2f, 0x1f, 0x83, 0x4, 0x40, @rand_addr=' \x01\x00', @loopback, 0x20, 0x7800, 0x3, 0xffffbaf8}}) connect$packet(r1, &(0x7f0000000100)={0x11, 0x1b, r4, 0x1, 0x1a, 0x6, @local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r5 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r6 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r7, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r7, 0x4, 0x10, 0x4, 0x72, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x10, 0x7, 0x0, 0x8}}) 17:07:59 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x134, 0x15, 0x0, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@lifetime_val={0x24, 0x9, {0x8, 0x7, 0x5, 0x9}}, @policy={0xac, 0x7, {{@in=@private=0xa010102, @in6=@loopback, 0x4e24, 0x9, 0x4e22, 0x1000, 0xa, 0x60, 0xa0}, {0xff, 0x7, 0x2, 0x5, 0x6, 0x5, 0x2, 0xffff}, {0x6, 0x38c, 0x7, 0x1c4c}, 0x0, 0x6e6bb7, 0x1, 0x0, 0xb0893d2acc6f8d6a, 0x1}}, @tfcpad={0x8, 0x16, 0x4}, @policy_type={0xa}]}, 0x134}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 0: socket$inet(0x2, 0x3, 0x3) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x40000) getsockopt$packet_buf(r2, 0x107, 0x7, &(0x7f00000001c0)=""/17, &(0x7f0000000200)=0x11) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000300)={r3, 0x1, 0x6, @local}, 0x10) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', r3, 0x2f, 0x1f, 0x83, 0x4, 0x40, @rand_addr=' \x01\x00', @loopback, 0x20, 0x7800, 0x3, 0xffffbaf8}}) connect$packet(r1, &(0x7f0000000100)={0x11, 0x1b, r4, 0x1, 0x1a, 0x6, @local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r5 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r6 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r7, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r7, 0x4, 0x10, 0x4, 0x72, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x10, 0x7, 0x0, 0x8}}) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) accept4$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x40000) (async) getsockopt$packet_buf(r2, 0x107, 0x7, &(0x7f00000001c0)=""/17, &(0x7f0000000200)=0x11) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000300)={r3, 0x1, 0x6, @local}, 0x10) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', r3, 0x2f, 0x1f, 0x83, 0x4, 0x40, @rand_addr=' \x01\x00', @loopback, 0x20, 0x7800, 0x3, 0xffffbaf8}}) (async) connect$packet(r1, &(0x7f0000000100)={0x11, 0x1b, r4, 0x1, 0x1a, 0x6, @local}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r7, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r7, 0x4, 0x10, 0x4, 0x72, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x10, 0x7, 0x0, 0x8}}) (async) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 64) r1 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 64) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x40000) getsockopt$packet_buf(r2, 0x107, 0x7, &(0x7f00000001c0)=""/17, &(0x7f0000000200)=0x11) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000300)={r3, 0x1, 0x6, @local}, 0x10) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', r3, 0x2f, 0x1f, 0x83, 0x4, 0x40, @rand_addr=' \x01\x00', @loopback, 0x20, 0x7800, 0x3, 0xffffbaf8}}) connect$packet(r1, &(0x7f0000000100)={0x11, 0x1b, r4, 0x1, 0x1a, 0x6, @local}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) r5 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r6 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r7, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r7, 0x4, 0x10, 0x4, 0x72, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x10, 0x7, 0x0, 0x8}}) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58}, 0x10) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x0, 0x300) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58}, 0x10) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) socket$packet(0x11, 0x0, 0x300) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58}, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) socket$packet(0x11, 0x0, 0x300) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) connect$packet(r0, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0xa0, 0x6, @local}, 0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) connect$packet(r0, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0xa0, 0x6, @local}, 0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) connect$packet(r0, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0xa0, 0x6, @local}, 0x14) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f0000000280)}, 0x10) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) (async) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:07:59 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) connect$packet(r0, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0xa0, 0x6, @local}, 0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) connect$packet(r0, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0xa0, 0x6, @local}, 0x14) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x58, &(0x7f0000000280)}, 0x10) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) (async) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x8, 0x101, 0x9, 0x80000000}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4037550b61357ebc6fe8a731010000", @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e30000000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030001000000080001007063690011000200303030303a30303a31302e30000000000800030003000000080001007063690011000200303030303a30303a31302e30000000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000000"], 0x140}, 0x1, 0x0, 0x0, 0x4044}, 0x20040000) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) 17:07:59 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 17:07:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x8, 0x101, 0x9, 0x80000000}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4037550b61357ebc6fe8a731010000", @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e30000000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030001000000080001007063690011000200303030303a30303a31302e30000000000800030003000000080001007063690011000200303030303a30303a31302e30000000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000000"], 0x140}, 0x1, 0x0, 0x0, 0x4044}, 0x20040000) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x8, 0x101, 0x9, 0x80000000}, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2) (async) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4037550b61357ebc6fe8a731010000", @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e30000000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030001000000080001007063690011000200303030303a30303a31302e30000000000800030003000000080001007063690011000200303030303a30303a31302e30000000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000000"], 0x140}, 0x1, 0x0, 0x0, 0x4044}, 0x20040000) (async) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (async) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:07:59 executing program 0: socket$inet(0x2, 0x3, 0x3) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 5: socket$inet(0x2, 0x3, 0x3) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r1, 0x300, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x6f}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4014004}, 0x40000) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x1}, 0x4) r3 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) setsockopt$packet_int(r3, 0x107, 0x12, &(0x7f00000000c0)=0x2, 0x4) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x4008af23, &(0x7f0000000100)={0x3, 0x2}) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000140)={0x1, 0xfff}) r4 = syz_open_dev$vcsa(&(0x7f00000002c0), 0xad5, 0x80800) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000300)=0xed, 0x4) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x8, 0x101, 0x9, 0x80000000}, 0x10) (async, rerun: 64) r1 = socket$packet(0x11, 0x2, 0x300) (rerun: 64) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x10) (async) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2) (async) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4037550b61357ebc6fe8a731010000", @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e30000000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030001000000080001007063690011000200303030303a30303a31302e30000000000800030003000000080001007063690011000200303030303a30303a31302e30000000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000000"], 0x140}, 0x1, 0x0, 0x0, 0x4044}, 0x20040000) (async) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) (rerun: 64) 17:07:59 executing program 0: socket$inet(0x2, 0x3, 0x3) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) 17:07:59 executing program 5: socket$inet(0x2, 0x3, 0x3) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x8, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:07:59 executing program 2: ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xa) socketpair(0x22, 0x3, 0x2, &(0x7f0000000040)={0xffffffffffffffff}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x408000, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000040), 0x5a) setsockopt$packet_int(r1, 0x107, 0x12, &(0x7f00000000c0)=0x2, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x4}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x1000}, 0x4) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 2: ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) (async) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xa) socketpair(0x22, 0x3, 0x2, &(0x7f0000000040)={0xffffffffffffffff}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x408000, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x4) 17:07:59 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x4}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x1000}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (fail_nth: 1) 17:07:59 executing program 2: ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xa) socketpair(0x22, 0x3, 0x2, &(0x7f0000000040)={0xffffffffffffffff}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x408000, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x4) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f00000000c0)) (async) socket$packet(0x11, 0x2, 0x300) (async) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xa) (async) socketpair(0x22, 0x3, 0x2, &(0x7f0000000040)) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x408000, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x4) (async) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (fail_nth: 1) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) (fail_nth: 1) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:07:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x2, 0x0, 0x0) 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x5, 0x0, 0x0) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x8, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=@getpolicy={0x228, 0x15, 0x300, 0x70bd2a, 0x25dfdbfc, {{@in6=@empty, @in6=@local, 0x4e21, 0x0, 0x4e24, 0x1, 0x2, 0xa0, 0x180, 0x32, 0x0, 0xffffffffffffffff}}, [@lastused={0xc, 0xf, 0x2}, @user_kmaddress={0x2c, 0x13, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@multicast2, 0x0, 0xa}}, @algo_auth_trunc={0xad, 0x14, {{'poly1305-neon\x00'}, 0x308, 0x40, "176ec6aa43d7a0dba60362d221cc1b794f610079c565806182341bb05b5a5014e690fca2738cd1689008bb673c78672741a2d648c4cee886693858d30b8cf3d67b2432ed9a1e2ff9ff7862b2458c1dc2acfaaf4b268c098ac520b8bfecebb7112f"}}, @lifetime_val={0x24, 0x9, {0x2, 0xb, 0x1ff, 0x8}}, @srcaddr={0x14, 0xd, @in=@loopback}, @algo_comp={0xb8, 0x3, {{'deflate\x00'}, 0x380, "49505026acb034cb0eaa6f38a899a6208a595580fa5d7b213f5a028b6fad31008cb4da04e14c3a121e1d076135e3de0926c8cde6168be576dc52d4efbd9e853e901e918ebedea676bc5461b9abe60ab1a356c80a097cb2ad53c7c09f7c7f731bf7a92d926edf9da122007b15c675f0fe"}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) [ 901.147812][T23449] FAULT_INJECTION: forcing a failure. [ 901.147812][T23449] name failslab, interval 1, probability 0, space 0, times 0 [ 901.161308][T23449] CPU: 0 PID: 23449 Comm: syz-executor.5 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 901.171544][T23449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 901.181578][T23449] Call Trace: [ 901.184852][T23449] dump_stack+0x1d8/0x241 [ 901.189153][T23449] ? panic+0x73e/0x73e [ 901.193188][T23449] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 901.198965][T23449] should_fail+0x709/0x870 [ 901.203358][T23449] ? setup_fault_attr+0x3d0/0x3d0 [ 901.208358][T23449] ? __alloc_skb+0x78/0x4d0 [ 901.212836][T23449] should_failslab+0x5/0x20 [ 901.217310][T23449] kmem_cache_alloc+0x24/0x210 [ 901.222043][T23449] __alloc_skb+0x78/0x4d0 [ 901.226343][T23449] ? netlink_autobind+0x163/0x190 [ 901.231336][T23449] netlink_sendmsg+0x782/0xcc0 [ 901.236070][T23449] ? netlink_getsockopt+0x840/0x840 [ 901.241234][T23449] ? import_iovec+0x1bc/0x380 [ 901.245882][T23449] ? security_socket_sendmsg+0x9d/0xb0 [ 901.251431][T23449] ? netlink_getsockopt+0x840/0x840 [ 901.256602][T23449] ____sys_sendmsg+0x5a6/0x8f0 [ 901.261344][T23449] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 901.266516][T23449] ? __lru_cache_add+0x1bf/0x210 [ 901.271424][T23449] ? proc_fail_nth_read+0x220/0x220 [ 901.276591][T23449] __sys_sendmsg+0x2b7/0x3a0 [ 901.281148][T23449] ? ____sys_sendmsg+0x8f0/0x8f0 [ 901.286058][T23449] ? check_preemption_disabled+0x9e/0x330 [ 901.291758][T23449] ? fput_many+0x42/0x1a0 17:07:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x7, 0x0, 0x0) 17:07:59 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) (fail_nth: 2) 17:07:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:07:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x8, 0x4) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=@getpolicy={0x228, 0x15, 0x300, 0x70bd2a, 0x25dfdbfc, {{@in6=@empty, @in6=@local, 0x4e21, 0x0, 0x4e24, 0x1, 0x2, 0xa0, 0x180, 0x32, 0x0, 0xffffffffffffffff}}, [@lastused={0xc, 0xf, 0x2}, @user_kmaddress={0x2c, 0x13, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@multicast2, 0x0, 0xa}}, @algo_auth_trunc={0xad, 0x14, {{'poly1305-neon\x00'}, 0x308, 0x40, "176ec6aa43d7a0dba60362d221cc1b794f610079c565806182341bb05b5a5014e690fca2738cd1689008bb673c78672741a2d648c4cee886693858d30b8cf3d67b2432ed9a1e2ff9ff7862b2458c1dc2acfaaf4b268c098ac520b8bfecebb7112f"}}, @lifetime_val={0x24, 0x9, {0x2, 0xb, 0x1ff, 0x8}}, @srcaddr={0x14, 0xd, @in=@loopback}, @algo_comp={0xb8, 0x3, {{'deflate\x00'}, 0x380, "49505026acb034cb0eaa6f38a899a6208a595580fa5d7b213f5a028b6fad31008cb4da04e14c3a121e1d076135e3de0926c8cde6168be576dc52d4efbd9e853e901e918ebedea676bc5461b9abe60ab1a356c80a097cb2ad53c7c09f7c7f731bf7a92d926edf9da122007b15c675f0fe"}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 17:07:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x8, 0x0, 0x0) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 901.296071][T23449] ? check_preemption_disabled+0x154/0x330 [ 901.301856][T23449] do_syscall_64+0xcb/0x1c0 [ 901.306336][T23449] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:00 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:08:00 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x8, 0x4) (async, rerun: 32) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 32) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=@getpolicy={0x228, 0x15, 0x300, 0x70bd2a, 0x25dfdbfc, {{@in6=@empty, @in6=@local, 0x4e21, 0x0, 0x4e24, 0x1, 0x2, 0xa0, 0x180, 0x32, 0x0, 0xffffffffffffffff}}, [@lastused={0xc, 0xf, 0x2}, @user_kmaddress={0x2c, 0x13, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@multicast2, 0x0, 0xa}}, @algo_auth_trunc={0xad, 0x14, {{'poly1305-neon\x00'}, 0x308, 0x40, "176ec6aa43d7a0dba60362d221cc1b794f610079c565806182341bb05b5a5014e690fca2738cd1689008bb673c78672741a2d648c4cee886693858d30b8cf3d67b2432ed9a1e2ff9ff7862b2458c1dc2acfaaf4b268c098ac520b8bfecebb7112f"}}, @lifetime_val={0x24, 0x9, {0x2, 0xb, 0x1ff, 0x8}}, @srcaddr={0x14, 0xd, @in=@loopback}, @algo_comp={0xb8, 0x3, {{'deflate\x00'}, 0x380, "49505026acb034cb0eaa6f38a899a6208a595580fa5d7b213f5a028b6fad31008cb4da04e14c3a121e1d076135e3de0926c8cde6168be576dc52d4efbd9e853e901e918ebedea676bc5461b9abe60ab1a356c80a097cb2ad53c7c09f7c7f731bf7a92d926edf9da122007b15c675f0fe"}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x9, 0x0, 0x0) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x5, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 901.350294][T23466] FAULT_INJECTION: forcing a failure. [ 901.350294][T23466] name failslab, interval 1, probability 0, space 0, times 0 [ 901.372054][T23466] CPU: 1 PID: 23466 Comm: syz-executor.5 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 901.382825][T23466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 901.392870][T23466] Call Trace: [ 901.396158][T23466] dump_stack+0x1d8/0x241 [ 901.400490][T23466] ? panic+0x73e/0x73e [ 901.404561][T23466] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 901.410353][T23466] should_fail+0x709/0x870 [ 901.414771][T23466] ? setup_fault_attr+0x3d0/0x3d0 [ 901.419769][T23466] ? netlink_sendmsg+0x782/0xcc0 [ 901.424703][T23466] should_failslab+0x5/0x20 [ 901.429176][T23466] __kmalloc_track_caller+0x4f/0x280 [ 901.434429][T23466] ? kmem_cache_alloc+0xd0/0x210 [ 901.439334][T23466] ? netlink_sendmsg+0x782/0xcc0 [ 901.444239][T23466] __alloc_skb+0xb5/0x4d0 [ 901.448541][T23466] ? netlink_autobind+0x163/0x190 [ 901.453538][T23466] netlink_sendmsg+0x782/0xcc0 [ 901.458274][T23466] ? netlink_getsockopt+0x840/0x840 [ 901.463439][T23466] ? import_iovec+0x1bc/0x380 [ 901.468096][T23466] ? security_socket_sendmsg+0x9d/0xb0 [ 901.473533][T23466] ? netlink_getsockopt+0x840/0x840 [ 901.478710][T23466] ____sys_sendmsg+0x5a6/0x8f0 [ 901.483442][T23466] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 901.488609][T23466] ? __lru_cache_add+0x1bf/0x210 [ 901.493521][T23466] ? proc_fail_nth_read+0x220/0x220 17:08:00 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x7, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) (fail_nth: 3) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xa, 0x0, 0x0) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xc, 0x0, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xd, 0x0, 0x0) [ 901.498699][T23466] __sys_sendmsg+0x2b7/0x3a0 [ 901.503277][T23466] ? ____sys_sendmsg+0x8f0/0x8f0 [ 901.508193][T23466] ? check_preemption_disabled+0x9e/0x330 [ 901.513888][T23466] ? fput_many+0x42/0x1a0 [ 901.518190][T23466] ? check_preemption_disabled+0x154/0x330 [ 901.523968][T23466] do_syscall_64+0xcb/0x1c0 [ 901.528449][T23466] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:00 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x8, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xe, 0x0, 0x0) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x9, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 901.593015][T23498] FAULT_INJECTION: forcing a failure. [ 901.593015][T23498] name failslab, interval 1, probability 0, space 0, times 0 [ 901.607475][T23498] CPU: 0 PID: 23498 Comm: syz-executor.5 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 901.617712][T23498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 901.627747][T23498] Call Trace: [ 901.631018][T23498] dump_stack+0x1d8/0x241 [ 901.635328][T23498] ? panic+0x73e/0x73e [ 901.639371][T23498] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 901.645145][T23498] should_fail+0x709/0x870 [ 901.649532][T23498] ? setup_fault_attr+0x3d0/0x3d0 [ 901.654528][T23498] ? xfrm_netlink_rcv+0x80/0x80 [ 901.659346][T23498] ? __alloc_skb+0x78/0x4d0 [ 901.663816][T23498] should_failslab+0x5/0x20 [ 901.668287][T23498] kmem_cache_alloc+0x24/0x210 [ 901.673025][T23498] __alloc_skb+0x78/0x4d0 [ 901.677462][T23498] netlink_ack+0x2be/0xa80 [ 901.681862][T23498] ? avc_has_perm+0x16d/0x260 [ 901.686607][T23498] ? netlink_dump+0x1320/0x1320 [ 901.691431][T23498] ? avc_has_perm_noaudit+0x400/0x400 [ 901.696776][T23498] ? iov_iter_advance+0x263/0xb20 [ 901.701769][T23498] netlink_rcv_skb+0x289/0x470 [ 901.706506][T23498] ? xfrm_netlink_rcv+0x80/0x80 [ 901.711325][T23498] ? nla_put_string+0x30/0x30 [ 901.715969][T23498] ? mutex_trylock+0xa0/0xa0 [ 901.720526][T23498] ? __netlink_lookup+0x37f/0x3a0 [ 901.725517][T23498] xfrm_netlink_rcv+0x6e/0x80 [ 901.730165][T23498] netlink_unicast+0x91b/0xb10 [ 901.734899][T23498] ? netlink_detachskb+0xa0/0xa0 [ 901.739803][T23498] ? __virt_addr_valid+0x1fd/0x290 [ 901.744883][T23498] netlink_sendmsg+0x9f6/0xcc0 [ 901.749619][T23498] ? netlink_getsockopt+0x840/0x840 [ 901.754790][T23498] ? import_iovec+0x1bc/0x380 [ 901.759440][T23498] ? security_socket_sendmsg+0x9d/0xb0 [ 901.764869][T23498] ? netlink_getsockopt+0x840/0x840 [ 901.770034][T23498] ____sys_sendmsg+0x5a6/0x8f0 [ 901.774779][T23498] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 901.779948][T23498] ? __lru_cache_add+0x1bf/0x210 [ 901.784858][T23498] ? proc_fail_nth_read+0x220/0x220 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xf, 0x0, 0x0) 17:08:00 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) (fail_nth: 4) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xa, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 901.790023][T23498] __sys_sendmsg+0x2b7/0x3a0 [ 901.794585][T23498] ? ____sys_sendmsg+0x8f0/0x8f0 [ 901.799491][T23498] ? check_preemption_disabled+0x9e/0x330 [ 901.805179][T23498] ? fput_many+0x42/0x1a0 [ 901.809479][T23498] ? check_preemption_disabled+0x154/0x330 [ 901.815256][T23498] do_syscall_64+0xcb/0x1c0 [ 901.819731][T23498] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x11, 0x0, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) [ 901.860512][T23514] FAULT_INJECTION: forcing a failure. [ 901.860512][T23514] name failslab, interval 1, probability 0, space 0, times 0 [ 901.891297][T23514] CPU: 0 PID: 23514 Comm: syz-executor.5 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 901.901545][T23514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 901.911586][T23514] Call Trace: [ 901.914852][T23514] dump_stack+0x1d8/0x241 [ 901.919155][T23514] ? panic+0x73e/0x73e [ 901.923194][T23514] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 901.928968][T23514] should_fail+0x709/0x870 [ 901.933366][T23514] ? setup_fault_attr+0x3d0/0x3d0 [ 901.938376][T23514] ? netlink_ack+0x2be/0xa80 [ 901.942938][T23514] should_failslab+0x5/0x20 [ 901.947416][T23514] __kmalloc_track_caller+0x4f/0x280 [ 901.952694][T23514] ? kmem_cache_alloc+0xd0/0x210 [ 901.957618][T23514] ? netlink_ack+0x2be/0xa80 [ 901.962185][T23514] __alloc_skb+0xb5/0x4d0 [ 901.966502][T23514] netlink_ack+0x2be/0xa80 [ 901.970900][T23514] ? avc_has_perm+0x16d/0x260 [ 901.975551][T23514] ? netlink_dump+0x1320/0x1320 [ 901.980373][T23514] ? avc_has_perm_noaudit+0x400/0x400 [ 901.985715][T23514] ? iov_iter_advance+0x263/0xb20 [ 901.990715][T23514] netlink_rcv_skb+0x289/0x470 [ 901.995452][T23514] ? xfrm_netlink_rcv+0x80/0x80 [ 902.000271][T23514] ? nla_put_string+0x30/0x30 [ 902.004925][T23514] ? mutex_trylock+0xa0/0xa0 [ 902.009485][T23514] ? __netlink_lookup+0x37f/0x3a0 [ 902.014483][T23514] xfrm_netlink_rcv+0x6e/0x80 [ 902.019132][T23514] netlink_unicast+0x91b/0xb10 [ 902.023873][T23514] ? netlink_detachskb+0xa0/0xa0 [ 902.028816][T23514] ? __virt_addr_valid+0x1fd/0x290 [ 902.033897][T23514] netlink_sendmsg+0x9f6/0xcc0 [ 902.038630][T23514] ? netlink_getsockopt+0x840/0x840 [ 902.043800][T23514] ? import_iovec+0x1bc/0x380 [ 902.048447][T23514] ? security_socket_sendmsg+0x9d/0xb0 [ 902.053872][T23514] ? netlink_getsockopt+0x840/0x840 [ 902.059038][T23514] ____sys_sendmsg+0x5a6/0x8f0 [ 902.063774][T23514] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 902.068948][T23514] ? __lru_cache_add+0x1bf/0x210 [ 902.073853][T23514] ? proc_fail_nth_read+0x220/0x220 [ 902.079023][T23514] __sys_sendmsg+0x2b7/0x3a0 [ 902.083587][T23514] ? ____sys_sendmsg+0x8f0/0x8f0 [ 902.088493][T23514] ? check_preemption_disabled+0x9e/0x330 [ 902.094193][T23514] ? fput_many+0x42/0x1a0 [ 902.098508][T23514] ? check_preemption_disabled+0x154/0x330 [ 902.104293][T23514] do_syscall_64+0xcb/0x1c0 17:08:00 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xc, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) (fail_nth: 5) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x13, 0x0, 0x0) 17:08:00 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x14, 0x0, 0x0) [ 902.108770][T23514] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xd, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x17, 0x0, 0x0) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x56, 0x0, 0x0) 17:08:00 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 1) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:00 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x6) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x7) 17:08:00 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xf, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:00 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x2, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x600) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x700) 17:08:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x6000000) [ 902.254689][T23555] FAULT_INJECTION: forcing a failure. [ 902.254689][T23555] name failslab, interval 1, probability 0, space 0, times 0 [ 902.267657][T23555] CPU: 0 PID: 23555 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 902.277880][T23555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.287926][T23555] Call Trace: [ 902.291199][T23555] dump_stack+0x1d8/0x241 [ 902.295545][T23555] ? panic+0x73e/0x73e [ 902.299588][T23555] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 902.305378][T23555] ? __mutex_lock+0xd07/0x10d0 [ 902.310130][T23555] should_fail+0x709/0x870 [ 902.314520][T23555] ? setup_fault_attr+0x3d0/0x3d0 [ 902.319519][T23555] ? kstrtouint_from_user+0x215/0x2b0 [ 902.324863][T23555] ? loop_add+0x56/0x710 [ 902.329079][T23555] should_failslab+0x5/0x20 [ 902.333568][T23555] kmem_cache_alloc_trace+0x28/0x240 [ 902.338825][T23555] loop_add+0x56/0x710 [ 902.342871][T23555] ? radix_tree_lookup+0x17a/0x1d0 [ 902.347958][T23555] loop_control_ioctl+0x564/0x740 [ 902.352953][T23555] ? loop_remove+0xa0/0xa0 [ 902.357338][T23555] ? __lru_cache_add+0x1bf/0x210 [ 902.362244][T23555] ? memset+0x1f/0x40 [ 902.366198][T23555] ? fsnotify+0x1332/0x13f0 [ 902.370669][T23555] ? loop_remove+0xa0/0xa0 [ 902.375054][T23555] do_vfs_ioctl+0x744/0x1730 [ 902.379792][T23555] ? selinux_file_ioctl+0x723/0x970 [ 902.384973][T23555] ? ioctl_preallocate+0x250/0x250 [ 902.390056][T23555] ? __fget+0x40c/0x4a0 [ 902.394185][T23555] ? fget_many+0x20/0x20 [ 902.398394][T23555] ? check_preemption_disabled+0x154/0x330 17:08:01 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 2) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) (fail_nth: 1) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x7000000) 17:08:01 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x11, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) [ 902.404166][T23555] ? debug_smp_processor_id+0x20/0x20 [ 902.409503][T23555] ? security_file_ioctl+0x9d/0xb0 [ 902.414583][T23555] __x64_sys_ioctl+0xd4/0x110 [ 902.419229][T23555] do_syscall_64+0xcb/0x1c0 [ 902.423727][T23555] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x600000000000000) 17:08:01 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x13, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x700000000000000) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0xffffffff00000000) [ 902.485603][T23578] FAULT_INJECTION: forcing a failure. [ 902.485603][T23578] name failslab, interval 1, probability 0, space 0, times 0 [ 902.498806][T23578] CPU: 1 PID: 23578 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 902.501057][T23593] FAULT_INJECTION: forcing a failure. [ 902.501057][T23593] name failslab, interval 1, probability 0, space 0, times 0 [ 902.509035][T23578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.509039][T23578] Call Trace: [ 902.509056][T23578] dump_stack+0x1d8/0x241 [ 902.509067][T23578] ? panic+0x73e/0x73e [ 902.509075][T23578] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 902.509090][T23578] ? do_vfs_ioctl+0x744/0x1730 [ 902.553819][T23578] ? do_syscall_64+0xcb/0x1c0 [ 902.558474][T23578] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 902.564524][T23578] should_fail+0x709/0x870 [ 902.568922][T23578] ? setup_fault_attr+0x3d0/0x3d0 [ 902.573926][T23578] ? idr_alloc+0x203/0x2f0 [ 902.578319][T23578] ? blk_mq_alloc_tag_set+0x300/0x890 [ 902.583668][T23578] should_failslab+0x5/0x20 [ 902.588150][T23578] __kmalloc+0x51/0x2b0 [ 902.592296][T23578] blk_mq_alloc_tag_set+0x300/0x890 [ 902.597473][T23578] ? kmem_cache_alloc_trace+0xd8/0x240 [ 902.602907][T23578] ? loop_add+0x56/0x710 [ 902.607126][T23578] loop_add+0x22b/0x710 [ 902.611259][T23578] ? radix_tree_lookup+0x17a/0x1d0 [ 902.616352][T23578] loop_control_ioctl+0x564/0x740 [ 902.621353][T23578] ? loop_remove+0xa0/0xa0 [ 902.625759][T23578] ? __lru_cache_add+0x1bf/0x210 [ 902.630675][T23578] ? memset+0x1f/0x40 [ 902.634633][T23578] ? fsnotify+0x1332/0x13f0 [ 902.639114][T23578] ? loop_remove+0xa0/0xa0 [ 902.643513][T23578] do_vfs_ioctl+0x744/0x1730 [ 902.648081][T23578] ? selinux_file_ioctl+0x723/0x970 [ 902.653266][T23578] ? ioctl_preallocate+0x250/0x250 [ 902.658353][T23578] ? __fget+0x40c/0x4a0 [ 902.662489][T23578] ? fget_many+0x20/0x20 [ 902.666727][T23578] ? check_preemption_disabled+0x154/0x330 [ 902.672516][T23578] ? debug_smp_processor_id+0x20/0x20 [ 902.677864][T23578] ? security_file_ioctl+0x9d/0xb0 [ 902.682950][T23578] __x64_sys_ioctl+0xd4/0x110 [ 902.687607][T23578] do_syscall_64+0xcb/0x1c0 [ 902.692110][T23578] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 902.698003][T23593] CPU: 0 PID: 23593 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 902.708234][T23593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.718278][T23593] Call Trace: [ 902.721564][T23593] dump_stack+0x1d8/0x241 [ 902.725888][T23593] ? panic+0x73e/0x73e [ 902.729948][T23593] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 902.735737][T23593] should_fail+0x709/0x870 [ 902.740126][T23593] ? setup_fault_attr+0x3d0/0x3d0 [ 902.745120][T23593] ? __alloc_skb+0x78/0x4d0 [ 902.749590][T23593] should_failslab+0x5/0x20 [ 902.754064][T23593] kmem_cache_alloc+0x24/0x210 [ 902.758797][T23593] __alloc_skb+0x78/0x4d0 [ 902.763098][T23593] ? netlink_autobind+0x163/0x190 [ 902.768090][T23593] netlink_sendmsg+0x782/0xcc0 [ 902.772826][T23593] ? netlink_getsockopt+0x840/0x840 [ 902.777990][T23593] ? import_iovec+0x1bc/0x380 [ 902.782634][T23593] ? security_socket_sendmsg+0x9d/0xb0 [ 902.788062][T23593] ? netlink_getsockopt+0x840/0x840 [ 902.793229][T23593] ____sys_sendmsg+0x5a6/0x8f0 [ 902.798099][T23593] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 902.803273][T23593] ? __lru_cache_add+0x1bf/0x210 [ 902.808185][T23593] ? proc_fail_nth_read+0x220/0x220 [ 902.813358][T23593] __sys_sendmsg+0x2b7/0x3a0 [ 902.817919][T23593] ? ____sys_sendmsg+0x8f0/0x8f0 [ 902.822856][T23593] ? check_preemption_disabled+0x9e/0x330 [ 902.828554][T23593] ? fput_many+0x42/0x1a0 17:08:01 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 3) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) (fail_nth: 2) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x5, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000040)=0x9, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 17:08:01 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x14, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 902.832866][T23593] ? check_preemption_disabled+0x154/0x330 [ 902.838649][T23593] do_syscall_64+0xcb/0x1c0 [ 902.843125][T23593] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x6, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 902.879898][T23608] FAULT_INJECTION: forcing a failure. [ 902.879898][T23608] name failslab, interval 1, probability 0, space 0, times 0 [ 902.886618][T23613] FAULT_INJECTION: forcing a failure. [ 902.886618][T23613] name failslab, interval 1, probability 0, space 0, times 0 [ 902.896739][T23608] CPU: 1 PID: 23608 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 902.916961][T23608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.926996][T23608] Call Trace: [ 902.930267][T23608] dump_stack+0x1d8/0x241 [ 902.934576][T23608] ? panic+0x73e/0x73e [ 902.938622][T23608] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 902.944412][T23608] should_fail+0x709/0x870 [ 902.948808][T23608] ? setup_fault_attr+0x3d0/0x3d0 [ 902.953812][T23608] ? blk_mq_alloc_tag_set+0x3ab/0x890 [ 902.959256][T23608] should_failslab+0x5/0x20 [ 902.963740][T23608] __kmalloc+0x51/0x2b0 [ 902.967870][T23608] ? blk_mq_alloc_tag_set+0x300/0x890 [ 902.973219][T23608] blk_mq_alloc_tag_set+0x3ab/0x890 [ 902.978394][T23608] loop_add+0x22b/0x710 [ 902.982531][T23608] ? radix_tree_lookup+0x17a/0x1d0 [ 902.987624][T23608] loop_control_ioctl+0x564/0x740 [ 902.992632][T23608] ? loop_remove+0xa0/0xa0 [ 902.997028][T23608] ? __lru_cache_add+0x1bf/0x210 [ 903.001940][T23608] ? memset+0x1f/0x40 [ 903.005908][T23608] ? fsnotify+0x1332/0x13f0 [ 903.010390][T23608] ? loop_remove+0xa0/0xa0 [ 903.014786][T23608] do_vfs_ioctl+0x744/0x1730 [ 903.019352][T23608] ? selinux_file_ioctl+0x723/0x970 [ 903.024530][T23608] ? ioctl_preallocate+0x250/0x250 17:08:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (fail_nth: 1) [ 903.029710][T23608] ? __fget+0x40c/0x4a0 [ 903.033844][T23608] ? fget_many+0x20/0x20 [ 903.038068][T23608] ? check_preemption_disabled+0x154/0x330 [ 903.043855][T23608] ? debug_smp_processor_id+0x20/0x20 [ 903.049207][T23608] ? security_file_ioctl+0x9d/0xb0 [ 903.054301][T23608] __x64_sys_ioctl+0xd4/0x110 [ 903.058957][T23608] do_syscall_64+0xcb/0x1c0 [ 903.063440][T23608] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x8, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x9, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xb, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 903.074076][T23613] CPU: 0 PID: 23613 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 903.084318][T23613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.094363][T23613] Call Trace: [ 903.097652][T23613] dump_stack+0x1d8/0x241 [ 903.101979][T23613] ? panic+0x73e/0x73e [ 903.106049][T23613] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 903.111937][T23613] should_fail+0x709/0x870 [ 903.116348][T23613] ? setup_fault_attr+0x3d0/0x3d0 [ 903.121368][T23613] ? netlink_sendmsg+0x782/0xcc0 [ 903.126292][T23613] should_failslab+0x5/0x20 [ 903.130766][T23613] __kmalloc_track_caller+0x4f/0x280 [ 903.136022][T23613] ? kmem_cache_alloc+0xd0/0x210 [ 903.140928][T23613] ? netlink_sendmsg+0x782/0xcc0 [ 903.145835][T23613] __alloc_skb+0xb5/0x4d0 [ 903.150136][T23613] ? netlink_autobind+0x163/0x190 [ 903.155137][T23613] netlink_sendmsg+0x782/0xcc0 [ 903.159878][T23613] ? netlink_getsockopt+0x840/0x840 [ 903.165042][T23613] ? import_iovec+0x1bc/0x380 [ 903.169687][T23613] ? security_socket_sendmsg+0x9d/0xb0 [ 903.175112][T23613] ? netlink_getsockopt+0x840/0x840 [ 903.180276][T23613] ____sys_sendmsg+0x5a6/0x8f0 [ 903.185016][T23613] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 903.190182][T23613] ? __lru_cache_add+0x1bf/0x210 [ 903.195088][T23613] ? proc_fail_nth_read+0x220/0x220 [ 903.200254][T23613] __sys_sendmsg+0x2b7/0x3a0 [ 903.204812][T23613] ? ____sys_sendmsg+0x8f0/0x8f0 [ 903.209718][T23613] ? check_preemption_disabled+0x9e/0x330 [ 903.215408][T23613] ? fput_many+0x42/0x1a0 [ 903.219707][T23613] ? check_preemption_disabled+0x154/0x330 [ 903.225486][T23613] do_syscall_64+0xcb/0x1c0 17:08:01 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:01 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:01 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000040)=0x9, 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (rerun: 32) 17:08:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) (fail_nth: 3) [ 903.229969][T23613] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 903.264184][T23634] FAULT_INJECTION: forcing a failure. [ 903.264184][T23634] name failslab, interval 1, probability 0, space 0, times 0 [ 903.266118][T23640] FAULT_INJECTION: forcing a failure. [ 903.266118][T23640] name failslab, interval 1, probability 0, space 0, times 0 [ 903.277221][T23634] CPU: 1 PID: 23634 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 903.299603][T23634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.309724][T23634] Call Trace: [ 903.312998][T23634] dump_stack+0x1d8/0x241 [ 903.317305][T23634] ? panic+0x73e/0x73e [ 903.321350][T23634] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 903.327132][T23634] should_fail+0x709/0x870 [ 903.331524][T23634] ? loop_add+0x22b/0x710 [ 903.335831][T23634] ? loop_control_ioctl+0x564/0x740 [ 903.341004][T23634] ? do_syscall_64+0xcb/0x1c0 [ 903.345654][T23634] ? setup_fault_attr+0x3d0/0x3d0 [ 903.350657][T23634] ? blk_mq_init_tags+0x74/0x290 [ 903.355571][T23634] should_failslab+0x5/0x20 [ 903.360048][T23634] kmem_cache_alloc_trace+0x28/0x240 [ 903.365309][T23634] blk_mq_init_tags+0x74/0x290 [ 903.370053][T23634] ? blk_mq_hw_queue_to_node+0xeb/0x100 [ 903.375573][T23634] blk_mq_alloc_rq_map+0x93/0x1a0 [ 903.380574][T23634] blk_mq_alloc_rq_maps+0x100/0x650 [ 903.385752][T23634] blk_mq_alloc_tag_set+0x50e/0x890 [ 903.390928][T23634] loop_add+0x22b/0x710 [ 903.395063][T23634] ? radix_tree_lookup+0x17a/0x1d0 [ 903.400153][T23634] loop_control_ioctl+0x564/0x740 [ 903.405155][T23634] ? loop_remove+0xa0/0xa0 [ 903.409548][T23634] ? __lru_cache_add+0x1bf/0x210 [ 903.414461][T23634] ? memset+0x1f/0x40 [ 903.418428][T23634] ? fsnotify+0x1332/0x13f0 [ 903.422911][T23634] ? loop_remove+0xa0/0xa0 [ 903.427396][T23634] do_vfs_ioctl+0x744/0x1730 [ 903.431968][T23634] ? selinux_file_ioctl+0x723/0x970 [ 903.437141][T23634] ? ioctl_preallocate+0x250/0x250 [ 903.442229][T23634] ? __fget+0x40c/0x4a0 [ 903.446360][T23634] ? fget_many+0x20/0x20 [ 903.450578][T23634] ? check_preemption_disabled+0x154/0x330 [ 903.456358][T23634] ? debug_smp_processor_id+0x20/0x20 17:08:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x17, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x11, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 903.461705][T23634] ? security_file_ioctl+0x9d/0xb0 [ 903.466792][T23634] __x64_sys_ioctl+0xd4/0x110 [ 903.471453][T23634] do_syscall_64+0xcb/0x1c0 [ 903.475935][T23634] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 903.481807][T23640] CPU: 0 PID: 23640 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 903.483262][T23634] blk-mq: reduced tag depth (128 -> 64) [ 903.492025][T23640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.492028][T23640] Call Trace: [ 903.492044][T23640] dump_stack+0x1d8/0x241 [ 903.492058][T23640] ? panic+0x73e/0x73e [ 903.519181][T23640] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 903.525061][T23640] should_fail+0x709/0x870 [ 903.529454][T23640] ? setup_fault_attr+0x3d0/0x3d0 [ 903.534455][T23640] ? xfrm_netlink_rcv+0x80/0x80 [ 903.539300][T23640] ? __alloc_skb+0x78/0x4d0 [ 903.543777][T23640] should_failslab+0x5/0x20 [ 903.548267][T23640] kmem_cache_alloc+0x24/0x210 [ 903.553001][T23640] __alloc_skb+0x78/0x4d0 [ 903.557300][T23640] netlink_ack+0x2be/0xa80 [ 903.561686][T23640] ? avc_has_perm+0x16d/0x260 [ 903.566335][T23640] ? netlink_dump+0x1320/0x1320 [ 903.571152][T23640] ? avc_has_perm_noaudit+0x400/0x400 [ 903.576493][T23640] ? iov_iter_advance+0x263/0xb20 [ 903.581488][T23640] netlink_rcv_skb+0x289/0x470 [ 903.586226][T23640] ? xfrm_netlink_rcv+0x80/0x80 [ 903.591047][T23640] ? nla_put_string+0x30/0x30 [ 903.595695][T23640] ? mutex_trylock+0xa0/0xa0 [ 903.600252][T23640] ? __netlink_lookup+0x37f/0x3a0 [ 903.605245][T23640] xfrm_netlink_rcv+0x6e/0x80 [ 903.609892][T23640] netlink_unicast+0x91b/0xb10 [ 903.614633][T23640] ? netlink_detachskb+0xa0/0xa0 [ 903.619542][T23640] ? __virt_addr_valid+0x1fd/0x290 [ 903.624664][T23640] netlink_sendmsg+0x9f6/0xcc0 [ 903.629419][T23640] ? netlink_getsockopt+0x840/0x840 [ 903.634591][T23640] ? import_iovec+0x1bc/0x380 [ 903.639239][T23640] ? security_socket_sendmsg+0x9d/0xb0 [ 903.644665][T23640] ? netlink_getsockopt+0x840/0x840 [ 903.649839][T23640] ____sys_sendmsg+0x5a6/0x8f0 [ 903.654583][T23640] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 903.659758][T23640] ? __lru_cache_add+0x1bf/0x210 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000040)=0x9, 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x12, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:02 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 5) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) (fail_nth: 4) 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x5, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 903.664680][T23640] ? proc_fail_nth_read+0x220/0x220 [ 903.669850][T23640] __sys_sendmsg+0x2b7/0x3a0 [ 903.674412][T23640] ? ____sys_sendmsg+0x8f0/0x8f0 [ 903.679320][T23640] ? check_preemption_disabled+0x9e/0x330 [ 903.685013][T23640] ? fput_many+0x42/0x1a0 [ 903.689311][T23640] ? check_preemption_disabled+0x154/0x330 [ 903.695086][T23640] do_syscall_64+0xcb/0x1c0 [ 903.699560][T23640] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x13, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 903.758062][T23656] FAULT_INJECTION: forcing a failure. [ 903.758062][T23656] name failslab, interval 1, probability 0, space 0, times 0 [ 903.771213][T23656] CPU: 0 PID: 23656 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 903.781440][T23656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.791472][T23656] Call Trace: [ 903.794739][T23656] dump_stack+0x1d8/0x241 [ 903.799040][T23656] ? panic+0x73e/0x73e [ 903.803077][T23656] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 903.808851][T23656] should_fail+0x709/0x870 [ 903.813236][T23656] ? setup_fault_attr+0x3d0/0x3d0 [ 903.818240][T23656] ? netlink_ack+0x2be/0xa80 [ 903.822797][T23656] should_failslab+0x5/0x20 [ 903.827273][T23656] __kmalloc_track_caller+0x4f/0x280 [ 903.832525][T23656] ? kmem_cache_alloc+0xd0/0x210 [ 903.837434][T23656] ? netlink_ack+0x2be/0xa80 [ 903.841996][T23656] __alloc_skb+0xb5/0x4d0 [ 903.846303][T23656] netlink_ack+0x2be/0xa80 [ 903.850696][T23656] ? avc_has_perm+0x16d/0x260 [ 903.855342][T23656] ? netlink_dump+0x1320/0x1320 [ 903.860160][T23656] ? avc_has_perm_noaudit+0x400/0x400 [ 903.865504][T23656] ? iov_iter_advance+0x263/0xb20 [ 903.870497][T23656] netlink_rcv_skb+0x289/0x470 [ 903.875233][T23656] ? xfrm_netlink_rcv+0x80/0x80 [ 903.880055][T23656] ? nla_put_string+0x30/0x30 [ 903.884702][T23656] ? mutex_trylock+0xa0/0xa0 [ 903.889259][T23656] ? __netlink_lookup+0x37f/0x3a0 [ 903.894250][T23656] xfrm_netlink_rcv+0x6e/0x80 [ 903.898894][T23656] netlink_unicast+0x91b/0xb10 [ 903.903631][T23656] ? netlink_detachskb+0xa0/0xa0 [ 903.908537][T23656] ? __virt_addr_valid+0x1fd/0x290 [ 903.913622][T23656] netlink_sendmsg+0x9f6/0xcc0 [ 903.918357][T23656] ? netlink_getsockopt+0x840/0x840 [ 903.923526][T23656] ? import_iovec+0x1bc/0x380 [ 903.928180][T23656] ? security_socket_sendmsg+0x9d/0xb0 [ 903.933607][T23656] ? netlink_getsockopt+0x840/0x840 [ 903.938780][T23656] ____sys_sendmsg+0x5a6/0x8f0 [ 903.943521][T23656] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 903.948691][T23656] ? __lru_cache_add+0x1bf/0x210 [ 903.953596][T23656] ? proc_fail_nth_read+0x220/0x220 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x7, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x4, 0x566d9153, 0x9, 0x200}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x2, 0x6, 0x7fffffff, 0x9, 0x1, 0xfffff480, 0x6}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 903.958762][T23656] __sys_sendmsg+0x2b7/0x3a0 [ 903.963321][T23656] ? ____sys_sendmsg+0x8f0/0x8f0 [ 903.968234][T23656] ? check_preemption_disabled+0x9e/0x330 [ 903.973931][T23656] ? fput_many+0x42/0x1a0 [ 903.978229][T23656] ? check_preemption_disabled+0x154/0x330 [ 903.984005][T23656] do_syscall_64+0xcb/0x1c0 [ 903.988480][T23656] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) (fail_nth: 5) 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x14, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 904.009376][T23661] FAULT_INJECTION: forcing a failure. [ 904.009376][T23661] name failslab, interval 1, probability 0, space 0, times 0 [ 904.022518][T23661] CPU: 0 PID: 23661 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 904.032750][T23661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 904.042780][T23661] Call Trace: [ 904.046048][T23661] dump_stack+0x1d8/0x241 [ 904.050346][T23661] ? panic+0x73e/0x73e [ 904.054382][T23661] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 904.060157][T23661] ? blk_mq_init_tags+0x74/0x290 [ 904.065067][T23661] ? blk_mq_alloc_rq_maps+0x100/0x650 [ 904.070407][T23661] ? blk_mq_alloc_tag_set+0x50e/0x890 [ 904.075753][T23661] ? loop_add+0x22b/0x710 [ 904.080059][T23661] ? do_vfs_ioctl+0x744/0x1730 [ 904.084792][T23661] ? __x64_sys_ioctl+0xd4/0x110 [ 904.089628][T23661] ? do_syscall_64+0xcb/0x1c0 [ 904.094275][T23661] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 904.100308][T23661] should_fail+0x709/0x870 [ 904.104695][T23661] ? setup_fault_attr+0x3d0/0x3d0 [ 904.109687][T23661] ? sbitmap_queue_init_node+0x15e/0xf70 [ 904.115287][T23661] should_failslab+0x5/0x20 [ 904.119757][T23661] __kmalloc+0x51/0x2b0 [ 904.124004][T23661] sbitmap_queue_init_node+0x15e/0xf70 [ 904.129432][T23661] ? blk_mq_init_tags+0x74/0x290 [ 904.134342][T23661] blk_mq_init_tags+0xef/0x290 [ 904.139167][T23661] blk_mq_alloc_rq_map+0x93/0x1a0 [ 904.144161][T23661] blk_mq_alloc_rq_maps+0x100/0x650 [ 904.149381][T23661] blk_mq_alloc_tag_set+0x50e/0x890 [ 904.154550][T23661] loop_add+0x22b/0x710 [ 904.158762][T23661] ? radix_tree_lookup+0x17a/0x1d0 [ 904.163840][T23661] loop_control_ioctl+0x564/0x740 [ 904.168832][T23661] ? loop_remove+0xa0/0xa0 [ 904.173222][T23661] ? __lru_cache_add+0x1bf/0x210 [ 904.178126][T23661] ? memset+0x1f/0x40 [ 904.182086][T23661] ? fsnotify+0x1332/0x13f0 [ 904.186566][T23661] ? loop_remove+0xa0/0xa0 [ 904.190953][T23661] do_vfs_ioctl+0x744/0x1730 [ 904.195511][T23661] ? selinux_file_ioctl+0x723/0x970 [ 904.200678][T23661] ? ioctl_preallocate+0x250/0x250 [ 904.205765][T23661] ? __fget+0x40c/0x4a0 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x8, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) 17:08:02 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 6) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x9, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x4, 0x566d9153, 0x9, 0x200}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x2, 0x6, 0x7fffffff, 0x9, 0x1, 0xfffff480, 0x6}, 0x1c) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (rerun: 32) 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x300, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 904.209888][T23661] ? fget_many+0x20/0x20 [ 904.214098][T23661] ? check_preemption_disabled+0x154/0x330 [ 904.219870][T23661] ? debug_smp_processor_id+0x20/0x20 [ 904.225212][T23661] ? security_file_ioctl+0x9d/0xb0 [ 904.230290][T23661] __x64_sys_ioctl+0xd4/0x110 [ 904.234941][T23661] do_syscall_64+0xcb/0x1c0 [ 904.239414][T23661] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 904.247371][T23661] blk-mq: reduced tag depth (128 -> 64) 17:08:02 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x500, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xa, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:02 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x4, 0x566d9153, 0x9, 0x200}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x2, 0x6, 0x7fffffff, 0x9, 0x1, 0xfffff480, 0x6}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x4, 0x566d9153, 0x9, 0x200}, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x2, 0x6, 0x7fffffff, 0x9, 0x1, 0xfffff480, 0x6}, 0x1c) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/4096, 0x1000, 0x0, 0x0, 0x0) 17:08:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async, rerun: 32) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/4096, 0x1000, 0x0, 0x0, 0x0) (rerun: 32) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x600, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 904.328007][T23680] FAULT_INJECTION: forcing a failure. [ 904.328007][T23680] name failslab, interval 1, probability 0, space 0, times 0 [ 904.343717][T23680] CPU: 1 PID: 23680 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 904.353957][T23680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 904.363988][T23680] Call Trace: [ 904.367253][T23680] dump_stack+0x1d8/0x241 [ 904.371553][T23680] ? panic+0x73e/0x73e [ 904.375589][T23680] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 904.381368][T23680] ? pcpu_alloc_area+0x696/0x790 [ 904.386319][T23680] should_fail+0x709/0x870 [ 904.390712][T23680] ? setup_fault_attr+0x3d0/0x3d0 [ 904.395705][T23680] ? sbitmap_queue_init_node+0x69c/0xf70 [ 904.401306][T23680] should_failslab+0x5/0x20 [ 904.405783][T23680] kmem_cache_alloc_trace+0x28/0x240 [ 904.411038][T23680] sbitmap_queue_init_node+0x69c/0xf70 [ 904.416474][T23680] blk_mq_init_tags+0xef/0x290 [ 904.421209][T23680] blk_mq_alloc_rq_map+0x93/0x1a0 [ 904.426202][T23680] blk_mq_alloc_rq_maps+0x100/0x650 [ 904.431370][T23680] blk_mq_alloc_tag_set+0x50e/0x890 [ 904.436539][T23680] loop_add+0x22b/0x710 [ 904.440663][T23680] ? radix_tree_lookup+0x17a/0x1d0 [ 904.445743][T23680] loop_control_ioctl+0x564/0x740 [ 904.450911][T23680] ? loop_remove+0xa0/0xa0 [ 904.455297][T23680] ? __lru_cache_add+0x1bf/0x210 [ 904.460206][T23680] ? memset+0x1f/0x40 [ 904.464157][T23680] ? fsnotify+0x1332/0x13f0 [ 904.468629][T23680] ? loop_remove+0xa0/0xa0 [ 904.473014][T23680] do_vfs_ioctl+0x744/0x1730 [ 904.477580][T23680] ? selinux_file_ioctl+0x723/0x970 [ 904.482748][T23680] ? ioctl_preallocate+0x250/0x250 [ 904.487827][T23680] ? __fget+0x40c/0x4a0 [ 904.491952][T23680] ? fget_many+0x20/0x20 [ 904.496167][T23680] ? check_preemption_disabled+0x154/0x330 [ 904.501943][T23680] ? debug_smp_processor_id+0x20/0x20 [ 904.507312][T23680] ? security_file_ioctl+0x9d/0xb0 [ 904.512390][T23680] __x64_sys_ioctl+0xd4/0x110 [ 904.517038][T23680] do_syscall_64+0xcb/0x1c0 [ 904.521511][T23680] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:03 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 7) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x7}, 0x4) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/4096, 0x1000, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/4096, 0x1000, 0x0, 0x0, 0x0) (async) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xc, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x900, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x2, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x2000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xd, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x2) [ 904.532194][T23680] blk-mq: reduced tag depth (128 -> 64) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa00, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x2000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x2000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 904.578897][T23713] FAULT_INJECTION: forcing a failure. [ 904.578897][T23713] name failslab, interval 1, probability 0, space 0, times 0 [ 904.595362][T23713] CPU: 0 PID: 23713 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 904.605631][T23713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 904.615670][T23713] Call Trace: [ 904.618938][T23713] dump_stack+0x1d8/0x241 [ 904.623239][T23713] ? panic+0x73e/0x73e [ 904.627282][T23713] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 904.633093][T23713] ? pcpu_alloc_area+0x696/0x790 [ 904.638007][T23713] should_fail+0x709/0x870 [ 904.642397][T23713] ? setup_fault_attr+0x3d0/0x3d0 [ 904.647393][T23713] ? sbitmap_queue_init_node+0x69c/0xf70 [ 904.652998][T23713] should_failslab+0x5/0x20 [ 904.657469][T23713] kmem_cache_alloc_trace+0x28/0x240 [ 904.662720][T23713] sbitmap_queue_init_node+0x69c/0xf70 [ 904.668147][T23713] blk_mq_init_tags+0x153/0x290 [ 904.672967][T23713] blk_mq_alloc_rq_map+0x93/0x1a0 [ 904.677975][T23713] blk_mq_alloc_rq_maps+0x100/0x650 [ 904.683148][T23713] blk_mq_alloc_tag_set+0x50e/0x890 [ 904.688327][T23713] loop_add+0x22b/0x710 [ 904.692453][T23713] ? radix_tree_lookup+0x17a/0x1d0 [ 904.697539][T23713] loop_control_ioctl+0x564/0x740 [ 904.702532][T23713] ? loop_remove+0xa0/0xa0 [ 904.706918][T23713] ? __lru_cache_add+0x1bf/0x210 [ 904.711823][T23713] ? memset+0x1f/0x40 [ 904.715772][T23713] ? fsnotify+0x1332/0x13f0 [ 904.720252][T23713] ? loop_remove+0xa0/0xa0 [ 904.724641][T23713] do_vfs_ioctl+0x744/0x1730 [ 904.729199][T23713] ? selinux_file_ioctl+0x723/0x970 [ 904.734366][T23713] ? ioctl_preallocate+0x250/0x250 [ 904.739444][T23713] ? __fget+0x40c/0x4a0 [ 904.743567][T23713] ? fget_many+0x20/0x20 [ 904.747785][T23713] ? check_preemption_disabled+0x154/0x330 [ 904.753561][T23713] ? debug_smp_processor_id+0x20/0x20 [ 904.758902][T23713] ? security_file_ioctl+0x9d/0xb0 [ 904.763990][T23713] __x64_sys_ioctl+0xd4/0x110 [ 904.768642][T23713] do_syscall_64+0xcb/0x1c0 [ 904.773122][T23713] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:03 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 8) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x2000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x2000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x3) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xb00, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0xf, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x5) [ 904.780202][T23713] blk-mq: reduced tag depth (128 -> 64) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x8, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1100, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) accept4$packet(r1, &(0x7f0000000080), &(0x7f0000000040)=0x14, 0x80000) r2 = socket$packet(0x11, 0x2, 0x300) getsockopt$inet6_mreq(r2, 0x29, 0x0, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x8000, 0x2003}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) accept4$packet(r1, &(0x7f0000000080), &(0x7f0000000040)=0x14, 0x80000) (async, rerun: 64) r2 = socket$packet(0x11, 0x2, 0x300) (rerun: 64) getsockopt$inet6_mreq(r2, 0x29, 0x0, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x8000, 0x2003}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 904.861629][T23745] FAULT_INJECTION: forcing a failure. [ 904.861629][T23745] name failslab, interval 1, probability 0, space 0, times 0 [ 904.879212][T23745] CPU: 0 PID: 23745 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 904.889453][T23745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 904.899484][T23745] Call Trace: [ 904.902750][T23745] dump_stack+0x1d8/0x241 [ 904.907052][T23745] ? panic+0x73e/0x73e [ 904.911091][T23745] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 904.916873][T23745] should_fail+0x709/0x870 [ 904.921263][T23745] ? setup_fault_attr+0x3d0/0x3d0 [ 904.926255][T23745] ? sbitmap_queue_init_node+0xb3d/0xf70 [ 904.931855][T23745] ? blk_mq_alloc_rq_map+0xb3/0x1a0 [ 904.937021][T23745] should_failslab+0x5/0x20 [ 904.941494][T23745] __kmalloc+0x51/0x2b0 [ 904.945619][T23745] blk_mq_alloc_rq_map+0xb3/0x1a0 [ 904.950618][T23745] blk_mq_alloc_rq_maps+0x100/0x650 [ 904.955786][T23745] blk_mq_alloc_tag_set+0x50e/0x890 [ 904.960953][T23745] loop_add+0x22b/0x710 [ 904.965079][T23745] ? radix_tree_lookup+0x17a/0x1d0 [ 904.970157][T23745] loop_control_ioctl+0x564/0x740 [ 904.975149][T23745] ? loop_remove+0xa0/0xa0 [ 904.979543][T23745] ? __lru_cache_add+0x1bf/0x210 [ 904.984448][T23745] ? memset+0x1f/0x40 [ 904.988398][T23745] ? fsnotify+0x1332/0x13f0 [ 904.992870][T23745] ? loop_remove+0xa0/0xa0 [ 904.997254][T23745] do_vfs_ioctl+0x744/0x1730 [ 905.001902][T23745] ? selinux_file_ioctl+0x723/0x970 [ 905.007069][T23745] ? ioctl_preallocate+0x250/0x250 17:08:03 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 9) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1200, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x11, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) accept4$packet(r1, &(0x7f0000000080), &(0x7f0000000040)=0x14, 0x80000) (async) r2 = socket$packet(0x11, 0x2, 0x300) getsockopt$inet6_mreq(r2, 0x29, 0x0, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x8000, 0x2003}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x6) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x300, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 905.012147][T23745] ? __fget+0x40c/0x4a0 [ 905.016273][T23745] ? fget_many+0x20/0x20 [ 905.020487][T23745] ? check_preemption_disabled+0x154/0x330 [ 905.026260][T23745] ? debug_smp_processor_id+0x20/0x20 [ 905.031607][T23745] ? security_file_ioctl+0x9d/0xb0 [ 905.036688][T23745] __x64_sys_ioctl+0xd4/0x110 [ 905.041336][T23745] do_syscall_64+0xcb/0x1c0 [ 905.045811][T23745] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 905.051877][T23745] blk-mq: reduced tag depth (128 -> 64) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x13, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1300, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa00, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:03 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x7) 17:08:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x14, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 905.117591][T23779] FAULT_INJECTION: forcing a failure. [ 905.117591][T23779] name failslab, interval 1, probability 0, space 0, times 0 [ 905.130443][T23779] CPU: 0 PID: 23779 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 905.140656][T23779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 905.150692][T23779] Call Trace: [ 905.153975][T23779] dump_stack+0x1d8/0x241 [ 905.158277][T23779] ? panic+0x73e/0x73e [ 905.162314][T23779] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 905.168091][T23779] should_fail+0x709/0x870 [ 905.172517][T23779] ? setup_fault_attr+0x3d0/0x3d0 [ 905.177513][T23779] ? blk_mq_alloc_rq_map+0xe9/0x1a0 [ 905.182679][T23779] should_failslab+0x5/0x20 [ 905.187151][T23779] __kmalloc+0x51/0x2b0 [ 905.191284][T23779] ? blk_mq_alloc_rq_map+0xb3/0x1a0 [ 905.196452][T23779] blk_mq_alloc_rq_map+0xe9/0x1a0 [ 905.201443][T23779] blk_mq_alloc_rq_maps+0x100/0x650 [ 905.206610][T23779] blk_mq_alloc_tag_set+0x50e/0x890 [ 905.211779][T23779] loop_add+0x22b/0x710 [ 905.215905][T23779] ? radix_tree_lookup+0x17a/0x1d0 [ 905.220985][T23779] loop_control_ioctl+0x564/0x740 [ 905.225977][T23779] ? loop_remove+0xa0/0xa0 [ 905.230362][T23779] ? __lru_cache_add+0x1bf/0x210 [ 905.235270][T23779] ? memset+0x1f/0x40 [ 905.239221][T23779] ? fsnotify+0x1332/0x13f0 [ 905.243691][T23779] ? loop_remove+0xa0/0xa0 [ 905.248075][T23779] do_vfs_ioctl+0x744/0x1730 [ 905.252636][T23779] ? selinux_file_ioctl+0x723/0x970 [ 905.257804][T23779] ? ioctl_preallocate+0x250/0x250 [ 905.262884][T23779] ? __fget+0x40c/0x4a0 17:08:03 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 10) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r1) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x841) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x14c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x3f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0xff00}, {0x8, 0xb, 0x80000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8001}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0x8}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="c8000000", @ANYRES16=0x0, @ANYBLOB="08002cbd7000fddbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f4861635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757206655f6d61635f69735f6d756c74696361737400"], 0xc8}, 0x1, 0x0, 0x0, 0x2000c010}, 0x80) socketpair(0x5173bbcecf783fea, 0xa, 0x0, &(0x7f0000000580)) 17:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x235e, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1400, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x20000044) [ 905.267009][T23779] ? fget_many+0x20/0x20 [ 905.271221][T23779] ? check_preemption_disabled+0x154/0x330 [ 905.276994][T23779] ? debug_smp_processor_id+0x20/0x20 [ 905.282426][T23779] ? security_file_ioctl+0x9d/0xb0 [ 905.287502][T23779] __x64_sys_ioctl+0xd4/0x110 [ 905.292151][T23779] do_syscall_64+0xcb/0x1c0 [ 905.296623][T23779] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 905.302837][T23779] blk-mq: reduced tag depth (128 -> 64) 17:08:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r1) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x841) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x14c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x3f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0xff00}, {0x8, 0xb, 0x80000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8001}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0x8}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="c8000000", @ANYRES16=0x0, @ANYBLOB="08002cbd7000fddbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f4861635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757206655f6d61635f69735f6d756c74696361737400"], 0xc8}, 0x1, 0x0, 0x0, 0x2000c010}, 0x80) (async) socketpair(0x5173bbcecf783fea, 0xa, 0x0, &(0x7f0000000580)) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x2279, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x17, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x4000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r1) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x841) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x14c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x3f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0xff00}, {0x8, 0xb, 0x80000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8001}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0x8}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="c8000000", @ANYRES16=0x0, @ANYBLOB="08002cbd7000fddbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f4861635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757206655f6d61635f69735f6d756c74696361737400"], 0xc8}, 0x1, 0x0, 0x0, 0x2000c010}, 0x80) (async) socketpair(0x5173bbcecf783fea, 0xa, 0x0, &(0x7f0000000580)) 17:08:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000100)={0x3, r1}) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x6, 0x0, 0x1, 0x6, 0x6, @remote}, 0x14) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x2e, 0x6, @remote}, 0x14) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) accept4$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14, 0x80800) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 905.386275][T23797] FAULT_INJECTION: forcing a failure. [ 905.386275][T23797] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 905.401126][T23797] CPU: 0 PID: 23797 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 905.411371][T23797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 905.421405][T23797] Call Trace: [ 905.424673][T23797] dump_stack+0x1d8/0x241 [ 905.428973][T23797] ? panic+0x73e/0x73e [ 905.433009][T23797] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 905.438781][T23797] ? blk_mq_alloc_rq_map+0x93/0x1a0 [ 905.443946][T23797] should_fail+0x709/0x870 [ 905.448332][T23797] ? setup_fault_attr+0x3d0/0x3d0 [ 905.453326][T23797] ? blk_mq_alloc_rq_map+0xe9/0x1a0 [ 905.458508][T23797] ? blk_mq_alloc_rq_maps+0x100/0x650 [ 905.463845][T23797] ? blk_mq_alloc_tag_set+0x50e/0x890 [ 905.469190][T23797] ? loop_add+0x22b/0x710 [ 905.473486][T23797] ? loop_control_ioctl+0x564/0x740 [ 905.478651][T23797] ? __x64_sys_ioctl+0xd4/0x110 [ 905.483468][T23797] ? do_syscall_64+0xcb/0x1c0 [ 905.488114][T23797] __alloc_pages_nodemask+0x1b6/0x860 [ 905.493463][T23797] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 905.498976][T23797] ? find_next_bit+0xe5/0x110 [ 905.503620][T23797] ? blk_mq_hw_queue_to_node+0xeb/0x100 [ 905.509152][T23797] blk_mq_alloc_rqs+0x252/0x6d0 [ 905.513993][T23797] blk_mq_alloc_rq_maps+0x194/0x650 [ 905.519164][T23797] blk_mq_alloc_tag_set+0x50e/0x890 [ 905.524339][T23797] loop_add+0x22b/0x710 [ 905.528479][T23797] ? radix_tree_lookup+0x17a/0x1d0 [ 905.533562][T23797] loop_control_ioctl+0x564/0x740 [ 905.538558][T23797] ? loop_remove+0xa0/0xa0 [ 905.542943][T23797] ? __lru_cache_add+0x1bf/0x210 [ 905.547964][T23797] ? memset+0x1f/0x40 [ 905.551929][T23797] ? fsnotify+0x1332/0x13f0 [ 905.556406][T23797] ? loop_remove+0xa0/0xa0 [ 905.560797][T23797] do_vfs_ioctl+0x744/0x1730 [ 905.565360][T23797] ? selinux_file_ioctl+0x723/0x970 [ 905.570537][T23797] ? ioctl_preallocate+0x250/0x250 [ 905.575624][T23797] ? __fget+0x40c/0x4a0 [ 905.579752][T23797] ? fget_many+0x20/0x20 17:08:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 11) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000100)={0x3, r1}) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x6, 0x0, 0x1, 0x6, 0x6, @remote}, 0x14) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x2e, 0x6, @remote}, 0x14) (async) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) accept4$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14, 0x80800) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x6}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x4000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2}, 0x4) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x40, 0x7, 0x4, 0x7, {{0x1f, 0x4, 0x0, 0x13, 0x7c, 0x66, 0x0, 0x7, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}, {[@timestamp_addr={0x44, 0x34, 0x8f, 0x1, 0x6, [{@loopback, 0x7}, {@local, 0x5}, {@multicast1, 0x8}, {@private=0xa010101, 0xbc54}, {@rand_addr=0x64010102, 0x1ffe0}, {@local, 0xbcfb}]}, @end, @generic={0x94, 0x10, "286c38efd1ae998e55e0aa430d17"}, @ssrr={0x89, 0x7, 0xdd, [@multicast1]}, @end, @ra={0x94, 0x4}, @end, @rr={0x7, 0xf, 0xb2, [@remote, @broadcast, @multicast2]}, @generic={0x82, 0x2}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', r1, 0x0, 0x7, 0x400, 0xa709, {{0xb, 0x4, 0x3, 0x6, 0x2c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x17, 0x34, [@private=0xa010102, @local, @local, @private=0xa010100, @remote]}]}}}}}) r2 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x180000) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x5e23, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x40, 0x7, 0x4, 0x7, {{0x1f, 0x4, 0x0, 0x13, 0x7c, 0x66, 0x0, 0x7, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}, {[@timestamp_addr={0x44, 0x34, 0x8f, 0x1, 0x6, [{@loopback, 0x7}, {@local, 0x5}, {@multicast1, 0x8}, {@private=0xa010101, 0xbc54}, {@rand_addr=0x64010102, 0x1ffe0}, {@local, 0xbcfb}]}, @end, @generic={0x94, 0x10, "286c38efd1ae998e55e0aa430d17"}, @ssrr={0x89, 0x7, 0xdd, [@multicast1]}, @end, @ra={0x94, 0x4}, @end, @rr={0x7, 0xf, 0xb2, [@remote, @broadcast, @multicast2]}, @generic={0x82, 0x2}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', r1, 0x0, 0x7, 0x400, 0xa709, {{0xb, 0x4, 0x3, 0x6, 0x2c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x17, 0x34, [@private=0xa010102, @local, @local, @private=0xa010100, @remote]}]}}}}}) r2 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x180000) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x40, 0x7, 0x4, 0x7, {{0x1f, 0x4, 0x0, 0x13, 0x7c, 0x66, 0x0, 0x7, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}, {[@timestamp_addr={0x44, 0x34, 0x8f, 0x1, 0x6, [{@loopback, 0x7}, {@local, 0x5}, {@multicast1, 0x8}, {@private=0xa010101, 0xbc54}, {@rand_addr=0x64010102, 0x1ffe0}, {@local, 0xbcfb}]}, @end, @generic={0x94, 0x10, "286c38efd1ae998e55e0aa430d17"}, @ssrr={0x89, 0x7, 0xdd, [@multicast1]}, @end, @ra={0x94, 0x4}, @end, @rr={0x7, 0xf, 0xb2, [@remote, @broadcast, @multicast2]}, @generic={0x82, 0x2}, @ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', r1, 0x0, 0x7, 0x400, 0xa709, {{0xb, 0x4, 0x3, 0x6, 0x2c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x17, 0x34, [@private=0xa010102, @local, @local, @private=0xa010100, @remote]}]}}}}}) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x180000) (async) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x7922, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000100)={0x3, r1}) (async) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x6, 0x0, 0x1, 0x6, 0x6, @remote}, 0x14) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x2e, 0x6, @remote}, 0x14) (async) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async, rerun: 64) accept4$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14, 0x80800) (rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:04 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000000c0)=0x1, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$packet(0x11, 0x2, 0x300) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) connect$bt_rfcomm(r3, &(0x7f0000000140)={0x1f, @any, 0xf6}, 0xa) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000080)=@req3={0xce6, 0x2a23c0b9, 0x1, 0x9, 0xfffffffe, 0x1, 0x5}, 0x1c) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="2b6d656d6f7379202d63717520496370756168632e1f6a10e3580074530000"], 0x1f) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x80000001, 0x20840) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) ioctl$LOOP_SET_FD(r4, 0x4c00, r5) [ 905.583972][T23797] ? check_preemption_disabled+0x154/0x330 [ 905.589753][T23797] ? debug_smp_processor_id+0x20/0x20 [ 905.595094][T23797] ? security_file_ioctl+0x9d/0xb0 [ 905.600175][T23797] __x64_sys_ioctl+0xd4/0x110 [ 905.604823][T23797] do_syscall_64+0xcb/0x1c0 [ 905.609294][T23797] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x38000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 905.701887][T23831] FAULT_INJECTION: forcing a failure. [ 905.701887][T23831] name failslab, interval 1, probability 0, space 0, times 0 [ 905.716333][T23831] CPU: 1 PID: 23831 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 905.726571][T23831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 905.736615][T23831] Call Trace: [ 905.739882][T23831] dump_stack+0x1d8/0x241 [ 905.744190][T23831] ? panic+0x73e/0x73e [ 905.748240][T23831] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 905.754047][T23831] ? find_next_bit+0xe5/0x110 [ 905.758799][T23831] ? memset+0x1f/0x40 [ 905.762757][T23831] should_fail+0x709/0x870 [ 905.767142][T23831] ? blk_mq_alloc_rqs+0x664/0x6d0 [ 905.772133][T23831] ? setup_fault_attr+0x3d0/0x3d0 [ 905.777134][T23831] ? blk_mq_alloc_rq_maps+0x5ac/0x650 [ 905.782478][T23831] ? blk_alloc_queue_node+0x2c/0x580 [ 905.787763][T23831] should_failslab+0x5/0x20 [ 905.792248][T23831] kmem_cache_alloc+0x24/0x210 [ 905.796994][T23831] blk_alloc_queue_node+0x2c/0x580 [ 905.802073][T23831] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 905.807412][T23831] blk_mq_init_queue+0x33/0xa0 [ 905.812147][T23831] loop_add+0x256/0x710 [ 905.816277][T23831] ? radix_tree_lookup+0x17a/0x1d0 [ 905.821363][T23831] loop_control_ioctl+0x564/0x740 [ 905.826358][T23831] ? loop_remove+0xa0/0xa0 [ 905.830747][T23831] ? __lru_cache_add+0x1bf/0x210 [ 905.835664][T23831] ? memset+0x1f/0x40 [ 905.839617][T23831] ? fsnotify+0x1332/0x13f0 [ 905.844116][T23831] ? loop_remove+0xa0/0xa0 [ 905.848509][T23831] do_vfs_ioctl+0x744/0x1730 [ 905.853070][T23831] ? selinux_file_ioctl+0x723/0x970 [ 905.858240][T23831] ? ioctl_preallocate+0x250/0x250 [ 905.863322][T23831] ? __fget+0x40c/0x4a0 [ 905.867454][T23831] ? fget_many+0x20/0x20 [ 905.871668][T23831] ? check_preemption_disabled+0x154/0x330 [ 905.877443][T23831] ? debug_smp_processor_id+0x20/0x20 [ 905.882791][T23831] ? security_file_ioctl+0x9d/0xb0 [ 905.887880][T23831] __x64_sys_ioctl+0xd4/0x110 [ 905.892536][T23831] do_syscall_64+0xcb/0x1c0 [ 905.897018][T23831] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 12) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x38000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x40, 0x7, 0x4, 0x7, {{0x1f, 0x4, 0x0, 0x13, 0x7c, 0x66, 0x0, 0x7, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}, {[@timestamp_addr={0x44, 0x34, 0x8f, 0x1, 0x6, [{@loopback, 0x7}, {@local, 0x5}, {@multicast1, 0x8}, {@private=0xa010101, 0xbc54}, {@rand_addr=0x64010102, 0x1ffe0}, {@local, 0xbcfb}]}, @end, @generic={0x94, 0x10, "286c38efd1ae998e55e0aa430d17"}, @ssrr={0x89, 0x7, 0xdd, [@multicast1]}, @end, @ra={0x94, 0x4}, @end, @rr={0x7, 0xf, 0xb2, [@remote, @broadcast, @multicast2]}, @generic={0x82, 0x2}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', r1, 0x0, 0x7, 0x400, 0xa709, {{0xb, 0x4, 0x3, 0x6, 0x2c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x17, 0x34, [@private=0xa010102, @local, @local, @private=0xa010100, @remote]}]}}}}}) r2 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x180000) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x40, 0x7, 0x4, 0x7, {{0x1f, 0x4, 0x0, 0x13, 0x7c, 0x66, 0x0, 0x7, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}, {[@timestamp_addr={0x44, 0x34, 0x8f, 0x1, 0x6, [{@loopback, 0x7}, {@local, 0x5}, {@multicast1, 0x8}, {@private=0xa010101, 0xbc54}, {@rand_addr=0x64010102, 0x1ffe0}, {@local, 0xbcfb}]}, @end, @generic={0x94, 0x10, "286c38efd1ae998e55e0aa430d17"}, @ssrr={0x89, 0x7, 0xdd, [@multicast1]}, @end, @ra={0x94, 0x4}, @end, @rr={0x7, 0xf, 0xb2, [@remote, @broadcast, @multicast2]}, @generic={0x82, 0x2}, @ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', r1, 0x0, 0x7, 0x400, 0xa709, {{0xb, 0x4, 0x3, 0x6, 0x2c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x17, 0x34, [@private=0xa010102, @local, @local, @private=0xa010100, @remote]}]}}}}}) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x180000) (async) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:04 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000000c0)=0x1, 0x4) (async, rerun: 64) r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 64) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r2 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 32) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async, rerun: 64) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async, rerun: 64) connect$bt_rfcomm(r3, &(0x7f0000000140)={0x1f, @any, 0xf6}, 0xa) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000080)=@req3={0xce6, 0x2a23c0b9, 0x1, 0x9, 0xfffffffe, 0x1, 0x5}, 0x1c) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="2b6d656d6f7379202d63717520496370756168632e1f6a10e3580074530000"], 0x1f) (async, rerun: 64) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x80000001, 0x20840) (async, rerun: 64) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_SET_FD(r4, 0x4c00, r5) 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x800300, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$packet(r0, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x800300, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 905.931316][T23871] FAULT_INJECTION: forcing a failure. [ 905.931316][T23871] name failslab, interval 1, probability 0, space 0, times 0 [ 905.949108][T23871] CPU: 1 PID: 23871 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 905.959354][T23871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 905.969395][T23871] Call Trace: [ 905.972665][T23871] dump_stack+0x1d8/0x241 [ 905.976967][T23871] ? panic+0x73e/0x73e [ 905.981006][T23871] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 905.986788][T23871] should_fail+0x709/0x870 [ 905.991185][T23871] ? setup_fault_attr+0x3d0/0x3d0 [ 905.996269][T23871] ? mempool_init_node+0x131/0x500 [ 906.001352][T23871] should_failslab+0x5/0x20 [ 906.005826][T23871] __kmalloc+0x51/0x2b0 [ 906.009949][T23871] mempool_init_node+0x131/0x500 [ 906.014862][T23871] ? mempool_free+0x380/0x380 [ 906.019505][T23871] ? mempool_alloc_slab+0x20/0x20 [ 906.024498][T23871] mempool_init+0x35/0x50 [ 906.028802][T23871] bioset_init+0x41a/0x620 [ 906.033274][T23871] blk_alloc_queue_node+0xc4/0x580 [ 906.038355][T23871] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 906.043701][T23871] blk_mq_init_queue+0x33/0xa0 [ 906.048437][T23871] loop_add+0x256/0x710 [ 906.052560][T23871] ? radix_tree_lookup+0x17a/0x1d0 [ 906.057637][T23871] loop_control_ioctl+0x564/0x740 [ 906.062628][T23871] ? loop_remove+0xa0/0xa0 [ 906.067014][T23871] ? __lru_cache_add+0x1bf/0x210 [ 906.071918][T23871] ? memset+0x1f/0x40 [ 906.075866][T23871] ? fsnotify+0x1332/0x13f0 [ 906.080336][T23871] ? loop_remove+0xa0/0xa0 [ 906.084717][T23871] do_vfs_ioctl+0x744/0x1730 [ 906.089285][T23871] ? selinux_file_ioctl+0x723/0x970 [ 906.094449][T23871] ? ioctl_preallocate+0x250/0x250 [ 906.099528][T23871] ? __fget+0x40c/0x4a0 [ 906.103659][T23871] ? fget_many+0x20/0x20 [ 906.107869][T23871] ? check_preemption_disabled+0x154/0x330 [ 906.113640][T23871] ? debug_smp_processor_id+0x20/0x20 [ 906.118978][T23871] ? security_file_ioctl+0x9d/0xb0 [ 906.124057][T23871] __x64_sys_ioctl+0xd4/0x110 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x7}, 0x4) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}, 0x14) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (rerun: 32) 17:08:04 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000000c0)=0x1, 0x4) (async, rerun: 32) r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 32) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r2 = socket$packet(0x11, 0x2, 0x300) (async) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) connect$bt_rfcomm(r3, &(0x7f0000000140)={0x1f, @any, 0xf6}, 0xa) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async, rerun: 64) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000080)=@req3={0xce6, 0x2a23c0b9, 0x1, 0x9, 0xfffffffe, 0x1, 0x5}, 0x1c) (async, rerun: 64) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="2b6d656d6f7379202d63717520496370756168632e1f6a10e3580074530000"], 0x1f) (async) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x80000001, 0x20840) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) (async) ioctl$LOOP_SET_FD(r4, 0x4c00, r5) 17:08:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 13) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x1000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 906.128706][T23871] do_syscall_64+0xcb/0x1c0 [ 906.133185][T23871] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x20000044) 17:08:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x2000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$packet(r0, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) [ 906.182688][T23903] FAULT_INJECTION: forcing a failure. [ 906.182688][T23903] name failslab, interval 1, probability 0, space 0, times 0 [ 906.199392][T23903] CPU: 0 PID: 23903 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 906.209629][T23903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.219660][T23903] Call Trace: [ 906.222923][T23903] dump_stack+0x1d8/0x241 [ 906.227232][T23903] ? panic+0x73e/0x73e [ 906.231294][T23903] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 906.237072][T23903] should_fail+0x709/0x870 [ 906.241463][T23903] ? setup_fault_attr+0x3d0/0x3d0 [ 906.246453][T23903] ? mempool_init_node+0x1f6/0x500 [ 906.251531][T23903] should_failslab+0x5/0x20 [ 906.256002][T23903] kmem_cache_alloc+0x24/0x210 [ 906.260734][T23903] ? mempool_free+0x380/0x380 [ 906.265383][T23903] mempool_init_node+0x1f6/0x500 [ 906.270288][T23903] ? mempool_free+0x380/0x380 [ 906.274931][T23903] ? mempool_alloc_slab+0x20/0x20 [ 906.279919][T23903] mempool_init+0x35/0x50 [ 906.284216][T23903] bioset_init+0x41a/0x620 [ 906.288600][T23903] blk_alloc_queue_node+0xc4/0x580 [ 906.293677][T23903] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 906.299015][T23903] blk_mq_init_queue+0x33/0xa0 [ 906.303754][T23903] loop_add+0x256/0x710 [ 906.307884][T23903] ? radix_tree_lookup+0x17a/0x1d0 [ 906.312967][T23903] loop_control_ioctl+0x564/0x740 [ 906.317959][T23903] ? loop_remove+0xa0/0xa0 [ 906.322344][T23903] ? __lru_cache_add+0x1bf/0x210 [ 906.327247][T23903] ? memset+0x1f/0x40 [ 906.331195][T23903] ? fsnotify+0x1332/0x13f0 [ 906.335666][T23903] ? loop_remove+0xa0/0xa0 [ 906.340050][T23903] do_vfs_ioctl+0x744/0x1730 [ 906.344612][T23903] ? selinux_file_ioctl+0x723/0x970 [ 906.349784][T23903] ? ioctl_preallocate+0x250/0x250 [ 906.354862][T23903] ? __fget+0x40c/0x4a0 [ 906.358983][T23903] ? fget_many+0x20/0x20 [ 906.363190][T23903] ? check_preemption_disabled+0x154/0x330 [ 906.368960][T23903] ? debug_smp_processor_id+0x20/0x20 [ 906.374299][T23903] ? security_file_ioctl+0x9d/0xb0 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x2000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x3000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xec, r1, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x5}}, {0x8, 0xb, 0x1ff}, {0x6, 0x11, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x100}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x100}}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) 17:08:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 14) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x3000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 906.379377][T23903] __x64_sys_ioctl+0xd4/0x110 [ 906.384019][T23903] do_syscall_64+0xcb/0x1c0 [ 906.388489][T23903] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xec, r1, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x5}}, {0x8, 0xb, 0x1ff}, {0x6, 0x11, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x100}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x100}}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xec, r1, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x5}}, {0x8, 0xb, 0x1ff}, {0x6, 0x11, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x100}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x100}}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) (async) 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x4000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_VDPA_SET_VRING_ENABLE(0xffffffffffffffff, 0x4008af75, &(0x7f0000000080)={0x3, 0xe}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x200, 0x8004}, 0x2e) 17:08:05 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1f2, 0x159001) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0xa, 0x4, 0x10, "db2a99f227aca65b35b13e3756432dd955dbaff4244b0733e0ceb29f99f0e2577d09863c0784c0fa878e63afc48b52aa03c1f0a87db892279c44994368c537e8", "f5153fda7cfbd12294c7004a19b2fb3f892a21572c27ace51a5a47516e716086841c8fbb278deab1ee97d88696019652b049f83ffff85023ac0fd4f07ec0219d", "dbb4974f97f6350a194605d71282a5faf6622c2f1056eb04d9bc6f851d597d92", [0xd]}) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xbe, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) [ 906.444801][T23924] FAULT_INJECTION: forcing a failure. [ 906.444801][T23924] name failslab, interval 1, probability 0, space 0, times 0 [ 906.465783][T23924] CPU: 1 PID: 23924 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 906.476026][T23924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.486065][T23924] Call Trace: [ 906.489349][T23924] dump_stack+0x1d8/0x241 [ 906.493676][T23924] ? panic+0x73e/0x73e [ 906.497747][T23924] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 906.503528][T23924] should_fail+0x709/0x870 [ 906.507913][T23924] ? setup_fault_attr+0x3d0/0x3d0 [ 906.512903][T23924] ? mempool_init_node+0x1f6/0x500 [ 906.517981][T23924] should_failslab+0x5/0x20 [ 906.522451][T23924] kmem_cache_alloc+0x24/0x210 [ 906.527183][T23924] ? mempool_free+0x380/0x380 [ 906.531844][T23924] mempool_init_node+0x1f6/0x500 [ 906.536766][T23924] ? mempool_free+0x380/0x380 [ 906.541412][T23924] ? mempool_alloc_slab+0x20/0x20 [ 906.546401][T23924] mempool_init+0x35/0x50 [ 906.550697][T23924] bioset_init+0x41a/0x620 [ 906.555082][T23924] blk_alloc_queue_node+0xc4/0x580 [ 906.560161][T23924] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 906.565512][T23924] blk_mq_init_queue+0x33/0xa0 [ 906.570250][T23924] loop_add+0x256/0x710 [ 906.574405][T23924] ? radix_tree_lookup+0x17a/0x1d0 [ 906.579482][T23924] loop_control_ioctl+0x564/0x740 [ 906.584476][T23924] ? loop_remove+0xa0/0xa0 [ 906.588860][T23924] ? __lru_cache_add+0x1bf/0x210 [ 906.593774][T23924] ? memset+0x1f/0x40 [ 906.597725][T23924] ? fsnotify+0x1332/0x13f0 [ 906.602193][T23924] ? loop_remove+0xa0/0xa0 [ 906.606575][T23924] do_vfs_ioctl+0x744/0x1730 [ 906.611150][T23924] ? selinux_file_ioctl+0x723/0x970 [ 906.616315][T23924] ? ioctl_preallocate+0x250/0x250 [ 906.621400][T23924] ? __fget+0x40c/0x4a0 [ 906.625531][T23924] ? fget_many+0x20/0x20 [ 906.629747][T23924] ? check_preemption_disabled+0x154/0x330 [ 906.635520][T23924] ? debug_smp_processor_id+0x20/0x20 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x8000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:05 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1f2, 0x159001) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0xa, 0x4, 0x10, "db2a99f227aca65b35b13e3756432dd955dbaff4244b0733e0ceb29f99f0e2577d09863c0784c0fa878e63afc48b52aa03c1f0a87db892279c44994368c537e8", "f5153fda7cfbd12294c7004a19b2fb3f892a21572c27ace51a5a47516e716086841c8fbb278deab1ee97d88696019652b049f83ffff85023ac0fd4f07ec0219d", "dbb4974f97f6350a194605d71282a5faf6622c2f1056eb04d9bc6f851d597d92", [0xd]}) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xbe, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_open_dev$loop(&(0x7f0000000040), 0x1f2, 0x159001) (async) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0xa, 0x4, 0x10, "db2a99f227aca65b35b13e3756432dd955dbaff4244b0733e0ceb29f99f0e2577d09863c0784c0fa878e63afc48b52aa03c1f0a87db892279c44994368c537e8", "f5153fda7cfbd12294c7004a19b2fb3f892a21572c27ace51a5a47516e716086841c8fbb278deab1ee97d88696019652b049f83ffff85023ac0fd4f07ec0219d", "dbb4974f97f6350a194605d71282a5faf6622c2f1056eb04d9bc6f851d597d92", [0xd]}) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xbe, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) 17:08:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_VDPA_SET_VRING_ENABLE(0xffffffffffffffff, 0x4008af75, &(0x7f0000000080)={0x3, 0xe}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x200, 0x8004}, 0x2e) 17:08:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 15) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xec, r1, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x5}}, {0x8, 0xb, 0x1ff}, {0x6, 0x11, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x100}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x100}}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) 17:08:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_VDPA_SET_VRING_ENABLE(0xffffffffffffffff, 0x4008af75, &(0x7f0000000080)={0x3, 0xe}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x200, 0x8004}, 0x2e) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x3, 0x300) (async) ioctl$VHOST_VDPA_SET_VRING_ENABLE(0xffffffffffffffff, 0x4008af75, &(0x7f0000000080)={0x3, 0xe}) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x200, 0x8004}, 0x2e) (async) 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x5000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 906.640857][T23924] ? security_file_ioctl+0x9d/0xb0 [ 906.645936][T23924] __x64_sys_ioctl+0xd4/0x110 [ 906.650584][T23924] do_syscall_64+0xcb/0x1c0 [ 906.655067][T23924] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x6000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1f2, 0x159001) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0xa, 0x4, 0x10, "db2a99f227aca65b35b13e3756432dd955dbaff4244b0733e0ceb29f99f0e2577d09863c0784c0fa878e63afc48b52aa03c1f0a87db892279c44994368c537e8", "f5153fda7cfbd12294c7004a19b2fb3f892a21572c27ace51a5a47516e716086841c8fbb278deab1ee97d88696019652b049f83ffff85023ac0fd4f07ec0219d", "dbb4974f97f6350a194605d71282a5faf6622c2f1056eb04d9bc6f851d597d92", [0xd]}) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xbe, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_open_dev$loop(&(0x7f0000000040), 0x1f2, 0x159001) (async) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0xa, 0x4, 0x10, "db2a99f227aca65b35b13e3756432dd955dbaff4244b0733e0ceb29f99f0e2577d09863c0784c0fa878e63afc48b52aa03c1f0a87db892279c44994368c537e8", "f5153fda7cfbd12294c7004a19b2fb3f892a21572c27ace51a5a47516e716086841c8fbb278deab1ee97d88696019652b049f83ffff85023ac0fd4f07ec0219d", "dbb4974f97f6350a194605d71282a5faf6622c2f1056eb04d9bc6f851d597d92", [0xd]}) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xbe, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6gretap0\x00'}) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r1, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x1, 0x13, r2, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 906.701662][T23949] FAULT_INJECTION: forcing a failure. [ 906.701662][T23949] name failslab, interval 1, probability 0, space 0, times 0 [ 906.717461][T23949] CPU: 1 PID: 23949 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 906.727693][T23949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.737732][T23949] Call Trace: [ 906.740998][T23949] dump_stack+0x1d8/0x241 [ 906.745300][T23949] ? panic+0x73e/0x73e [ 906.749338][T23949] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 906.755118][T23949] should_fail+0x709/0x870 [ 906.759505][T23949] ? setup_fault_attr+0x3d0/0x3d0 [ 906.764500][T23949] ? mempool_init_node+0x131/0x500 [ 906.769577][T23949] should_failslab+0x5/0x20 [ 906.774050][T23949] __kmalloc+0x51/0x2b0 [ 906.778176][T23949] ? kmem_cache_alloc+0xd0/0x210 [ 906.783080][T23949] mempool_init_node+0x131/0x500 [ 906.787994][T23949] ? mempool_free+0x380/0x380 [ 906.792646][T23949] ? mempool_alloc_slab+0x20/0x20 [ 906.797643][T23949] mempool_init+0x35/0x50 [ 906.801942][T23949] bioset_init+0x4ec/0x620 [ 906.806326][T23949] blk_alloc_queue_node+0xc4/0x580 [ 906.811410][T23949] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 906.816754][T23949] blk_mq_init_queue+0x33/0xa0 [ 906.821486][T23949] loop_add+0x256/0x710 [ 906.825607][T23949] ? radix_tree_lookup+0x17a/0x1d0 [ 906.830682][T23949] loop_control_ioctl+0x564/0x740 [ 906.835676][T23949] ? loop_remove+0xa0/0xa0 [ 906.840058][T23949] ? __lru_cache_add+0x1bf/0x210 [ 906.844969][T23949] ? memset+0x1f/0x40 [ 906.848930][T23949] ? fsnotify+0x1332/0x13f0 [ 906.853401][T23949] ? loop_remove+0xa0/0xa0 [ 906.857798][T23949] do_vfs_ioctl+0x744/0x1730 [ 906.862360][T23949] ? selinux_file_ioctl+0x723/0x970 [ 906.867530][T23949] ? ioctl_preallocate+0x250/0x250 [ 906.872612][T23949] ? __fget+0x40c/0x4a0 [ 906.876734][T23949] ? fget_many+0x20/0x20 [ 906.880941][T23949] ? check_preemption_disabled+0x154/0x330 [ 906.886714][T23949] ? debug_smp_processor_id+0x20/0x20 [ 906.892052][T23949] ? security_file_ioctl+0x9d/0xb0 [ 906.897130][T23949] __x64_sys_ioctl+0xd4/0x110 17:08:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 16) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x8000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6gretap0\x00'}) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r1, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) (async) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x1, 0x13, r2, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x6}, 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (rerun: 64) 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x40000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 906.901779][T23949] do_syscall_64+0xcb/0x1c0 [ 906.906254][T23949] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x9000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) 17:08:05 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_FEATURES(r2, 0x4004af61, &(0x7f0000000340)=0x4000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8}, 0x4) 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x5e230000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 906.951027][T23993] FAULT_INJECTION: forcing a failure. [ 906.951027][T23993] name failslab, interval 1, probability 0, space 0, times 0 [ 906.965265][T23993] CPU: 1 PID: 23993 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 906.975494][T23993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.985611][T23993] Call Trace: [ 906.988878][T23993] dump_stack+0x1d8/0x241 [ 906.993176][T23993] ? panic+0x73e/0x73e [ 906.997211][T23993] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 907.002985][T23993] should_fail+0x709/0x870 [ 907.007370][T23993] ? setup_fault_attr+0x3d0/0x3d0 [ 907.012365][T23993] ? mempool_init_node+0x1f6/0x500 [ 907.017440][T23993] should_failslab+0x5/0x20 [ 907.021908][T23993] kmem_cache_alloc+0x24/0x210 [ 907.026637][T23993] ? mempool_free+0x380/0x380 [ 907.031366][T23993] mempool_init_node+0x1f6/0x500 [ 907.036273][T23993] ? mempool_free+0x380/0x380 [ 907.040928][T23993] ? mempool_alloc_slab+0x20/0x20 [ 907.045924][T23993] mempool_init+0x35/0x50 [ 907.050222][T23993] bioset_init+0x4ec/0x620 [ 907.054604][T23993] blk_alloc_queue_node+0xc4/0x580 [ 907.059680][T23993] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 907.065019][T23993] blk_mq_init_queue+0x33/0xa0 [ 907.069750][T23993] loop_add+0x256/0x710 [ 907.073873][T23993] ? radix_tree_lookup+0x17a/0x1d0 [ 907.078950][T23993] loop_control_ioctl+0x564/0x740 [ 907.083941][T23993] ? loop_remove+0xa0/0xa0 [ 907.088323][T23993] ? __lru_cache_add+0x1bf/0x210 [ 907.093227][T23993] ? memset+0x1f/0x40 [ 907.097182][T23993] ? fsnotify+0x1332/0x13f0 [ 907.101669][T23993] ? loop_remove+0xa0/0xa0 [ 907.106052][T23993] do_vfs_ioctl+0x744/0x1730 [ 907.110613][T23993] ? selinux_file_ioctl+0x723/0x970 [ 907.115796][T23993] ? ioctl_preallocate+0x250/0x250 [ 907.120874][T23993] ? __fget+0x40c/0x4a0 [ 907.124998][T23993] ? fget_many+0x20/0x20 [ 907.129205][T23993] ? check_preemption_disabled+0x154/0x330 [ 907.134976][T23993] ? debug_smp_processor_id+0x20/0x20 [ 907.140318][T23993] ? security_file_ioctl+0x9d/0xb0 [ 907.145397][T23993] __x64_sys_ioctl+0xd4/0x110 17:08:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6gretap0\x00'}) (async, rerun: 32) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) (rerun: 32) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r1, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) (async, rerun: 32) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x1, 0x13, r2, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 17) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:05 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_FEATURES(r2, 0x4004af61, &(0x7f0000000340)=0x4000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) (async) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_SET_FEATURES(r2, 0x4004af61, &(0x7f0000000340)=0x4000000) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8}, 0x4) (async) 17:08:05 executing program 4: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x9effffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 907.150042][T23993] do_syscall_64+0xcb/0x1c0 [ 907.154517][T23993] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xa000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xeaffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 907.198332][T24010] FAULT_INJECTION: forcing a failure. [ 907.198332][T24010] name failslab, interval 1, probability 0, space 0, times 0 [ 907.211076][T24010] CPU: 1 PID: 24010 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 907.221296][T24010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.231342][T24010] Call Trace: [ 907.234623][T24010] dump_stack+0x1d8/0x241 [ 907.238936][T24010] ? panic+0x73e/0x73e [ 907.242979][T24010] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 907.248755][T24010] should_fail+0x709/0x870 [ 907.253142][T24010] ? setup_fault_attr+0x3d0/0x3d0 [ 907.258133][T24010] ? mempool_init_node+0x1f6/0x500 [ 907.263211][T24010] should_failslab+0x5/0x20 [ 907.267705][T24010] kmem_cache_alloc+0x24/0x210 [ 907.272439][T24010] ? mempool_free+0x380/0x380 [ 907.277082][T24010] mempool_init_node+0x1f6/0x500 [ 907.282014][T24010] ? mempool_free+0x380/0x380 [ 907.286655][T24010] ? mempool_alloc_slab+0x20/0x20 [ 907.291642][T24010] mempool_init+0x35/0x50 [ 907.295941][T24010] bioset_init+0x4ec/0x620 [ 907.300327][T24010] blk_alloc_queue_node+0xc4/0x580 [ 907.305404][T24010] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 907.310740][T24010] blk_mq_init_queue+0x33/0xa0 [ 907.315471][T24010] loop_add+0x256/0x710 [ 907.319596][T24010] ? radix_tree_lookup+0x17a/0x1d0 [ 907.324673][T24010] loop_control_ioctl+0x564/0x740 [ 907.329663][T24010] ? loop_remove+0xa0/0xa0 [ 907.334046][T24010] ? __lru_cache_add+0x1bf/0x210 [ 907.338969][T24010] ? memset+0x1f/0x40 [ 907.342917][T24010] ? fsnotify+0x1332/0x13f0 [ 907.347396][T24010] ? loop_remove+0xa0/0xa0 [ 907.351779][T24010] do_vfs_ioctl+0x744/0x1730 [ 907.356335][T24010] ? selinux_file_ioctl+0x723/0x970 [ 907.361499][T24010] ? ioctl_preallocate+0x250/0x250 [ 907.366585][T24010] ? __fget+0x40c/0x4a0 [ 907.370715][T24010] ? fget_many+0x20/0x20 [ 907.374924][T24010] ? check_preemption_disabled+0x154/0x330 [ 907.380696][T24010] ? debug_smp_processor_id+0x20/0x20 [ 907.386038][T24010] ? security_file_ioctl+0x9d/0xb0 [ 907.391124][T24010] __x64_sys_ioctl+0xd4/0x110 17:08:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 18) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0xfffc}, 0x4) r1 = syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, "38271c259841ffff0e338aab69358dff8552b8937f55f95258a517edfabf1abfa9a2ebcf72dda59167ee55e6ee0b298939e904878db66dadd993f7edd4561699", "434cdf84ab5dadf219f832db22791f7d33f38ec248087bddd1b74276b7cd0e499b2fba77c20736c6056066b0de11a9fbce99f6313c9b0c9bf7cf749f6d905780", "ad5a2bead95d3fee40958180404be2bb7f512929a7bbf75d6ff4cc758ac1fb59", [0x301c]}) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x2) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x4}, 0x4) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xb000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:06 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) (async) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_SET_FEATURES(r2, 0x4004af61, &(0x7f0000000340)=0x4000000) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8}, 0x4) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xefffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 907.395778][T24010] do_syscall_64+0xcb/0x1c0 [ 907.400248][T24010] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:06 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="4300c89b07010035257154e6", @ANYRES16=r0, @ANYBLOB="20002dbd7000ffdbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="0500330000000000050033000100000005002e000000000008003a00030000000500290000000000"], 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x4000) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0xf0, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0xf0}}, 0x8000) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800600, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xf0ffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:06 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'pim6reg1\x00'}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x7}, 0x1) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x8000}, 0x4) r1 = syz_open_dev$loop(&(0x7f00000000c0), 0xb4, 0x23a2c1) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x12, 0xa, 0x9, "e1b62c228d0a75e44756fa6182ae30c6520db5cc06dbdbb7a026796e777332313e9c3902fe1c6d88e64051895f142e63f17d6b2f8f934ea8f97b2be2e1dba2f6", "cce20855d2d6a6e5cf1d8b4a495bc058eb8a60e6df975d9401dc656a87925e48fe092025c368f4f2780c75cdc5c1fefb7056c04536f2a1fde6043abf4d71b28e", "dba2664310808d05f0b08ca3c28d145a7a784e8cc46fe3f9402f0551ad6ab6b5", [0x850d, 0xe45]}) 17:08:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0xfffc}, 0x4) (async) r1 = syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, "38271c259841ffff0e338aab69358dff8552b8937f55f95258a517edfabf1abfa9a2ebcf72dda59167ee55e6ee0b298939e904878db66dadd993f7edd4561699", "434cdf84ab5dadf219f832db22791f7d33f38ec248087bddd1b74276b7cd0e499b2fba77c20736c6056066b0de11a9fbce99f6313c9b0c9bf7cf749f6d905780", "ad5a2bead95d3fee40958180404be2bb7f512929a7bbf75d6ff4cc758ac1fb59", [0x301c]}) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x2) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x4}, 0x4) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x10000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 907.439847][T24037] FAULT_INJECTION: forcing a failure. [ 907.439847][T24037] name failslab, interval 1, probability 0, space 0, times 0 [ 907.463473][T24037] CPU: 1 PID: 24037 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 907.473714][T24037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.483751][T24037] Call Trace: [ 907.487021][T24037] dump_stack+0x1d8/0x241 [ 907.491318][T24037] ? panic+0x73e/0x73e [ 907.495355][T24037] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 907.501129][T24037] ? mempool_init_node+0x1f6/0x500 [ 907.506205][T24037] should_fail+0x709/0x870 [ 907.510591][T24037] ? setup_fault_attr+0x3d0/0x3d0 [ 907.515584][T24037] ? mempool_free+0x380/0x380 [ 907.520228][T24037] ? mempool_alloc_slab+0x20/0x20 [ 907.525219][T24037] ? mempool_init+0x35/0x50 [ 907.529690][T24037] ? bdi_alloc_node+0x69/0xd0 [ 907.534352][T24037] should_failslab+0x5/0x20 [ 907.538822][T24037] kmem_cache_alloc_trace+0x28/0x240 [ 907.544071][T24037] bdi_alloc_node+0x69/0xd0 [ 907.548540][T24037] blk_alloc_queue_node+0x10b/0x580 [ 907.553717][T24037] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 907.559056][T24037] blk_mq_init_queue+0x33/0xa0 [ 907.563786][T24037] loop_add+0x256/0x710 [ 907.567906][T24037] ? radix_tree_lookup+0x17a/0x1d0 [ 907.572984][T24037] loop_control_ioctl+0x564/0x740 [ 907.577975][T24037] ? loop_remove+0xa0/0xa0 [ 907.582356][T24037] ? __lru_cache_add+0x1bf/0x210 [ 907.587272][T24037] ? memset+0x1f/0x40 [ 907.591221][T24037] ? fsnotify+0x1332/0x13f0 [ 907.595691][T24037] ? loop_remove+0xa0/0xa0 [ 907.600082][T24037] do_vfs_ioctl+0x744/0x1730 [ 907.604643][T24037] ? selinux_file_ioctl+0x723/0x970 [ 907.609830][T24037] ? ioctl_preallocate+0x250/0x250 [ 907.614910][T24037] ? __fget+0x40c/0x4a0 [ 907.619034][T24037] ? fget_many+0x20/0x20 [ 907.623243][T24037] ? check_preemption_disabled+0x154/0x330 [ 907.629013][T24037] ? debug_smp_processor_id+0x20/0x20 [ 907.634351][T24037] ? security_file_ioctl+0x9d/0xb0 17:08:06 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="4300c89b07010035257154e6", @ANYRES16=r0, @ANYBLOB="20002dbd7000ffdbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="0500330000000000050033000100000005002e000000000008003a00030000000500290000000000"], 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x4000) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0xf0, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0xf0}}, 0x8000) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800600, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="4300c89b07010035257154e6", @ANYRES16=r0, @ANYBLOB="20002dbd7000ffdbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="0500330000000000050033000100000005002e000000000008003a00030000000500290000000000"], 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x4000) (async) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0xf0, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0xf0}}, 0x8000) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800600, 0x0) (async) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) (async) 17:08:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 19) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:06 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'pim6reg1\x00'}) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x7}, 0x1) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x8000}, 0x4) (async) r1 = syz_open_dev$loop(&(0x7f00000000c0), 0xb4, 0x23a2c1) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x12, 0xa, 0x9, "e1b62c228d0a75e44756fa6182ae30c6520db5cc06dbdbb7a026796e777332313e9c3902fe1c6d88e64051895f142e63f17d6b2f8f934ea8f97b2be2e1dba2f6", "cce20855d2d6a6e5cf1d8b4a495bc058eb8a60e6df975d9401dc656a87925e48fe092025c368f4f2780c75cdc5c1fefb7056c04536f2a1fde6043abf4d71b28e", "dba2664310808d05f0b08ca3c28d145a7a784e8cc46fe3f9402f0551ad6ab6b5", [0x850d, 0xe45]}) [ 907.639442][T24037] __x64_sys_ioctl+0xd4/0x110 [ 907.644263][T24037] do_syscall_64+0xcb/0x1c0 [ 907.648733][T24037] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 907.680327][T24054] FAULT_INJECTION: forcing a failure. 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x11000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfeffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0xfffc}, 0x4) r1 = syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, "38271c259841ffff0e338aab69358dff8552b8937f55f95258a517edfabf1abfa9a2ebcf72dda59167ee55e6ee0b298939e904878db66dadd993f7edd4561699", "434cdf84ab5dadf219f832db22791f7d33f38ec248087bddd1b74276b7cd0e499b2fba77c20736c6056066b0de11a9fbce99f6313c9b0c9bf7cf749f6d905780", "ad5a2bead95d3fee40958180404be2bb7f512929a7bbf75d6ff4cc758ac1fb59", [0x301c]}) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x2) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0xfffc}, 0x4) (async) syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) (async) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, "38271c259841ffff0e338aab69358dff8552b8937f55f95258a517edfabf1abfa9a2ebcf72dda59167ee55e6ee0b298939e904878db66dadd993f7edd4561699", "434cdf84ab5dadf219f832db22791f7d33f38ec248087bddd1b74276b7cd0e499b2fba77c20736c6056066b0de11a9fbce99f6313c9b0c9bf7cf749f6d905780", "ad5a2bead95d3fee40958180404be2bb7f512929a7bbf75d6ff4cc758ac1fb59", [0x301c]}) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x2) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x4}, 0x4) (async) [ 907.680327][T24054] name failslab, interval 1, probability 0, space 0, times 0 [ 907.696621][T24054] CPU: 1 PID: 24054 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 907.706857][T24054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.716896][T24054] Call Trace: [ 907.720167][T24054] dump_stack+0x1d8/0x241 [ 907.724463][T24054] ? panic+0x73e/0x73e [ 907.728501][T24054] ? blk_mq_init_queue+0x33/0xa0 [ 907.733414][T24054] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 907.739190][T24054] ? __x64_sys_ioctl+0xd4/0x110 [ 907.744007][T24054] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 907.750241][T24054] should_fail+0x709/0x870 [ 907.754630][T24054] ? setup_fault_attr+0x3d0/0x3d0 [ 907.759634][T24054] ? bdi_init+0x19a/0xa90 [ 907.763933][T24054] should_failslab+0x5/0x20 [ 907.768406][T24054] kmem_cache_alloc_trace+0x28/0x240 [ 907.773664][T24054] bdi_init+0x19a/0xa90 [ 907.777795][T24054] ? kmem_cache_alloc_trace+0xd8/0x240 [ 907.783219][T24054] ? bdi_alloc_node+0x69/0xd0 [ 907.787876][T24054] bdi_alloc_node+0x79/0xd0 [ 907.792349][T24054] blk_alloc_queue_node+0x10b/0x580 [ 907.797512][T24054] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 907.802849][T24054] blk_mq_init_queue+0x33/0xa0 [ 907.807581][T24054] loop_add+0x256/0x710 [ 907.811716][T24054] ? radix_tree_lookup+0x17a/0x1d0 [ 907.816814][T24054] loop_control_ioctl+0x564/0x740 [ 907.821813][T24054] ? loop_remove+0xa0/0xa0 [ 907.826200][T24054] ? __lru_cache_add+0x1bf/0x210 [ 907.831114][T24054] ? memset+0x1f/0x40 [ 907.835066][T24054] ? fsnotify+0x1332/0x13f0 [ 907.839541][T24054] ? loop_remove+0xa0/0xa0 [ 907.843927][T24054] do_vfs_ioctl+0x744/0x1730 [ 907.848486][T24054] ? selinux_file_ioctl+0x723/0x970 [ 907.853650][T24054] ? ioctl_preallocate+0x250/0x250 [ 907.858728][T24054] ? __fget+0x40c/0x4a0 [ 907.862849][T24054] ? fget_many+0x20/0x20 [ 907.867059][T24054] ? check_preemption_disabled+0x154/0x330 [ 907.872830][T24054] ? debug_smp_processor_id+0x20/0x20 [ 907.878166][T24054] ? security_file_ioctl+0x9d/0xb0 [ 907.883245][T24054] __x64_sys_ioctl+0xd4/0x110 17:08:06 executing program 0: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) (async) r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="4300c89b07010035257154e6", @ANYRES16=r0, @ANYBLOB="20002dbd7000ffdbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="0500330000000000050033000100000005002e000000000008003a00030000000500290000000000"], 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x4000) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0xf0, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0xf0}}, 0x8000) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800600, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x12000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffff7f, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 20) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (rerun: 32) 17:08:06 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'pim6reg1\x00'}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x7}, 0x1) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x8000}, 0x4) r1 = syz_open_dev$loop(&(0x7f00000000c0), 0xb4, 0x23a2c1) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x12, 0xa, 0x9, "e1b62c228d0a75e44756fa6182ae30c6520db5cc06dbdbb7a026796e777332313e9c3902fe1c6d88e64051895f142e63f17d6b2f8f934ea8f97b2be2e1dba2f6", "cce20855d2d6a6e5cf1d8b4a495bc058eb8a60e6df975d9401dc656a87925e48fe092025c368f4f2780c75cdc5c1fefb7056c04536f2a1fde6043abf4d71b28e", "dba2664310808d05f0b08ca3c28d145a7a784e8cc46fe3f9402f0551ad6ab6b5", [0x850d, 0xe45]}) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x13000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 907.887904][T24054] do_syscall_64+0xcb/0x1c0 [ 907.892378][T24054] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r0, &(0x7f0000000000)={0x11, 0x8, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x1}, 0x4) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x14000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffff9e, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 907.953809][T24100] FAULT_INJECTION: forcing a failure. [ 907.953809][T24100] name failslab, interval 1, probability 0, space 0, times 0 [ 907.973522][T24100] CPU: 1 PID: 24100 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 907.983761][T24100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.993791][T24100] Call Trace: [ 907.997059][T24100] dump_stack+0x1d8/0x241 [ 908.001356][T24100] ? panic+0x73e/0x73e [ 908.005393][T24100] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 908.011281][T24100] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 908.016704][T24100] ? cpumask_next+0xc/0x20 [ 908.021094][T24100] should_fail+0x709/0x870 [ 908.025478][T24100] ? setup_fault_attr+0x3d0/0x3d0 [ 908.030470][T24100] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 908.036242][T24100] ? blk_alloc_queue_stats+0x48/0x100 [ 908.041585][T24100] should_failslab+0x5/0x20 [ 908.046056][T24100] kmem_cache_alloc_trace+0x28/0x240 [ 908.051310][T24100] blk_alloc_queue_stats+0x48/0x100 [ 908.056474][T24100] blk_alloc_queue_node+0x150/0x580 [ 908.061637][T24100] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 908.066980][T24100] blk_mq_init_queue+0x33/0xa0 [ 908.071720][T24100] loop_add+0x256/0x710 [ 908.075843][T24100] ? radix_tree_lookup+0x17a/0x1d0 [ 908.080941][T24100] loop_control_ioctl+0x564/0x740 [ 908.085958][T24100] ? loop_remove+0xa0/0xa0 [ 908.090341][T24100] ? __lru_cache_add+0x1bf/0x210 [ 908.095244][T24100] ? memset+0x1f/0x40 [ 908.099192][T24100] ? fsnotify+0x1332/0x13f0 [ 908.103662][T24100] ? loop_remove+0xa0/0xa0 [ 908.108047][T24100] do_vfs_ioctl+0x744/0x1730 [ 908.112606][T24100] ? selinux_file_ioctl+0x723/0x970 [ 908.117773][T24100] ? ioctl_preallocate+0x250/0x250 [ 908.122852][T24100] ? __fget+0x40c/0x4a0 [ 908.126975][T24100] ? fget_many+0x20/0x20 [ 908.131190][T24100] ? check_preemption_disabled+0x154/0x330 [ 908.136972][T24100] ? debug_smp_processor_id+0x20/0x20 [ 908.142313][T24100] ? security_file_ioctl+0x9d/0xb0 [ 908.147391][T24100] __x64_sys_ioctl+0xd4/0x110 17:08:06 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) (async, rerun: 32) r1 = socket$inet(0x2, 0x3, 0x3) (rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r0, &(0x7f0000000000)={0x11, 0x8, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) (async) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x1}, 0x4) (async) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffffea, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 21) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:06 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000b1570000000c00990000000000070000000500ee0000000000"], 0x28}}, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000980), 0x8, 0x2000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, &(0x7f00000009c0), 0x8) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="20020000", @ANYRES16=0x0, @ANYBLOB="00012abd7000ffdbdf253e000000080001007063690011000200303030303a30303a31302e32000000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f755263655f6d61635f69735f6d756c7469636173740005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e6574646576f3696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830001000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617304000520830001000000"], 0x220}}, 0x20000400) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r1) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000003c0)={0x150, r4, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe0, 0xa8, @random="308b07f8346eec69457bb981c15559c5fe65aa36d2a890f6f3c48361330f1aeb15d973ec5d977016ee1b207a8953c6a2194cb33cb83cf06f8484b9d9a1b76d167f8d826a30d29a6fda4c971613b7a9332c9e377ebcde1280917cf025d5f4925e4cdbb2da389a7b7d646add2f639c4b7ec9e5afd8b98d09b7d4cabd013ebd25abfe0549f1d9380dd4dd44d037e4d14e7b25f6e247ef5c7dcb6094080091eaff2eeb1f9e63392f55aa814e48260c4a5b5a83601c5cd07bd9a535c26ea7252a708d2141feb217fc3e4e5fd95beac005cdf6f467c20da23076ea2b51b084"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x8c0d0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000000)=@req={0x800, 0x6, 0x6, 0x7e}, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)={0x108, r2, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x2}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8001}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac04, 0xfac0c, 0xfac14, 0xfac10, 0xfac0d, 0xfac0e, 0xfac0e]}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x6004}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x3}, @crypto_settings=[@NL80211_ATTR_PMK={0x40, 0xfe, "794ce7e694691ab4b61512def5d65cf20ca4dce95eb2b0105e39e2acaddf8ef3639139b89b4d246b52982bb142f72eb792a99e4cb5e60a4500a9dae2"}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x40, 0x115, "5e27295f3d95ac6fbe2f6d97d3af7cfa85f77eccb700f86b03f6eede52236b22f7515520b50bda5389e64b68e8aae1bbd98f8bbdca9cd5385322c8a8"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x108}, 0x1, 0x0, 0x0, 0x20004880}, 0x44000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000a40), r3) r8 = syz_open_dev$vcsa(&(0x7f0000000a80), 0x7ff, 0x20000) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000ac0), 0x18000, 0x0) r10 = syz_open_dev$vcsa(&(0x7f0000000b00), 0x7, 0x8882) syz_open_procfs$namespace(0x0, &(0x7f0000000b40)='ns/pid_for_children\x00') connect$packet(r8, &(0x7f0000000d80)={0x11, 0x10, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14) r11 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000e00)='ns/pid_for_children\x00') sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000d40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000d00)={&(0x7f0000000b80)={0x16c, r7, 0x800, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r11}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r9}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r10}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4048841}, 0x4000) r12 = socket$packet(0x11, 0x2, 0x300) ioctl$VHOST_VDPA_SET_CONFIG_CALL(r10, 0x4004af77, &(0x7f0000000e40)=0xfffffffe) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r10, 0x28, 0x2, &(0x7f0000000dc0)=0x3, 0x8) setsockopt$packet_tx_ring(r12, 0x107, 0xd, 0x0, 0x0) getpeername$packet(r12, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000940)=0x14) 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x40000000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:06 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 908.152035][T24100] do_syscall_64+0xcb/0x1c0 [ 908.156510][T24100] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x79220000, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 908.210437][T24117] FAULT_INJECTION: forcing a failure. [ 908.210437][T24117] name failslab, interval 1, probability 0, space 0, times 0 [ 908.223780][T24117] CPU: 0 PID: 24117 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 908.234010][T24117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 908.244042][T24117] Call Trace: [ 908.247307][T24117] dump_stack+0x1d8/0x241 [ 908.251606][T24117] ? panic+0x73e/0x73e [ 908.255644][T24117] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 908.261427][T24117] ? pcpu_chunk_relocate+0xe5/0x3a0 [ 908.266596][T24117] should_fail+0x709/0x870 [ 908.270980][T24117] ? setup_fault_attr+0x3d0/0x3d0 [ 908.275982][T24117] ? find_next_bit+0xc6/0x110 [ 908.280630][T24117] ? cpumask_next+0xc/0x20 [ 908.285017][T24117] ? blk_mq_poll_stats_fn+0x1b0/0x1b0 [ 908.290357][T24117] ? blk_stat_alloc_callback+0x5c/0x210 [ 908.295871][T24117] should_failslab+0x5/0x20 [ 908.300343][T24117] kmem_cache_alloc_trace+0x28/0x240 [ 908.305596][T24117] ? blk_mq_poll_stats_fn+0x1b0/0x1b0 [ 908.310939][T24117] ? blk_mq_free_tag_set+0x480/0x480 [ 908.316190][T24117] blk_stat_alloc_callback+0x5c/0x210 [ 908.321538][T24117] blk_mq_init_allocated_queue+0x86/0x16c0 [ 908.327317][T24117] ? blk_alloc_queue_node+0x4e7/0x580 [ 908.332690][T24117] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 908.338032][T24117] blk_mq_init_queue+0x48/0xa0 [ 908.342770][T24117] loop_add+0x256/0x710 [ 908.346895][T24117] ? radix_tree_lookup+0x17a/0x1d0 [ 908.351974][T24117] loop_control_ioctl+0x564/0x740 [ 908.356968][T24117] ? loop_remove+0xa0/0xa0 [ 908.361351][T24117] ? __lru_cache_add+0x1bf/0x210 [ 908.366254][T24117] ? memset+0x1f/0x40 [ 908.370203][T24117] ? fsnotify+0x1332/0x13f0 [ 908.374676][T24117] ? loop_remove+0xa0/0xa0 [ 908.379062][T24117] do_vfs_ioctl+0x744/0x1730 [ 908.383621][T24117] ? selinux_file_ioctl+0x723/0x970 [ 908.388788][T24117] ? ioctl_preallocate+0x250/0x250 [ 908.393865][T24117] ? __fget+0x40c/0x4a0 [ 908.398000][T24117] ? fget_many+0x20/0x20 [ 908.402212][T24117] ? check_preemption_disabled+0x154/0x330 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffffef, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) connect$packet(r0, &(0x7f0000000000)={0x11, 0x8, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) (async) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x1}, 0x4) (async) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:07 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000b1570000000c00990000000000070000000500ee0000000000"], 0x28}}, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000980), 0x8, 0x2000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, &(0x7f00000009c0), 0x8) (async) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="20020000", @ANYRES16=0x0, @ANYBLOB="00012abd7000ffdbdf253e000000080001007063690011000200303030303a30303a31302e32000000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f755263655f6d61635f69735f6d756c7469636173740005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e6574646576f3696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830001000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617304000520830001000000"], 0x220}}, 0x20000400) (async) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r1) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000003c0)={0x150, r4, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe0, 0xa8, @random="308b07f8346eec69457bb981c15559c5fe65aa36d2a890f6f3c48361330f1aeb15d973ec5d977016ee1b207a8953c6a2194cb33cb83cf06f8484b9d9a1b76d167f8d826a30d29a6fda4c971613b7a9332c9e377ebcde1280917cf025d5f4925e4cdbb2da389a7b7d646add2f639c4b7ec9e5afd8b98d09b7d4cabd013ebd25abfe0549f1d9380dd4dd44d037e4d14e7b25f6e247ef5c7dcb6094080091eaff2eeb1f9e63392f55aa814e48260c4a5b5a83601c5cd07bd9a535c26ea7252a708d2141feb217fc3e4e5fd95beac005cdf6f467c20da23076ea2b51b084"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x8c0d0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000000)=@req={0x800, 0x6, 0x6, 0x7e}, 0x10) (async) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)={0x108, r2, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x2}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8001}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac04, 0xfac0c, 0xfac14, 0xfac10, 0xfac0d, 0xfac0e, 0xfac0e]}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x6004}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x3}, @crypto_settings=[@NL80211_ATTR_PMK={0x40, 0xfe, "794ce7e694691ab4b61512def5d65cf20ca4dce95eb2b0105e39e2acaddf8ef3639139b89b4d246b52982bb142f72eb792a99e4cb5e60a4500a9dae2"}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x40, 0x115, "5e27295f3d95ac6fbe2f6d97d3af7cfa85f77eccb700f86b03f6eede52236b22f7515520b50bda5389e64b68e8aae1bbd98f8bbdca9cd5385322c8a8"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x108}, 0x1, 0x0, 0x0, 0x20004880}, 0x44000) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000a40), r3) r8 = syz_open_dev$vcsa(&(0x7f0000000a80), 0x7ff, 0x20000) (async) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000ac0), 0x18000, 0x0) r10 = syz_open_dev$vcsa(&(0x7f0000000b00), 0x7, 0x8882) syz_open_procfs$namespace(0x0, &(0x7f0000000b40)='ns/pid_for_children\x00') (async) connect$packet(r8, &(0x7f0000000d80)={0x11, 0x10, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14) (async) r11 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000e00)='ns/pid_for_children\x00') sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000d40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000d00)={&(0x7f0000000b80)={0x16c, r7, 0x800, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r11}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r9}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r10}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4048841}, 0x4000) (async) r12 = socket$packet(0x11, 0x2, 0x300) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(r10, 0x4004af77, &(0x7f0000000e40)=0xfffffffe) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r10, 0x28, 0x2, &(0x7f0000000dc0)=0x3, 0x8) (async) setsockopt$packet_tx_ring(r12, 0x107, 0xd, 0x0, 0x0) (async) getpeername$packet(r12, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000940)=0x14) 17:08:07 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 22) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x9effffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 908.407986][T24117] ? debug_smp_processor_id+0x20/0x20 [ 908.413333][T24117] ? security_file_ioctl+0x9d/0xb0 [ 908.418414][T24117] __x64_sys_ioctl+0xd4/0x110 [ 908.423059][T24117] do_syscall_64+0xcb/0x1c0 [ 908.427538][T24117] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xeaffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfffffff0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 908.467279][T24144] FAULT_INJECTION: forcing a failure. [ 908.467279][T24144] name failslab, interval 1, probability 0, space 0, times 0 [ 908.481745][T24144] CPU: 0 PID: 24144 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 908.491971][T24144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 908.502003][T24144] Call Trace: [ 908.505271][T24144] dump_stack+0x1d8/0x241 [ 908.509571][T24144] ? panic+0x73e/0x73e [ 908.513607][T24144] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 908.519382][T24144] should_fail+0x709/0x870 [ 908.523797][T24144] ? setup_fault_attr+0x3d0/0x3d0 [ 908.528787][T24144] ? blk_mq_poll_stats_fn+0x1b0/0x1b0 [ 908.534123][T24144] ? blk_stat_alloc_callback+0x95/0x210 [ 908.539663][T24144] should_failslab+0x5/0x20 [ 908.544139][T24144] __kmalloc+0x51/0x2b0 [ 908.548263][T24144] ? blk_stat_alloc_callback+0x5c/0x210 [ 908.553772][T24144] ? blk_mq_poll_stats_fn+0x1b0/0x1b0 [ 908.559110][T24144] ? blk_mq_free_tag_set+0x480/0x480 [ 908.564361][T24144] blk_stat_alloc_callback+0x95/0x210 [ 908.569702][T24144] ? blk_mq_free_tag_set+0x480/0x480 [ 908.574955][T24144] ? blk_mq_poll_stats_fn+0x1b0/0x1b0 [ 908.580305][T24144] blk_mq_init_allocated_queue+0x86/0x16c0 [ 908.586086][T24144] ? blk_alloc_queue_node+0x4e7/0x580 [ 908.591443][T24144] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 908.596798][T24144] blk_mq_init_queue+0x48/0xa0 [ 908.601534][T24144] loop_add+0x256/0x710 [ 908.605659][T24144] ? radix_tree_lookup+0x17a/0x1d0 [ 908.610736][T24144] loop_control_ioctl+0x564/0x740 [ 908.615728][T24144] ? loop_remove+0xa0/0xa0 [ 908.620110][T24144] ? __lru_cache_add+0x1bf/0x210 [ 908.625021][T24144] ? memset+0x1f/0x40 [ 908.628976][T24144] ? fsnotify+0x1332/0x13f0 [ 908.633446][T24144] ? loop_remove+0xa0/0xa0 [ 908.637834][T24144] do_vfs_ioctl+0x744/0x1730 [ 908.642404][T24144] ? selinux_file_ioctl+0x723/0x970 [ 908.647574][T24144] ? ioctl_preallocate+0x250/0x250 [ 908.652652][T24144] ? __fget+0x40c/0x4a0 [ 908.656774][T24144] ? fget_many+0x20/0x20 [ 908.660983][T24144] ? check_preemption_disabled+0x154/0x330 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000a80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a40)={&(0x7f00000000c0)={0x964, 0x1, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x8}, [{{0x254, 0x1, {{0x2, 0x3b5}, 0xbc, 0x57, 0x0, 0xfff, 0x8, 'syz1\x00', "2300b76d0c96821dae1266356a192413439a901054ec79c4cbd6d216758e7568", "307c028aa792050494dff1ce8bbd1356f49ff3602c5b42ee4cae80e5e8a21f82", [{0x81, 0xf3aa, {0x2, 0xaff3}}, {0xab6, 0x3, {0x0, 0x401}}, {0x1, 0xffff, {0x3, 0x8}}, {0x1000, 0x7f, {0x0, 0x3}}, {0x1000, 0x40, {0x3, 0x6}}, {0x4, 0x7f, {0x3, 0x3}}, {0x41c9, 0x1f, {0x0, 0x9}}, {0x401, 0x3d6b, {0x0, 0x3f}}, {0x1f, 0x2826, {0x1, 0x2}}, {0x7, 0x2}, {0x5, 0x6, {0x1, 0x20}}, {0x200, 0x1, {0x2, 0x8}}, {0x1, 0x100, {0x0, 0x5}}, {0x80, 0x2ee3, {0x1, 0x800}}, {0x1, 0x8, {0x3, 0x8}}, {0x0, 0x1, {0x3, 0x7}}, {0x6, 0x4800, {0x3, 0x8}}, {0x2, 0x1, {0x1}}, {0x100, 0x317a, {0x0, 0x1f}}, {0x5, 0x9, {0x2, 0x101}}, {0x4, 0x57, {0x1, 0x8000}}, {0x101, 0xf, {0x3, 0x7}}, {0x5, 0x400, {0x3, 0x5}}, {0x1f, 0x400, {0x2, 0x8001}}, {0x1, 0x58, {0x0, 0x6}}, {0x0, 0x1, {0x3, 0x8}}, {0x7, 0x77, {0x1, 0xfffffe00}}, {0x7, 0x8, {0x1}}, {0x7fff, 0x7, {0x0, 0x1000}}, {0x7, 0x582, {0x3, 0x2}}, {0x1, 0x162f, {0x3, 0x75e2}}, {0x0, 0x6, {0x0, 0x8}}, {0x4, 0x1, {0x0, 0x99}}, {0x1a, 0x3, {0x2, 0x3f}}, {0x101, 0x200, {0x0, 0x8dcc}}, {0x4, 0x200, {0x1, 0x1ff}}, {0x1, 0x9, {0x0, 0x1}}, {0x6, 0x9, {0x0, 0x20}}, {0x6, 0x9, {0x3, 0x5}}, {0x7, 0x7fff, {0x3, 0x71e}}]}}}, {{0x254, 0x1, {{0x1, 0x3b43}, 0x30, 0xff, 0x250, 0x4, 0x1, 'syz1\x00', "fefeac90175f4ae53c812424824beeae9bc61a3c19423b9cdb90a0f4b99ce71b", "a220e92e0aad6231a28fa941dbcb1d42a76b2ae4a0d359851c04311dc43744dc", [{0x100, 0x1, {0x3, 0x6}}, {0xff0c, 0x1, {0x2, 0xfffffffc}}, {0x7, 0xe38c, {0x0, 0x941}}, {0xfff8, 0x23, {0x2}}, {0x7, 0x8, {0x2, 0x1}}, {0xcd, 0x0, {0x0, 0x3}}, {0x0, 0x8001, {0x3, 0xed78}}, {0x3, 0xff5b, {0x2, 0x7}}, {0x8001, 0xd15e, {0x3, 0x5}}, {0x9, 0x401, {0x3, 0x1}}, {0x8, 0x4, {0x0, 0x2}}, {0x8, 0x9, {0x0, 0x8}}, {0x8, 0x80, {0x2, 0x9}}, {0xfff, 0x2, {0x0, 0x8c}}, {0x5, 0x5, {0x1, 0x9}}, {0x80, 0x401, {0x2, 0x7}}, {0x4, 0x1f, {0x2, 0x81}}, {0x5f8, 0x7fff, {0x3, 0x8}}, {0x101, 0xffe0, {0x2, 0x3}}, {0x557, 0x7ff, {0x3, 0x1293de22}}, {0x57, 0xff, {0x0, 0x1}}, {0x1, 0x4, {0x2, 0x5}}, {0x81, 0xfff8, {0x2, 0x8}}, {0xffc0, 0x0, {0x2, 0x100}}, {0xfff0, 0x4, {0x3, 0x80000001}}, {0x7, 0x8, {0x3, 0x7b}}, {0x635e, 0x0, {0x3, 0x2}}, {0x101, 0x9724, {0x0, 0x10000}}, {0x0, 0xffff, {0x3, 0xfffffffa}}, {0xfff, 0x7ff, {0x3, 0x1ff}}, {0x1, 0x81, {0x1, 0x1f}}, {0x0, 0x8, {0x2, 0x7ff}}, {0x7, 0xfff9, {0x1}}, {0x2, 0x980, {0x1, 0x5}}, {0x76, 0x3525, {0x0, 0x8000}}, {0x9, 0x55bc, {0x2, 0x1}}, {0x8000, 0x8, {0x2, 0x750}}, {0x5, 0x7, {0x2, 0x1}}, {0x6, 0x9, {0x2, 0x7}}, {0x0, 0x6, {0x2, 0x49}}]}}}, {{0x254, 0x1, {{0x3, 0x7}, 0x1, 0x81, 0x8, 0x5, 0x16, 'syz0\x00', "2c308cc684aa59733c267b70431211ffe9bddd2fd9eb5a6ab56d371c134f124b", "3a62cc12173502439aea26dcce1bca8d1649d1147ac06c99aab2527229060c0a", [{0x7, 0xd, {0x0, 0x22b}}, {0x0, 0x0, {0x3, 0x2}}, {0x1, 0xfffe, {0x1, 0x7}}, {0xfe00, 0xc000, {0x3, 0xffff}}, {0x9, 0x0, {0x0, 0xfff}}, {0x2, 0x5, {0x0, 0x10001}}, {0x8, 0x4, {0x2, 0x7}}, {0x6, 0x2, {0x0, 0x2}}, {0x52b1, 0x5, {0x0, 0x6}}, {0x40, 0x551, {0x3, 0xfff}}, {0x5, 0x5, {0x3, 0x8f76}}, {0x400, 0x1, {0x1, 0x1f}}, {0x20, 0xf49, {0x3, 0x5}}, {0x2, 0x80, {0x0, 0x35a}}, {0xfffa, 0x94c8, {0x3, 0x2}}, {0x5, 0xff, {0x3, 0x101}}, {0x5, 0x7, {0x2, 0x3}}, {0x9, 0x5}, {0x401, 0x1, {0x2, 0x426c}}, {0x6, 0x30c, {0x2, 0x62bc}}, {0x8000, 0x40, {0x3, 0x9}}, {0xfe1d, 0x5c, {0x1, 0xe1e6}}, {0x7, 0x6, {0x1, 0x3}}, {0x0, 0x1000, {0x0, 0xff}}, {0xfffd, 0x6, {0x1, 0x7f}}, {0x43, 0xacc7, {0x1, 0x3f}}, {0x800, 0x8, {0x0, 0x7}}, {0x6, 0x4, {0x2, 0xff}}, {0x200, 0x1ff, {0x1, 0x7ff}}, {0x80, 0x6, {0x1, 0x5}}, {0x6, 0x9, {0x1, 0x1000}}, {0x1ff, 0x22, {0x0, 0x1}}, {0x8000, 0x2, {0x1, 0xfffff001}}, {0x1000, 0x7ff, {0x0, 0xac5}}, {0x1, 0x5, {0x1, 0x38}}, {0x3ff, 0x800, {0x2, 0x7f}}, {0x81, 0x7ff, {0x0, 0x3}}, {0x2, 0x1f, {0x3, 0x40000}}, {0x3, 0x8, {0x3, 0x1}}, {0xf2bb, 0xe80, {0x0, 0x1f}}]}}}, {{0x254, 0x1, {{0x3, 0x5fd7064e}, 0x6, 0x0, 0x71d, 0x1, 0x1e, 'syz1\x00', "15d2f8b2c2a7405cf1817b65c72a8a13a8d158ac6d690ec8503c229ebe51f7aa", "bd26692ff1134cff957169156c9c3e25a928bb627b3a78aed129b04ffbb05b78", [{0x2, 0xff, {0x2, 0x9}}, {0x9, 0x4, {0x2, 0xfff}}, {0xfff, 0x2, {0x3, 0x400}}, {0x0, 0xffff, {0x2, 0x1}}, {0x0, 0x100, {0x0, 0xffffffff}}, {0x1, 0x9, {0x3, 0xfffffffa}}, {0x9, 0xe39, {0x0, 0x2}}, {0x400, 0x1, {0x3, 0x80b}}, {0xffff, 0x1, {0x2, 0x1}}, {0xff, 0x8, {0x2, 0x8000}}, {0xfffa, 0x401, {0x3, 0x8}}, {0xe5, 0x4, {0x2}}, {0x8, 0x1, {0x0, 0x1b3}}, {0x9e4, 0x0, {0x3, 0x80}}, {0x40, 0x3, {0x2, 0x1}}, {0x200, 0x9428, {0x2, 0xfffffff7}}, {0x80c, 0x7, {0x0, 0x4}}, {0xffff, 0x8, {0x3, 0x9}}, {0x3, 0x8, {0x0, 0x6}}, {0x4, 0x4, {0x1}}, {0x120b, 0x1f, {0x2, 0xd3}}, {0x20, 0x1000, {0x2, 0x7fffffff}}, {0x5, 0x7, {0x3}}, {0x2, 0xdf8b, {0x1, 0x5}}, {0x81, 0x800, {0x2, 0x5}}, {0x20, 0x8, {0x2, 0x1}}, {0x9, 0x8996, {0x3, 0x80000000}}, {0x3, 0x80, {0x1, 0x800}}, {0x8, 0x9, {0x3, 0x6}}, {0x100, 0xd55a, {0x1, 0x9}}, {0x80, 0x3, {0x3, 0x3f}}, {0x8, 0x8, {0x2, 0x2}}, {0xadc, 0x5, {0x0, 0x8}}, {0x101, 0x2, {0x0, 0x7}}, {0x4, 0x5a5, {0x1, 0x3}}, {0x1f, 0x800, {0x2, 0x7}}, {0x4, 0x0, {0x3, 0x3}}, {0x2, 0x400, {0x2, 0x53cd}}, {0x1, 0x2b, {0x3, 0x2}}, {0x2, 0x2ef8, {0x1, 0xffffff0d}}]}}}]}, 0x964}}, 0x40000) 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000000)) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0xfffffffffffffc44) r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7c197914, 0x2042) socketpair(0xa, 0x0, 0x8, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)) r3 = getuid() mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x200000, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',version=9p2000.L,msize=0x0000000000000000,access=user,msize=0x0000000000000080,privport,subj_role=!,fowner>', @ANYRESDEC, @ANYBLOB=',subj_role={/*.(,fowner<', @ANYRESDEC=r3, @ANYBLOB="2c00743b6baa4a0f6c88638ecfc5645c5c214108da8d20379639a5ae2c704e4337c9feffc60815c2b57f6dc55c0eb466142fbd6313980061f26b26dc71099fd280914245eb7eeffb1589ebc8a328202df2e646ccbdf578f854545149753b93b213cbe28aba3a6bbe8826abdd92f743a1f61196cddc3bc148dd5b2027768e9e2ed90b5c8d8197106088c3103e11c11fb1ffdf0a96f4659f9766732e0a983c600fca5817571fbbe13e6f0bea8c"]) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000080)=0x3, 0x8) 17:08:07 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 23) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:07 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000b1570000000c00990000000000070000000500ee0000000000"], 0x28}}, 0x0) (async) r3 = syz_open_dev$vcsa(&(0x7f0000000980), 0x8, 0x2000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, &(0x7f00000009c0), 0x8) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="20020000", @ANYRES16=0x0, @ANYBLOB="00012abd7000ffdbdf253e000000080001007063690011000200303030303a30303a31302e32000000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f755263655f6d61635f69735f6d756c7469636173740005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c7469636173740005008300000000000e0001006e657464657673696d0000000f0002006e6574646576f3696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830001000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617304000520830001000000"], 0x220}}, 0x20000400) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r1) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000003c0)={0x150, r4, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe0, 0xa8, @random="308b07f8346eec69457bb981c15559c5fe65aa36d2a890f6f3c48361330f1aeb15d973ec5d977016ee1b207a8953c6a2194cb33cb83cf06f8484b9d9a1b76d167f8d826a30d29a6fda4c971613b7a9332c9e377ebcde1280917cf025d5f4925e4cdbb2da389a7b7d646add2f639c4b7ec9e5afd8b98d09b7d4cabd013ebd25abfe0549f1d9380dd4dd44d037e4d14e7b25f6e247ef5c7dcb6094080091eaff2eeb1f9e63392f55aa814e48260c4a5b5a83601c5cd07bd9a535c26ea7252a708d2141feb217fc3e4e5fd95beac005cdf6f467c20da23076ea2b51b084"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x8c0d0) (async) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000000)=@req={0x800, 0x6, 0x6, 0x7e}, 0x10) (async) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)={0x108, r2, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x2}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8001}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac04, 0xfac0c, 0xfac14, 0xfac10, 0xfac0d, 0xfac0e, 0xfac0e]}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x6004}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x3}, @crypto_settings=[@NL80211_ATTR_PMK={0x40, 0xfe, "794ce7e694691ab4b61512def5d65cf20ca4dce95eb2b0105e39e2acaddf8ef3639139b89b4d246b52982bb142f72eb792a99e4cb5e60a4500a9dae2"}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x40, 0x115, "5e27295f3d95ac6fbe2f6d97d3af7cfa85f77eccb700f86b03f6eede52236b22f7515520b50bda5389e64b68e8aae1bbd98f8bbdca9cd5385322c8a8"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x108}, 0x1, 0x0, 0x0, 0x20004880}, 0x44000) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000a40), r3) (async) r8 = syz_open_dev$vcsa(&(0x7f0000000a80), 0x7ff, 0x20000) (async) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000ac0), 0x18000, 0x0) (async) r10 = syz_open_dev$vcsa(&(0x7f0000000b00), 0x7, 0x8882) (async) syz_open_procfs$namespace(0x0, &(0x7f0000000b40)='ns/pid_for_children\x00') connect$packet(r8, &(0x7f0000000d80)={0x11, 0x10, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14) r11 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000e00)='ns/pid_for_children\x00') sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000d40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000d00)={&(0x7f0000000b80)={0x16c, r7, 0x800, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r11}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r9}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r10}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4048841}, 0x4000) r12 = socket$packet(0x11, 0x2, 0x300) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(r10, 0x4004af77, &(0x7f0000000e40)=0xfffffffe) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r10, 0x28, 0x2, &(0x7f0000000dc0)=0x3, 0x8) setsockopt$packet_tx_ring(r12, 0x107, 0xd, 0x0, 0x0) getpeername$packet(r12, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000940)=0x14) 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000a80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a40)={&(0x7f00000000c0)={0x964, 0x1, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x8}, [{{0x254, 0x1, {{0x2, 0x3b5}, 0xbc, 0x57, 0x0, 0xfff, 0x8, 'syz1\x00', "2300b76d0c96821dae1266356a192413439a901054ec79c4cbd6d216758e7568", "307c028aa792050494dff1ce8bbd1356f49ff3602c5b42ee4cae80e5e8a21f82", [{0x81, 0xf3aa, {0x2, 0xaff3}}, {0xab6, 0x3, {0x0, 0x401}}, {0x1, 0xffff, {0x3, 0x8}}, {0x1000, 0x7f, {0x0, 0x3}}, {0x1000, 0x40, {0x3, 0x6}}, {0x4, 0x7f, {0x3, 0x3}}, {0x41c9, 0x1f, {0x0, 0x9}}, {0x401, 0x3d6b, {0x0, 0x3f}}, {0x1f, 0x2826, {0x1, 0x2}}, {0x7, 0x2}, {0x5, 0x6, {0x1, 0x20}}, {0x200, 0x1, {0x2, 0x8}}, {0x1, 0x100, {0x0, 0x5}}, {0x80, 0x2ee3, {0x1, 0x800}}, {0x1, 0x8, {0x3, 0x8}}, {0x0, 0x1, {0x3, 0x7}}, {0x6, 0x4800, {0x3, 0x8}}, {0x2, 0x1, {0x1}}, {0x100, 0x317a, {0x0, 0x1f}}, {0x5, 0x9, {0x2, 0x101}}, {0x4, 0x57, {0x1, 0x8000}}, {0x101, 0xf, {0x3, 0x7}}, {0x5, 0x400, {0x3, 0x5}}, {0x1f, 0x400, {0x2, 0x8001}}, {0x1, 0x58, {0x0, 0x6}}, {0x0, 0x1, {0x3, 0x8}}, {0x7, 0x77, {0x1, 0xfffffe00}}, {0x7, 0x8, {0x1}}, {0x7fff, 0x7, {0x0, 0x1000}}, {0x7, 0x582, {0x3, 0x2}}, {0x1, 0x162f, {0x3, 0x75e2}}, {0x0, 0x6, {0x0, 0x8}}, {0x4, 0x1, {0x0, 0x99}}, {0x1a, 0x3, {0x2, 0x3f}}, {0x101, 0x200, {0x0, 0x8dcc}}, {0x4, 0x200, {0x1, 0x1ff}}, {0x1, 0x9, {0x0, 0x1}}, {0x6, 0x9, {0x0, 0x20}}, {0x6, 0x9, {0x3, 0x5}}, {0x7, 0x7fff, {0x3, 0x71e}}]}}}, {{0x254, 0x1, {{0x1, 0x3b43}, 0x30, 0xff, 0x250, 0x4, 0x1, 'syz1\x00', "fefeac90175f4ae53c812424824beeae9bc61a3c19423b9cdb90a0f4b99ce71b", "a220e92e0aad6231a28fa941dbcb1d42a76b2ae4a0d359851c04311dc43744dc", [{0x100, 0x1, {0x3, 0x6}}, {0xff0c, 0x1, {0x2, 0xfffffffc}}, {0x7, 0xe38c, {0x0, 0x941}}, {0xfff8, 0x23, {0x2}}, {0x7, 0x8, {0x2, 0x1}}, {0xcd, 0x0, {0x0, 0x3}}, {0x0, 0x8001, {0x3, 0xed78}}, {0x3, 0xff5b, {0x2, 0x7}}, {0x8001, 0xd15e, {0x3, 0x5}}, {0x9, 0x401, {0x3, 0x1}}, {0x8, 0x4, {0x0, 0x2}}, {0x8, 0x9, {0x0, 0x8}}, {0x8, 0x80, {0x2, 0x9}}, {0xfff, 0x2, {0x0, 0x8c}}, {0x5, 0x5, {0x1, 0x9}}, {0x80, 0x401, {0x2, 0x7}}, {0x4, 0x1f, {0x2, 0x81}}, {0x5f8, 0x7fff, {0x3, 0x8}}, {0x101, 0xffe0, {0x2, 0x3}}, {0x557, 0x7ff, {0x3, 0x1293de22}}, {0x57, 0xff, {0x0, 0x1}}, {0x1, 0x4, {0x2, 0x5}}, {0x81, 0xfff8, {0x2, 0x8}}, {0xffc0, 0x0, {0x2, 0x100}}, {0xfff0, 0x4, {0x3, 0x80000001}}, {0x7, 0x8, {0x3, 0x7b}}, {0x635e, 0x0, {0x3, 0x2}}, {0x101, 0x9724, {0x0, 0x10000}}, {0x0, 0xffff, {0x3, 0xfffffffa}}, {0xfff, 0x7ff, {0x3, 0x1ff}}, {0x1, 0x81, {0x1, 0x1f}}, {0x0, 0x8, {0x2, 0x7ff}}, {0x7, 0xfff9, {0x1}}, {0x2, 0x980, {0x1, 0x5}}, {0x76, 0x3525, {0x0, 0x8000}}, {0x9, 0x55bc, {0x2, 0x1}}, {0x8000, 0x8, {0x2, 0x750}}, {0x5, 0x7, {0x2, 0x1}}, {0x6, 0x9, {0x2, 0x7}}, {0x0, 0x6, {0x2, 0x49}}]}}}, {{0x254, 0x1, {{0x3, 0x7}, 0x1, 0x81, 0x8, 0x5, 0x16, 'syz0\x00', "2c308cc684aa59733c267b70431211ffe9bddd2fd9eb5a6ab56d371c134f124b", "3a62cc12173502439aea26dcce1bca8d1649d1147ac06c99aab2527229060c0a", [{0x7, 0xd, {0x0, 0x22b}}, {0x0, 0x0, {0x3, 0x2}}, {0x1, 0xfffe, {0x1, 0x7}}, {0xfe00, 0xc000, {0x3, 0xffff}}, {0x9, 0x0, {0x0, 0xfff}}, {0x2, 0x5, {0x0, 0x10001}}, {0x8, 0x4, {0x2, 0x7}}, {0x6, 0x2, {0x0, 0x2}}, {0x52b1, 0x5, {0x0, 0x6}}, {0x40, 0x551, {0x3, 0xfff}}, {0x5, 0x5, {0x3, 0x8f76}}, {0x400, 0x1, {0x1, 0x1f}}, {0x20, 0xf49, {0x3, 0x5}}, {0x2, 0x80, {0x0, 0x35a}}, {0xfffa, 0x94c8, {0x3, 0x2}}, {0x5, 0xff, {0x3, 0x101}}, {0x5, 0x7, {0x2, 0x3}}, {0x9, 0x5}, {0x401, 0x1, {0x2, 0x426c}}, {0x6, 0x30c, {0x2, 0x62bc}}, {0x8000, 0x40, {0x3, 0x9}}, {0xfe1d, 0x5c, {0x1, 0xe1e6}}, {0x7, 0x6, {0x1, 0x3}}, {0x0, 0x1000, {0x0, 0xff}}, {0xfffd, 0x6, {0x1, 0x7f}}, {0x43, 0xacc7, {0x1, 0x3f}}, {0x800, 0x8, {0x0, 0x7}}, {0x6, 0x4, {0x2, 0xff}}, {0x200, 0x1ff, {0x1, 0x7ff}}, {0x80, 0x6, {0x1, 0x5}}, {0x6, 0x9, {0x1, 0x1000}}, {0x1ff, 0x22, {0x0, 0x1}}, {0x8000, 0x2, {0x1, 0xfffff001}}, {0x1000, 0x7ff, {0x0, 0xac5}}, {0x1, 0x5, {0x1, 0x38}}, {0x3ff, 0x800, {0x2, 0x7f}}, {0x81, 0x7ff, {0x0, 0x3}}, {0x2, 0x1f, {0x3, 0x40000}}, {0x3, 0x8, {0x3, 0x1}}, {0xf2bb, 0xe80, {0x0, 0x1f}}]}}}, {{0x254, 0x1, {{0x3, 0x5fd7064e}, 0x6, 0x0, 0x71d, 0x1, 0x1e, 'syz1\x00', "15d2f8b2c2a7405cf1817b65c72a8a13a8d158ac6d690ec8503c229ebe51f7aa", "bd26692ff1134cff957169156c9c3e25a928bb627b3a78aed129b04ffbb05b78", [{0x2, 0xff, {0x2, 0x9}}, {0x9, 0x4, {0x2, 0xfff}}, {0xfff, 0x2, {0x3, 0x400}}, {0x0, 0xffff, {0x2, 0x1}}, {0x0, 0x100, {0x0, 0xffffffff}}, {0x1, 0x9, {0x3, 0xfffffffa}}, {0x9, 0xe39, {0x0, 0x2}}, {0x400, 0x1, {0x3, 0x80b}}, {0xffff, 0x1, {0x2, 0x1}}, {0xff, 0x8, {0x2, 0x8000}}, {0xfffa, 0x401, {0x3, 0x8}}, {0xe5, 0x4, {0x2}}, {0x8, 0x1, {0x0, 0x1b3}}, {0x9e4, 0x0, {0x3, 0x80}}, {0x40, 0x3, {0x2, 0x1}}, {0x200, 0x9428, {0x2, 0xfffffff7}}, {0x80c, 0x7, {0x0, 0x4}}, {0xffff, 0x8, {0x3, 0x9}}, {0x3, 0x8, {0x0, 0x6}}, {0x4, 0x4, {0x1}}, {0x120b, 0x1f, {0x2, 0xd3}}, {0x20, 0x1000, {0x2, 0x7fffffff}}, {0x5, 0x7, {0x3}}, {0x2, 0xdf8b, {0x1, 0x5}}, {0x81, 0x800, {0x2, 0x5}}, {0x20, 0x8, {0x2, 0x1}}, {0x9, 0x8996, {0x3, 0x80000000}}, {0x3, 0x80, {0x1, 0x800}}, {0x8, 0x9, {0x3, 0x6}}, {0x100, 0xd55a, {0x1, 0x9}}, {0x80, 0x3, {0x3, 0x3f}}, {0x8, 0x8, {0x2, 0x2}}, {0xadc, 0x5, {0x0, 0x8}}, {0x101, 0x2, {0x0, 0x7}}, {0x4, 0x5a5, {0x1, 0x3}}, {0x1f, 0x800, {0x2, 0x7}}, {0x4, 0x0, {0x3, 0x3}}, {0x2, 0x400, {0x2, 0x53cd}}, {0x1, 0x2b, {0x3, 0x2}}, {0x2, 0x2ef8, {0x1, 0xffffff0d}}]}}}]}, 0x964}}, 0x40000) [ 908.666757][T24144] ? debug_smp_processor_id+0x20/0x20 [ 908.672096][T24144] ? security_file_ioctl+0x9d/0xb0 [ 908.677172][T24144] __x64_sys_ioctl+0xd4/0x110 [ 908.681816][T24144] do_syscall_64+0xcb/0x1c0 [ 908.686291][T24144] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xefffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfffffffe, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 908.730339][T24165] FAULT_INJECTION: forcing a failure. [ 908.730339][T24165] name failslab, interval 1, probability 0, space 0, times 0 [ 908.743916][T24165] CPU: 0 PID: 24165 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 908.754141][T24165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 908.764172][T24165] Call Trace: [ 908.767435][T24165] dump_stack+0x1d8/0x241 [ 908.771731][T24165] ? panic+0x73e/0x73e [ 908.775765][T24165] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 908.781536][T24165] should_fail+0x709/0x870 [ 908.785953][T24165] ? setup_fault_attr+0x3d0/0x3d0 [ 908.790946][T24165] ? blk_mq_init_allocated_queue+0xef/0x16c0 [ 908.796900][T24165] should_failslab+0x5/0x20 [ 908.801370][T24165] kmem_cache_alloc_trace+0x28/0x240 [ 908.806652][T24165] blk_mq_init_allocated_queue+0xef/0x16c0 [ 908.812426][T24165] ? blk_alloc_queue_node+0x4e7/0x580 [ 908.817796][T24165] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 908.823131][T24165] blk_mq_init_queue+0x48/0xa0 [ 908.827862][T24165] loop_add+0x256/0x710 [ 908.831985][T24165] ? radix_tree_lookup+0x17a/0x1d0 [ 908.837063][T24165] loop_control_ioctl+0x564/0x740 [ 908.842051][T24165] ? loop_remove+0xa0/0xa0 [ 908.846433][T24165] ? __lru_cache_add+0x1bf/0x210 [ 908.851336][T24165] ? memset+0x1f/0x40 [ 908.855286][T24165] ? fsnotify+0x1332/0x13f0 [ 908.859753][T24165] ? loop_remove+0xa0/0xa0 [ 908.864135][T24165] do_vfs_ioctl+0x744/0x1730 [ 908.868693][T24165] ? selinux_file_ioctl+0x723/0x970 [ 908.873858][T24165] ? ioctl_preallocate+0x250/0x250 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000000)) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0xfffffffffffffc44) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7c197914, 0x2042) (async) socketpair(0xa, 0x0, 0x8, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)) r3 = getuid() mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x200000, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',version=9p2000.L,msize=0x0000000000000000,access=user,msize=0x0000000000000080,privport,subj_role=!,fowner>', @ANYRESDEC, @ANYBLOB=',subj_role={/*.(,fowner<', @ANYRESDEC=r3, @ANYBLOB="2c00743b6baa4a0f6c88638ecfc5645c5c214108da8d20379639a5ae2c704e4337c9feffc60815c2b57f6dc55c0eb466142fbd6313980061f26b26dc71099fd280914245eb7eeffb1589ebc8a328202df2e646ccbdf578f854545149753b93b213cbe28aba3a6bbe8826abdd92f743a1f61196cddc3bc148dd5b2027768e9e2ed90b5c8d8197106088c3103e11c11fb1ffdf0a96f4659f9766732e0a983c600fca5817571fbbe13e6f0bea8c"]) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000080)=0x3, 0x8) 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000a80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a40)={&(0x7f00000000c0)={0x964, 0x1, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x8}, [{{0x254, 0x1, {{0x2, 0x3b5}, 0xbc, 0x57, 0x0, 0xfff, 0x8, 'syz1\x00', "2300b76d0c96821dae1266356a192413439a901054ec79c4cbd6d216758e7568", "307c028aa792050494dff1ce8bbd1356f49ff3602c5b42ee4cae80e5e8a21f82", [{0x81, 0xf3aa, {0x2, 0xaff3}}, {0xab6, 0x3, {0x0, 0x401}}, {0x1, 0xffff, {0x3, 0x8}}, {0x1000, 0x7f, {0x0, 0x3}}, {0x1000, 0x40, {0x3, 0x6}}, {0x4, 0x7f, {0x3, 0x3}}, {0x41c9, 0x1f, {0x0, 0x9}}, {0x401, 0x3d6b, {0x0, 0x3f}}, {0x1f, 0x2826, {0x1, 0x2}}, {0x7, 0x2}, {0x5, 0x6, {0x1, 0x20}}, {0x200, 0x1, {0x2, 0x8}}, {0x1, 0x100, {0x0, 0x5}}, {0x80, 0x2ee3, {0x1, 0x800}}, {0x1, 0x8, {0x3, 0x8}}, {0x0, 0x1, {0x3, 0x7}}, {0x6, 0x4800, {0x3, 0x8}}, {0x2, 0x1, {0x1}}, {0x100, 0x317a, {0x0, 0x1f}}, {0x5, 0x9, {0x2, 0x101}}, {0x4, 0x57, {0x1, 0x8000}}, {0x101, 0xf, {0x3, 0x7}}, {0x5, 0x400, {0x3, 0x5}}, {0x1f, 0x400, {0x2, 0x8001}}, {0x1, 0x58, {0x0, 0x6}}, {0x0, 0x1, {0x3, 0x8}}, {0x7, 0x77, {0x1, 0xfffffe00}}, {0x7, 0x8, {0x1}}, {0x7fff, 0x7, {0x0, 0x1000}}, {0x7, 0x582, {0x3, 0x2}}, {0x1, 0x162f, {0x3, 0x75e2}}, {0x0, 0x6, {0x0, 0x8}}, {0x4, 0x1, {0x0, 0x99}}, {0x1a, 0x3, {0x2, 0x3f}}, {0x101, 0x200, {0x0, 0x8dcc}}, {0x4, 0x200, {0x1, 0x1ff}}, {0x1, 0x9, {0x0, 0x1}}, {0x6, 0x9, {0x0, 0x20}}, {0x6, 0x9, {0x3, 0x5}}, {0x7, 0x7fff, {0x3, 0x71e}}]}}}, {{0x254, 0x1, {{0x1, 0x3b43}, 0x30, 0xff, 0x250, 0x4, 0x1, 'syz1\x00', "fefeac90175f4ae53c812424824beeae9bc61a3c19423b9cdb90a0f4b99ce71b", "a220e92e0aad6231a28fa941dbcb1d42a76b2ae4a0d359851c04311dc43744dc", [{0x100, 0x1, {0x3, 0x6}}, {0xff0c, 0x1, {0x2, 0xfffffffc}}, {0x7, 0xe38c, {0x0, 0x941}}, {0xfff8, 0x23, {0x2}}, {0x7, 0x8, {0x2, 0x1}}, {0xcd, 0x0, {0x0, 0x3}}, {0x0, 0x8001, {0x3, 0xed78}}, {0x3, 0xff5b, {0x2, 0x7}}, {0x8001, 0xd15e, {0x3, 0x5}}, {0x9, 0x401, {0x3, 0x1}}, {0x8, 0x4, {0x0, 0x2}}, {0x8, 0x9, {0x0, 0x8}}, {0x8, 0x80, {0x2, 0x9}}, {0xfff, 0x2, {0x0, 0x8c}}, {0x5, 0x5, {0x1, 0x9}}, {0x80, 0x401, {0x2, 0x7}}, {0x4, 0x1f, {0x2, 0x81}}, {0x5f8, 0x7fff, {0x3, 0x8}}, {0x101, 0xffe0, {0x2, 0x3}}, {0x557, 0x7ff, {0x3, 0x1293de22}}, {0x57, 0xff, {0x0, 0x1}}, {0x1, 0x4, {0x2, 0x5}}, {0x81, 0xfff8, {0x2, 0x8}}, {0xffc0, 0x0, {0x2, 0x100}}, {0xfff0, 0x4, {0x3, 0x80000001}}, {0x7, 0x8, {0x3, 0x7b}}, {0x635e, 0x0, {0x3, 0x2}}, {0x101, 0x9724, {0x0, 0x10000}}, {0x0, 0xffff, {0x3, 0xfffffffa}}, {0xfff, 0x7ff, {0x3, 0x1ff}}, {0x1, 0x81, {0x1, 0x1f}}, {0x0, 0x8, {0x2, 0x7ff}}, {0x7, 0xfff9, {0x1}}, {0x2, 0x980, {0x1, 0x5}}, {0x76, 0x3525, {0x0, 0x8000}}, {0x9, 0x55bc, {0x2, 0x1}}, {0x8000, 0x8, {0x2, 0x750}}, {0x5, 0x7, {0x2, 0x1}}, {0x6, 0x9, {0x2, 0x7}}, {0x0, 0x6, {0x2, 0x49}}]}}}, {{0x254, 0x1, {{0x3, 0x7}, 0x1, 0x81, 0x8, 0x5, 0x16, 'syz0\x00', "2c308cc684aa59733c267b70431211ffe9bddd2fd9eb5a6ab56d371c134f124b", "3a62cc12173502439aea26dcce1bca8d1649d1147ac06c99aab2527229060c0a", [{0x7, 0xd, {0x0, 0x22b}}, {0x0, 0x0, {0x3, 0x2}}, {0x1, 0xfffe, {0x1, 0x7}}, {0xfe00, 0xc000, {0x3, 0xffff}}, {0x9, 0x0, {0x0, 0xfff}}, {0x2, 0x5, {0x0, 0x10001}}, {0x8, 0x4, {0x2, 0x7}}, {0x6, 0x2, {0x0, 0x2}}, {0x52b1, 0x5, {0x0, 0x6}}, {0x40, 0x551, {0x3, 0xfff}}, {0x5, 0x5, {0x3, 0x8f76}}, {0x400, 0x1, {0x1, 0x1f}}, {0x20, 0xf49, {0x3, 0x5}}, {0x2, 0x80, {0x0, 0x35a}}, {0xfffa, 0x94c8, {0x3, 0x2}}, {0x5, 0xff, {0x3, 0x101}}, {0x5, 0x7, {0x2, 0x3}}, {0x9, 0x5}, {0x401, 0x1, {0x2, 0x426c}}, {0x6, 0x30c, {0x2, 0x62bc}}, {0x8000, 0x40, {0x3, 0x9}}, {0xfe1d, 0x5c, {0x1, 0xe1e6}}, {0x7, 0x6, {0x1, 0x3}}, {0x0, 0x1000, {0x0, 0xff}}, {0xfffd, 0x6, {0x1, 0x7f}}, {0x43, 0xacc7, {0x1, 0x3f}}, {0x800, 0x8, {0x0, 0x7}}, {0x6, 0x4, {0x2, 0xff}}, {0x200, 0x1ff, {0x1, 0x7ff}}, {0x80, 0x6, {0x1, 0x5}}, {0x6, 0x9, {0x1, 0x1000}}, {0x1ff, 0x22, {0x0, 0x1}}, {0x8000, 0x2, {0x1, 0xfffff001}}, {0x1000, 0x7ff, {0x0, 0xac5}}, {0x1, 0x5, {0x1, 0x38}}, {0x3ff, 0x800, {0x2, 0x7f}}, {0x81, 0x7ff, {0x0, 0x3}}, {0x2, 0x1f, {0x3, 0x40000}}, {0x3, 0x8, {0x3, 0x1}}, {0xf2bb, 0xe80, {0x0, 0x1f}}]}}}, {{0x254, 0x1, {{0x3, 0x5fd7064e}, 0x6, 0x0, 0x71d, 0x1, 0x1e, 'syz1\x00', "15d2f8b2c2a7405cf1817b65c72a8a13a8d158ac6d690ec8503c229ebe51f7aa", "bd26692ff1134cff957169156c9c3e25a928bb627b3a78aed129b04ffbb05b78", [{0x2, 0xff, {0x2, 0x9}}, {0x9, 0x4, {0x2, 0xfff}}, {0xfff, 0x2, {0x3, 0x400}}, {0x0, 0xffff, {0x2, 0x1}}, {0x0, 0x100, {0x0, 0xffffffff}}, {0x1, 0x9, {0x3, 0xfffffffa}}, {0x9, 0xe39, {0x0, 0x2}}, {0x400, 0x1, {0x3, 0x80b}}, {0xffff, 0x1, {0x2, 0x1}}, {0xff, 0x8, {0x2, 0x8000}}, {0xfffa, 0x401, {0x3, 0x8}}, {0xe5, 0x4, {0x2}}, {0x8, 0x1, {0x0, 0x1b3}}, {0x9e4, 0x0, {0x3, 0x80}}, {0x40, 0x3, {0x2, 0x1}}, {0x200, 0x9428, {0x2, 0xfffffff7}}, {0x80c, 0x7, {0x0, 0x4}}, {0xffff, 0x8, {0x3, 0x9}}, {0x3, 0x8, {0x0, 0x6}}, {0x4, 0x4, {0x1}}, {0x120b, 0x1f, {0x2, 0xd3}}, {0x20, 0x1000, {0x2, 0x7fffffff}}, {0x5, 0x7, {0x3}}, {0x2, 0xdf8b, {0x1, 0x5}}, {0x81, 0x800, {0x2, 0x5}}, {0x20, 0x8, {0x2, 0x1}}, {0x9, 0x8996, {0x3, 0x80000000}}, {0x3, 0x80, {0x1, 0x800}}, {0x8, 0x9, {0x3, 0x6}}, {0x100, 0xd55a, {0x1, 0x9}}, {0x80, 0x3, {0x3, 0x3f}}, {0x8, 0x8, {0x2, 0x2}}, {0xadc, 0x5, {0x0, 0x8}}, {0x101, 0x2, {0x0, 0x7}}, {0x4, 0x5a5, {0x1, 0x3}}, {0x1f, 0x800, {0x2, 0x7}}, {0x4, 0x0, {0x3, 0x3}}, {0x2, 0x400, {0x2, 0x53cd}}, {0x1, 0x2b, {0x3, 0x2}}, {0x2, 0x2ef8, {0x1, 0xffffff0d}}]}}}]}, 0x964}}, 0x40000) 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xf0ffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:07 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) r1 = accept4$packet(r0, 0x0, &(0x7f0000000100), 0x80000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0xec, 0x7, 0x400f0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x8019, 0x7, 0x42f, 0xf228}}) connect$packet(r2, &(0x7f0000000200)={0x11, 0x11, r3, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1, 0x8, 0x4d, 0x8001, 0x9767, 0x4, 0x80}, 0x1c) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={0x0, 0x1, 0x6, @remote}, 0x10) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xf, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:07 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 24) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000000)) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0xfffffffffffffc44) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7c197914, 0x2042) (async) socketpair(0xa, 0x0, 0x8, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)) (async) r3 = getuid() mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x200000, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',version=9p2000.L,msize=0x0000000000000000,access=user,msize=0x0000000000000080,privport,subj_role=!,fowner>', @ANYRESDEC, @ANYBLOB=',subj_role={/*.(,fowner<', @ANYRESDEC=r3, @ANYBLOB="2c00743b6baa4a0f6c88638ecfc5645c5c214108da8d20379639a5ae2c704e4337c9feffc60815c2b57f6dc55c0eb466142fbd6313980061f26b26dc71099fd280914245eb7eeffb1589ebc8a328202df2e646ccbdf578f854545149753b93b213cbe28aba3a6bbe8826abdd92f743a1f61196cddc3bc148dd5b2027768e9e2ed90b5c8d8197106088c3103e11c11fb1ffdf0a96f4659f9766732e0a983c600fca5817571fbbe13e6f0bea8c"]) (async) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000080)=0x3, 0x8) 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000080)=""/121, &(0x7f0000000100)=0x79) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) r2 = syz_open_dev$loop(&(0x7f0000000140), 0xfff, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000240)=@req={0x7c6, 0xffff, 0x6, 0x7}, 0x10) ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000180)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000200)=0x5) [ 908.878933][T24165] ? __fget+0x40c/0x4a0 [ 908.883056][T24165] ? fget_many+0x20/0x20 [ 908.887266][T24165] ? check_preemption_disabled+0x154/0x330 [ 908.893037][T24165] ? debug_smp_processor_id+0x20/0x20 [ 908.898375][T24165] ? security_file_ioctl+0x9d/0xb0 [ 908.903454][T24165] __x64_sys_ioctl+0xd4/0x110 [ 908.908097][T24165] do_syscall_64+0xcb/0x1c0 [ 908.912567][T24165] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:07 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) r1 = accept4$packet(r0, 0x0, &(0x7f0000000100), 0x80000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0xec, 0x7, 0x400f0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x8019, 0x7, 0x42f, 0xf228}}) connect$packet(r2, &(0x7f0000000200)={0x11, 0x11, r3, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1, 0x8, 0x4d, 0x8001, 0x9767, 0x4, 0x80}, 0x1c) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={0x0, 0x1, 0x6, @remote}, 0x10) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) (async) accept4$packet(r0, 0x0, &(0x7f0000000100), 0x80000) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4) (async) socket$packet(0x11, 0x3, 0x300) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0xec, 0x7, 0x400f0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x8019, 0x7, 0x42f, 0xf228}}) (async) connect$packet(r2, &(0x7f0000000200)={0x11, 0x11, r3, 0x1, 0x0, 0x6, @remote}, 0x14) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1, 0x8, 0x4d, 0x8001, 0x9767, 0x4, 0x80}, 0x1c) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={0x0, 0x1, 0x6, @remote}, 0x10) (async) 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfeffffff, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:07 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) (async) r1 = accept4$packet(r0, 0x0, &(0x7f0000000100), 0x80000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4) (async) r2 = socket$packet(0x11, 0x3, 0x300) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0xec, 0x7, 0x400f0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x8019, 0x7, 0x42f, 0xf228}}) connect$packet(r2, &(0x7f0000000200)={0x11, 0x11, r3, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1, 0x8, 0x4d, 0x8001, 0x9767, 0x4, 0x80}, 0x1c) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={0x0, 0x1, 0x6, @remote}, 0x10) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x10, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffff7f, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 908.975805][T24204] FAULT_INJECTION: forcing a failure. [ 908.975805][T24204] name failslab, interval 1, probability 0, space 0, times 0 [ 908.991403][T24204] CPU: 1 PID: 24204 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 909.001630][T24204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.011658][T24204] Call Trace: [ 909.014927][T24204] dump_stack+0x1d8/0x241 [ 909.019225][T24204] ? panic+0x73e/0x73e [ 909.023262][T24204] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 909.029042][T24204] ? pcpu_alloc_area+0x696/0x790 [ 909.033950][T24204] should_fail+0x709/0x870 [ 909.038357][T24204] ? setup_fault_attr+0x3d0/0x3d0 [ 909.043348][T24204] ? find_next_bit+0xc6/0x110 [ 909.047991][T24204] ? cpumask_next+0xc/0x20 [ 909.052378][T24204] ? kobject_init+0x7d/0x1d0 [ 909.056940][T24204] ? find_next_bit+0xc6/0x110 [ 909.061588][T24204] ? blk_mq_init_allocated_queue+0x427/0x16c0 [ 909.067621][T24204] should_failslab+0x5/0x20 [ 909.072096][T24204] __kmalloc+0x51/0x2b0 [ 909.076219][T24204] blk_mq_init_allocated_queue+0x427/0x16c0 [ 909.082076][T24204] ? blk_alloc_queue_node+0x4e7/0x580 [ 909.087414][T24204] ? blk_mq_alloc_tag_set+0x68b/0x890 [ 909.092757][T24204] blk_mq_init_queue+0x48/0xa0 [ 909.097496][T24204] loop_add+0x256/0x710 [ 909.101618][T24204] ? radix_tree_lookup+0x17a/0x1d0 [ 909.106695][T24204] loop_control_ioctl+0x564/0x740 [ 909.111688][T24204] ? loop_remove+0xa0/0xa0 [ 909.116074][T24204] ? __lru_cache_add+0x1bf/0x210 [ 909.120976][T24204] ? memset+0x1f/0x40 [ 909.124924][T24204] ? fsnotify+0x1332/0x13f0 [ 909.129394][T24204] ? loop_remove+0xa0/0xa0 [ 909.133777][T24204] do_vfs_ioctl+0x744/0x1730 [ 909.138333][T24204] ? selinux_file_ioctl+0x723/0x970 [ 909.143499][T24204] ? ioctl_preallocate+0x250/0x250 [ 909.148598][T24204] ? __fget+0x40c/0x4a0 [ 909.152733][T24204] ? fget_many+0x20/0x20 [ 909.156949][T24204] ? check_preemption_disabled+0x154/0x330 [ 909.162723][T24204] ? debug_smp_processor_id+0x20/0x20 [ 909.168061][T24204] ? security_file_ioctl+0x9d/0xb0 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:07 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 25) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:07 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffff9e, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xe80, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:07 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) (async) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000080)=""/121, &(0x7f0000000100)=0x79) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) r2 = syz_open_dev$loop(&(0x7f0000000140), 0xfff, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000240)=@req={0x7c6, 0xffff, 0x6, 0x7}, 0x10) (async) ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000180)) (async) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000200)=0x5) [ 909.173137][T24204] __x64_sys_ioctl+0xd4/0x110 [ 909.177785][T24204] do_syscall_64+0xcb/0x1c0 [ 909.182264][T24204] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 909.210920][T24228] FAULT_INJECTION: forcing a failure. [ 909.210920][T24228] name failslab, interval 1, probability 0, space 0, times 0 17:08:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 909.223746][T24228] CPU: 1 PID: 24228 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 909.233976][T24228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.244013][T24228] Call Trace: [ 909.247289][T24228] dump_stack+0x1d8/0x241 [ 909.251590][T24228] ? panic+0x73e/0x73e [ 909.255627][T24228] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 909.261404][T24228] should_fail+0x709/0x870 [ 909.265794][T24228] ? blk_mq_init_queue+0x48/0xa0 [ 909.270699][T24228] ? loop_add+0x256/0x710 [ 909.274995][T24228] ? __x64_sys_ioctl+0xd4/0x110 [ 909.279813][T24228] ? setup_fault_attr+0x3d0/0x3d0 [ 909.284803][T24228] ? _raw_spin_lock+0xa3/0x1b0 [ 909.289536][T24228] ? blk_mq_realloc_hw_ctxs+0x3b9/0x1450 [ 909.295133][T24228] should_failslab+0x5/0x20 [ 909.299603][T24228] __kmalloc+0x51/0x2b0 [ 909.303728][T24228] ? blk_mq_hw_queue_to_node+0xeb/0x100 [ 909.309238][T24228] blk_mq_realloc_hw_ctxs+0x3b9/0x1450 [ 909.314675][T24228] blk_mq_init_allocated_queue+0x4d6/0x16c0 [ 909.320534][T24228] ? blk_alloc_queue_node+0x4e7/0x580 [ 909.325870][T24228] blk_mq_init_queue+0x48/0xa0 [ 909.330611][T24228] loop_add+0x256/0x710 [ 909.334737][T24228] ? radix_tree_lookup+0x17a/0x1d0 [ 909.339816][T24228] loop_control_ioctl+0x564/0x740 [ 909.344809][T24228] ? loop_remove+0xa0/0xa0 [ 909.349196][T24228] ? __lru_cache_add+0x1bf/0x210 [ 909.354099][T24228] ? memset+0x1f/0x40 [ 909.358047][T24228] ? fsnotify+0x1332/0x13f0 [ 909.362518][T24228] ? loop_remove+0xa0/0xa0 [ 909.366903][T24228] do_vfs_ioctl+0x744/0x1730 [ 909.371466][T24228] ? selinux_file_ioctl+0x723/0x970 17:08:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x2001, 0x2}, 0x4) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x37fe0, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:08 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 26) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) [ 909.376630][T24228] ? ioctl_preallocate+0x250/0x250 [ 909.381708][T24228] ? __fget+0x40c/0x4a0 [ 909.385840][T24228] ? fget_many+0x20/0x20 [ 909.390054][T24228] ? check_preemption_disabled+0x154/0x330 [ 909.395825][T24228] ? debug_smp_processor_id+0x20/0x20 [ 909.401163][T24228] ? security_file_ioctl+0x9d/0xb0 [ 909.406242][T24228] __x64_sys_ioctl+0xd4/0x110 [ 909.410886][T24228] do_syscall_64+0xcb/0x1c0 [ 909.415373][T24228] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffffea, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x20000210, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 909.453466][T24253] FAULT_INJECTION: forcing a failure. [ 909.453466][T24253] name failslab, interval 1, probability 0, space 0, times 0 [ 909.466222][T24253] CPU: 1 PID: 24253 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 909.476468][T24253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.486496][T24253] Call Trace: [ 909.489768][T24253] dump_stack+0x1d8/0x241 [ 909.494065][T24253] ? panic+0x73e/0x73e [ 909.498100][T24253] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 909.503871][T24253] should_fail+0x709/0x870 [ 909.508254][T24253] ? setup_fault_attr+0x3d0/0x3d0 [ 909.513258][T24253] ? blk_mq_realloc_hw_ctxs+0x68a/0x1450 [ 909.518861][T24253] should_failslab+0x5/0x20 [ 909.523334][T24253] __kmalloc+0x51/0x2b0 [ 909.527464][T24253] ? init_timer_key+0x23/0x1c0 [ 909.532194][T24253] blk_mq_realloc_hw_ctxs+0x68a/0x1450 [ 909.537637][T24253] blk_mq_init_allocated_queue+0x4d6/0x16c0 [ 909.543510][T24253] ? blk_alloc_queue_node+0x4e7/0x580 [ 909.548855][T24253] blk_mq_init_queue+0x48/0xa0 [ 909.553599][T24253] loop_add+0x256/0x710 [ 909.557732][T24253] ? radix_tree_lookup+0x17a/0x1d0 [ 909.562813][T24253] loop_control_ioctl+0x564/0x740 [ 909.567818][T24253] ? loop_remove+0xa0/0xa0 [ 909.572213][T24253] ? __lru_cache_add+0x1bf/0x210 [ 909.577123][T24253] ? memset+0x1f/0x40 [ 909.581076][T24253] ? fsnotify+0x1332/0x13f0 [ 909.585550][T24253] ? loop_remove+0xa0/0xa0 [ 909.589937][T24253] do_vfs_ioctl+0x744/0x1730 [ 909.594499][T24253] ? selinux_file_ioctl+0x723/0x970 17:08:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0xfffffffffffffcd2) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x2001, 0x2}, 0x4) 17:08:08 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000080)=""/121, &(0x7f0000000100)=0x79) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) (async) r2 = syz_open_dev$loop(&(0x7f0000000140), 0xfff, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000240)=@req={0x7c6, 0xffff, 0x6, 0x7}, 0x10) (async) ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000180)) (async) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000200)=0x5) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xffffffef, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x7ffff000, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 909.599668][T24253] ? ioctl_preallocate+0x250/0x250 [ 909.604751][T24253] ? __fget+0x40c/0x4a0 [ 909.608874][T24253] ? fget_many+0x20/0x20 [ 909.613086][T24253] ? check_preemption_disabled+0x154/0x330 [ 909.618865][T24253] ? debug_smp_processor_id+0x20/0x20 [ 909.624204][T24253] ? security_file_ioctl+0x9d/0xb0 [ 909.629542][T24253] __x64_sys_ioctl+0xd4/0x110 [ 909.634186][T24253] do_syscall_64+0xcb/0x1c0 [ 909.638665][T24253] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:08 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x8d27, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r0, &(0x7f0000000080)={0x11, 0x1e, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14) 17:08:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0xfffffffffffffcd2) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x2001, 0x2}, 0x4) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfffffff0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 27) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0xfffffffe, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xf, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xfffffdef, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 909.710249][T24282] FAULT_INJECTION: forcing a failure. [ 909.710249][T24282] name failslab, interval 1, probability 0, space 0, times 0 [ 909.725063][T24282] CPU: 0 PID: 24282 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 909.735291][T24282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.745335][T24282] Call Trace: [ 909.748601][T24282] dump_stack+0x1d8/0x241 [ 909.752915][T24282] ? panic+0x73e/0x73e [ 909.756953][T24282] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 909.762728][T24282] should_fail+0x709/0x870 [ 909.767113][T24282] ? setup_fault_attr+0x3d0/0x3d0 [ 909.772104][T24282] ? blk_mq_realloc_hw_ctxs+0x68a/0x1450 [ 909.777703][T24282] should_failslab+0x5/0x20 [ 909.782175][T24282] __kmalloc+0x51/0x2b0 [ 909.786302][T24282] ? init_timer_key+0x23/0x1c0 [ 909.791032][T24282] blk_mq_realloc_hw_ctxs+0x68a/0x1450 [ 909.796462][T24282] blk_mq_init_allocated_queue+0x4d6/0x16c0 [ 909.802335][T24282] ? blk_alloc_queue_node+0x4e7/0x580 [ 909.807680][T24282] blk_mq_init_queue+0x48/0xa0 [ 909.812416][T24282] loop_add+0x256/0x710 [ 909.816546][T24282] ? radix_tree_lookup+0x17a/0x1d0 [ 909.821633][T24282] loop_control_ioctl+0x564/0x740 [ 909.826624][T24282] ? loop_remove+0xa0/0xa0 [ 909.831006][T24282] ? __lru_cache_add+0x1bf/0x210 [ 909.835910][T24282] ? memset+0x1f/0x40 [ 909.839859][T24282] ? fsnotify+0x1332/0x13f0 [ 909.844326][T24282] ? loop_remove+0xa0/0xa0 [ 909.848708][T24282] do_vfs_ioctl+0x744/0x1730 [ 909.853266][T24282] ? selinux_file_ioctl+0x723/0x970 17:08:08 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x8d27, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r0, &(0x7f0000000080)={0x11, 0x1e, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x8d27, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x1e, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14) (async) 17:08:08 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0xfffffffffffffcd2) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0xfffffffffffffcd2) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x10, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 28) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x10, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x40}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048003) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x4}, 0x4) [ 909.858431][T24282] ? ioctl_preallocate+0x250/0x250 [ 909.863508][T24282] ? __fget+0x40c/0x4a0 [ 909.867632][T24282] ? fget_many+0x20/0x20 [ 909.871843][T24282] ? check_preemption_disabled+0x154/0x330 [ 909.877627][T24282] ? debug_smp_processor_id+0x20/0x20 [ 909.882966][T24282] ? security_file_ioctl+0x9d/0xb0 [ 909.888045][T24282] __x64_sys_ioctl+0xd4/0x110 [ 909.892689][T24282] do_syscall_64+0xcb/0x1c0 [ 909.897171][T24282] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async, rerun: 64) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x40}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048003) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x4}, 0x4) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x12, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 909.943387][T24304] FAULT_INJECTION: forcing a failure. [ 909.943387][T24304] name failslab, interval 1, probability 0, space 0, times 0 [ 909.958328][T24304] CPU: 0 PID: 24304 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 909.968567][T24304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.978599][T24304] Call Trace: [ 909.981867][T24304] dump_stack+0x1d8/0x241 [ 909.986168][T24304] ? panic+0x73e/0x73e [ 909.990205][T24304] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 909.995979][T24304] should_fail+0x709/0x870 [ 910.000364][T24304] ? setup_fault_attr+0x3d0/0x3d0 [ 910.005357][T24304] ? blk_alloc_flush_queue+0x70/0x230 [ 910.010695][T24304] should_failslab+0x5/0x20 [ 910.015173][T24304] kmem_cache_alloc_trace+0x28/0x240 [ 910.020435][T24304] blk_alloc_flush_queue+0x70/0x230 [ 910.025601][T24304] blk_mq_realloc_hw_ctxs+0x8b5/0x1450 [ 910.031028][T24304] blk_mq_init_allocated_queue+0x4d6/0x16c0 [ 910.036888][T24304] ? blk_alloc_queue_node+0x4e7/0x580 [ 910.042227][T24304] blk_mq_init_queue+0x48/0xa0 [ 910.046957][T24304] loop_add+0x256/0x710 [ 910.051079][T24304] ? radix_tree_lookup+0x17a/0x1d0 [ 910.056159][T24304] loop_control_ioctl+0x564/0x740 [ 910.061151][T24304] ? loop_remove+0xa0/0xa0 [ 910.065532][T24304] ? memset+0x1f/0x40 [ 910.069479][T24304] ? fsnotify+0x1332/0x13f0 [ 910.073950][T24304] ? loop_remove+0xa0/0xa0 [ 910.078332][T24304] do_vfs_ioctl+0x744/0x1730 [ 910.082890][T24304] ? selinux_file_ioctl+0x723/0x970 [ 910.088057][T24304] ? ioctl_preallocate+0x250/0x250 17:08:08 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x8d27, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r0, &(0x7f0000000080)={0x11, 0x1e, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14) [ 910.093136][T24304] ? __fget+0x40c/0x4a0 [ 910.097260][T24304] ? fget_many+0x20/0x20 [ 910.101471][T24304] ? __fpregs_load_activate+0x1d7/0x3c0 [ 910.106985][T24304] ? security_file_ioctl+0x9d/0xb0 [ 910.112063][T24304] __x64_sys_ioctl+0xd4/0x110 [ 910.116710][T24304] do_syscall_64+0xcb/0x1c0 [ 910.121184][T24304] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:08 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 29) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x14, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:08 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xe80, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:08 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x40}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048003) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x4}, 0x4) (rerun: 64) [ 910.146811][T24323] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 910.155142][T24333] FAULT_INJECTION: forcing a failure. [ 910.155142][T24333] name failslab, interval 1, probability 0, space 0, times 0 [ 910.169571][T24333] CPU: 1 PID: 24333 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 910.179802][T24333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.189832][T24333] Call Trace: [ 910.193098][T24333] dump_stack+0x1d8/0x241 [ 910.197409][T24333] ? panic+0x73e/0x73e [ 910.201446][T24333] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 910.207220][T24333] should_fail+0x709/0x870 [ 910.211602][T24333] ? setup_fault_attr+0x3d0/0x3d0 [ 910.216593][T24333] ? blk_alloc_flush_queue+0xd0/0x230 [ 910.221931][T24333] should_failslab+0x5/0x20 [ 910.226400][T24333] __kmalloc+0x51/0x2b0 [ 910.230525][T24333] ? blk_alloc_flush_queue+0x70/0x230 [ 910.235864][T24333] blk_alloc_flush_queue+0xd0/0x230 [ 910.241030][T24333] blk_mq_realloc_hw_ctxs+0x8b5/0x1450 [ 910.246457][T24333] blk_mq_init_allocated_queue+0x4d6/0x16c0 [ 910.252317][T24333] ? blk_alloc_queue_node+0x4e7/0x580 [ 910.257652][T24333] blk_mq_init_queue+0x48/0xa0 [ 910.262381][T24333] loop_add+0x256/0x710 [ 910.266503][T24333] ? radix_tree_lookup+0x17a/0x1d0 [ 910.271579][T24333] loop_control_ioctl+0x564/0x740 [ 910.276574][T24333] ? loop_remove+0xa0/0xa0 [ 910.280956][T24333] ? __lru_cache_add+0x1bf/0x210 [ 910.285858][T24333] ? memset+0x1f/0x40 [ 910.289808][T24333] ? fsnotify+0x1332/0x13f0 [ 910.294275][T24333] ? loop_remove+0xa0/0xa0 [ 910.298658][T24333] do_vfs_ioctl+0x744/0x1730 [ 910.303215][T24333] ? selinux_file_ioctl+0x723/0x970 [ 910.308382][T24333] ? ioctl_preallocate+0x250/0x250 [ 910.313467][T24333] ? __fget+0x40c/0x4a0 [ 910.317596][T24333] ? fget_many+0x20/0x20 [ 910.321806][T24333] ? check_preemption_disabled+0x154/0x330 [ 910.327584][T24333] ? debug_smp_processor_id+0x20/0x20 [ 910.332930][T24333] ? security_file_ioctl+0x9d/0xb0 [ 910.338007][T24333] __x64_sys_ioctl+0xd4/0x110 [ 910.342652][T24333] do_syscall_64+0xcb/0x1c0 17:08:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7}, 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (rerun: 64) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7f}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8880}, 0x28001) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7f}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8880}, 0x28001) 17:08:09 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 30) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) [ 910.347131][T24333] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x37fe0, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}]}, 0x64}}, 0x80) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 910.393364][T24354] FAULT_INJECTION: forcing a failure. [ 910.393364][T24354] name failslab, interval 1, probability 0, space 0, times 0 [ 910.410583][T24354] CPU: 0 PID: 24354 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 910.420824][T24354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.430863][T24354] Call Trace: [ 910.434148][T24354] dump_stack+0x1d8/0x241 [ 910.438469][T24354] ? panic+0x73e/0x73e [ 910.442529][T24354] ? find_next_and_bit+0x17b/0x1a0 [ 910.447631][T24354] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 910.453421][T24354] ? blk_mq_map_swqueue+0x16f6/0x1850 [ 910.458849][T24354] should_fail+0x709/0x870 [ 910.463233][T24354] ? setup_fault_attr+0x3d0/0x3d0 [ 910.468224][T24354] ? blk_mq_init_allocated_queue+0x1416/0x16c0 [ 910.474344][T24354] ? __alloc_disk_node+0x72/0x380 [ 910.479335][T24354] should_failslab+0x5/0x20 [ 910.483815][T24354] kmem_cache_alloc_trace+0x28/0x240 [ 910.489071][T24354] __alloc_disk_node+0x72/0x380 [ 910.493892][T24354] loop_add+0x323/0x710 [ 910.498019][T24354] loop_control_ioctl+0x564/0x740 [ 910.503012][T24354] ? loop_remove+0xa0/0xa0 [ 910.507398][T24354] ? switch_mm+0x100/0x100 [ 910.511791][T24354] ? memset+0x1f/0x40 [ 910.515738][T24354] ? fsnotify+0x1332/0x13f0 [ 910.520215][T24354] ? loop_remove+0xa0/0xa0 [ 910.524597][T24354] do_vfs_ioctl+0x744/0x1730 [ 910.529155][T24354] ? selinux_file_ioctl+0x723/0x970 [ 910.534323][T24354] ? ioctl_preallocate+0x250/0x250 [ 910.539440][T24354] ? __fget+0x40c/0x4a0 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x26, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7f}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8880}, 0x28001) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7f}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8880}, 0x28001) (async) 17:08:09 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x4e, 0x1, 0xfffffff7, 0x1020, r0, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x6}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x40000) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000100)=0x2) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) [ 910.543593][T24354] ? fget_many+0x20/0x20 [ 910.547807][T24354] ? __fpregs_load_activate+0x1d7/0x3c0 [ 910.553334][T24354] ? security_file_ioctl+0x9d/0xb0 [ 910.558415][T24354] __x64_sys_ioctl+0xd4/0x110 [ 910.563072][T24354] do_syscall_64+0xcb/0x1c0 [ 910.567553][T24354] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}]}, 0x64}}, 0x80) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) (async) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}]}, 0x64}}, 0x80) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:09 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 31) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x2, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x8, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x2000021c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 910.588327][T24364] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 910.607695][ T22] audit: type=1400 audit(1672506489.260:236): avc: denied { map_create } for pid=24365 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 910.623983][T24377] FAULT_INJECTION: forcing a failure. [ 910.623983][T24377] name failslab, interval 1, probability 0, space 0, times 0 [ 910.641110][T24377] CPU: 1 PID: 24377 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 910.651338][T24377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.661363][T24377] Call Trace: [ 910.664622][T24377] dump_stack+0x1d8/0x241 [ 910.668924][T24377] ? panic+0x73e/0x73e [ 910.672958][T24377] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 910.678738][T24377] ? pcpu_chunk_relocate+0xe5/0x3a0 [ 910.683906][T24377] should_fail+0x709/0x870 [ 910.688291][T24377] ? setup_fault_attr+0x3d0/0x3d0 [ 910.693453][T24377] ? find_next_bit+0xc6/0x110 [ 910.698098][T24377] ? cpumask_next+0xc/0x20 [ 910.702495][T24377] ? disk_expand_part_tbl+0x195/0x3b0 [ 910.707837][T24377] should_failslab+0x5/0x20 [ 910.712310][T24377] __kmalloc+0x51/0x2b0 [ 910.716439][T24377] disk_expand_part_tbl+0x195/0x3b0 [ 910.721608][T24377] __alloc_disk_node+0x10b/0x380 [ 910.726514][T24377] loop_add+0x323/0x710 [ 910.730636][T24377] loop_control_ioctl+0x564/0x740 [ 910.735627][T24377] ? loop_remove+0xa0/0xa0 [ 910.740011][T24377] ? __lru_cache_add+0x1bf/0x210 [ 910.744916][T24377] ? memset+0x1f/0x40 [ 910.748865][T24377] ? fsnotify+0x1332/0x13f0 [ 910.753340][T24377] ? loop_remove+0xa0/0xa0 [ 910.757732][T24377] do_vfs_ioctl+0x744/0x1730 [ 910.762291][T24377] ? selinux_file_ioctl+0x723/0x970 [ 910.767456][T24377] ? ioctl_preallocate+0x250/0x250 [ 910.772534][T24377] ? __fget+0x40c/0x4a0 [ 910.776654][T24377] ? fget_many+0x20/0x20 [ 910.780864][T24377] ? check_preemption_disabled+0x154/0x330 [ 910.786636][T24377] ? debug_smp_processor_id+0x20/0x20 17:08:09 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x4e, 0x1, 0xfffffff7, 0x1020, r0, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x6}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x40000) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000100)=0x2) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x4e, 0x1, 0xfffffff7, 0x1020, r0, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x6}, 0x48) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x40000) (async) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000100)=0x2) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) 17:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}]}, 0x64}}, 0x80) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) (async) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}]}, 0x64}}, 0x80) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socketpair(0x25, 0x2, 0x20, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff0001}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x19c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4}, 0x1) 17:08:09 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 32) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socketpair(0x25, 0x2, 0x20, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff0001}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x19c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4}, 0x1) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socketpair(0x25, 0x2, 0x20, &(0x7f0000000080)) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff0001}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x800) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x19c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4}, 0x1) (async) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x300, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 910.791987][T24377] ? security_file_ioctl+0x9d/0xb0 [ 910.797065][T24377] __x64_sys_ioctl+0xd4/0x110 [ 910.801708][T24377] do_syscall_64+0xcb/0x1c0 [ 910.806178][T24377] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:09 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = accept4$packet(r0, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000001140)=0x14, 0x80800) getsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f0000000080)=""/4082, &(0x7f0000001080)=0xff2) r3 = gettid() sched_getattr(r3, &(0x7f00000010c0)={0x38}, 0x38, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x7ffff000, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (rerun: 32) socketpair(0x25, 0x2, 0x20, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff0001}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x800) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r2) (async, rerun: 32) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x19c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4}, 0x1) (rerun: 32) [ 910.861302][T24411] FAULT_INJECTION: forcing a failure. [ 910.861302][T24411] name failslab, interval 1, probability 0, space 0, times 0 [ 910.878689][T24411] CPU: 0 PID: 24411 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 910.888927][T24411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.898960][T24411] Call Trace: [ 910.902273][T24411] dump_stack+0x1d8/0x241 [ 910.906579][T24411] ? panic+0x73e/0x73e [ 910.910611][T24411] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 910.916391][T24411] ? pcpu_alloc_area+0x696/0x790 [ 910.921299][T24411] should_fail+0x709/0x870 [ 910.925683][T24411] ? setup_fault_attr+0x3d0/0x3d0 [ 910.930673][T24411] ? rand_initialize_disk+0x4b/0xa3 [ 910.935841][T24411] should_failslab+0x5/0x20 [ 910.940309][T24411] kmem_cache_alloc_trace+0x28/0x240 [ 910.945562][T24411] rand_initialize_disk+0x4b/0xa3 [ 910.950552][T24411] __alloc_disk_node+0x2cd/0x380 [ 910.955457][T24411] loop_add+0x323/0x710 [ 910.959578][T24411] loop_control_ioctl+0x564/0x740 [ 910.964568][T24411] ? loop_remove+0xa0/0xa0 [ 910.968951][T24411] ? __lru_cache_add+0x1bf/0x210 [ 910.973854][T24411] ? memset+0x1f/0x40 [ 910.977803][T24411] ? fsnotify+0x1332/0x13f0 [ 910.982271][T24411] ? loop_remove+0xa0/0xa0 [ 910.986652][T24411] do_vfs_ioctl+0x744/0x1730 [ 910.991211][T24411] ? selinux_file_ioctl+0x723/0x970 [ 910.996373][T24411] ? ioctl_preallocate+0x250/0x250 [ 911.001451][T24411] ? __fget+0x40c/0x4a0 [ 911.005575][T24411] ? fget_many+0x20/0x20 17:08:09 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r2 = accept4$packet(r0, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000001140)=0x14, 0x80800) getsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f0000000080)=""/4082, &(0x7f0000001080)=0xff2) (async) r3 = gettid() sched_getattr(r3, &(0x7f00000010c0)={0x38}, 0x38, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:09 executing program 0: r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x4e, 0x1, 0xfffffff7, 0x1020, r0, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x6}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x40000) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000100)=0x2) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x4e, 0x1, 0xfffffff7, 0x1020, r0, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x6}, 0x48) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x40000) (async) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000100)=0x2) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) 17:08:09 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 33) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x2, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:09 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x800}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x2710, @local}, 0x10, 0x80000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000100)=0x2, 0x8) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6, @local}, 0x10) 17:08:09 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = accept4$packet(r0, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000001140)=0x14, 0x80800) getsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f0000000080)=""/4082, &(0x7f0000001080)=0xff2) r3 = gettid() sched_getattr(r3, &(0x7f00000010c0)={0x38}, 0x38, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) accept4$packet(r0, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000001140)=0x14, 0x80800) (async) getsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f0000000080)=""/4082, &(0x7f0000001080)=0xff2) (async) gettid() (async) sched_getattr(r3, &(0x7f00000010c0)={0x38}, 0x38, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:09 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0xfffffdef, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x3, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 911.009785][T24411] ? check_preemption_disabled+0x154/0x330 [ 911.015560][T24411] ? debug_smp_processor_id+0x20/0x20 [ 911.020900][T24411] ? security_file_ioctl+0x9d/0xb0 [ 911.025981][T24411] __x64_sys_ioctl+0xd4/0x110 [ 911.030626][T24411] do_syscall_64+0xcb/0x1c0 [ 911.035103][T24411] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 911.095459][T24441] FAULT_INJECTION: forcing a failure. [ 911.095459][T24441] name failslab, interval 1, probability 0, space 0, times 0 [ 911.108659][T24441] CPU: 1 PID: 24441 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 911.118869][T24441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 911.128899][T24441] Call Trace: [ 911.132165][T24441] dump_stack+0x1d8/0x241 [ 911.136465][T24441] ? panic+0x73e/0x73e [ 911.140510][T24441] ? stack_trace_save+0x200/0x200 [ 911.145499][T24441] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 911.151273][T24441] ? arch_stack_walk+0x114/0x140 [ 911.156176][T24441] should_fail+0x709/0x870 [ 911.160560][T24441] ? setup_fault_attr+0x3d0/0x3d0 [ 911.165549][T24441] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 911.171320][T24441] ? init_wait_entry+0xd0/0xd0 [ 911.176061][T24441] ? blk_mq_init_tags+0x74/0x290 [ 911.180963][T24441] should_failslab+0x5/0x20 [ 911.185432][T24441] kmem_cache_alloc_trace+0x28/0x240 [ 911.190680][T24441] blk_mq_init_tags+0x74/0x290 [ 911.195411][T24441] ? blk_mq_hw_queue_to_node+0xeb/0x100 [ 911.200940][T24441] blk_mq_alloc_rq_map+0x93/0x1a0 [ 911.205939][T24441] blk_mq_init_sched+0x1f2/0xaf0 [ 911.210852][T24441] elevator_init_mq+0x2cd/0x3f0 [ 911.215670][T24441] __device_add_disk+0xf1/0x1200 [ 911.220572][T24441] ? sprintf+0xd6/0x120 [ 911.224693][T24441] ? device_add_disk+0x30/0x30 [ 911.229420][T24441] ? vsprintf+0x30/0x30 [ 911.233542][T24441] ? device_initialize+0x1c7/0x3d0 [ 911.238619][T24441] ? __alloc_disk_node+0x326/0x380 [ 911.243697][T24441] loop_add+0x554/0x710 [ 911.247831][T24441] loop_control_ioctl+0x564/0x740 [ 911.252819][T24441] ? loop_remove+0xa0/0xa0 [ 911.257203][T24441] ? __lru_cache_add+0x1bf/0x210 [ 911.262108][T24441] ? memset+0x1f/0x40 [ 911.266061][T24441] ? fsnotify+0x1332/0x13f0 [ 911.270530][T24441] ? loop_remove+0xa0/0xa0 [ 911.274919][T24441] do_vfs_ioctl+0x744/0x1730 [ 911.279489][T24441] ? selinux_file_ioctl+0x723/0x970 [ 911.284653][T24441] ? ioctl_preallocate+0x250/0x250 [ 911.289728][T24441] ? __fget+0x40c/0x4a0 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x10, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000040)={0x1c00000, 0x3, 0x0, [{0x1, 0x80, 0x1, 0x7, 0x1, 0x1, 0xd2, '\x00', 0x6f6}, {0x8001, 0x6, 0x1, 0xa8, 0x0, 0x1, 0x0, '\x00', 0x80000000}, {0x7, 0x5, 0x0, 0x40, 0x5, 0x48, 0x4, '\x00', 0x40000000000000}]}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r2, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x7c}}}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x10, 0x13, [{0x6c}, {0x60, 0x1}, {0x48}, {0x30, 0x1}, {0x3, 0x1}, {0x16}, {0x9}, {0x16}, {0x6c}, {0xb}, {0x2}, {0x24, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x40000) 17:08:10 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 34) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x12, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 32) r1 = socket$packet(0x11, 0x2, 0x300) (rerun: 32) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x800}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x2710, @local}, 0x10, 0x80000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000100)=0x2, 0x8) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6, @local}, 0x10) [ 911.293851][T24441] ? fget_many+0x20/0x20 [ 911.298059][T24441] ? check_preemption_disabled+0x154/0x330 [ 911.303829][T24441] ? debug_smp_processor_id+0x20/0x20 [ 911.309167][T24441] ? security_file_ioctl+0x9d/0xb0 [ 911.314243][T24441] __x64_sys_ioctl+0xd4/0x110 [ 911.318887][T24441] do_syscall_64+0xcb/0x1c0 [ 911.323357][T24441] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 911.329548][T24441] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:10 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x8, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000040)={0x1c00000, 0x3, 0x0, [{0x1, 0x80, 0x1, 0x7, 0x1, 0x1, 0xd2, '\x00', 0x6f6}, {0x8001, 0x6, 0x1, 0xa8, 0x0, 0x1, 0x0, '\x00', 0x80000000}, {0x7, 0x5, 0x0, 0x40, 0x5, 0x48, 0x4, '\x00', 0x40000000000000}]}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r2, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x7c}}}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x10, 0x13, [{0x6c}, {0x60, 0x1}, {0x48}, {0x30, 0x1}, {0x3, 0x1}, {0x16}, {0x9}, {0x16}, {0x6c}, {0xb}, {0x2}, {0x24, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x40000) 17:08:10 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x14, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000040)={0x1c00000, 0x3, 0x0, [{0x1, 0x80, 0x1, 0x7, 0x1, 0x1, 0xd2, '\x00', 0x6f6}, {0x8001, 0x6, 0x1, 0xa8, 0x0, 0x1, 0x0, '\x00', 0x80000000}, {0x7, 0x5, 0x0, 0x40, 0x5, 0x48, 0x4, '\x00', 0x40000000000000}]}) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r2, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x28}}, 0x0) (async, rerun: 64) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x7c}}}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x10, 0x13, [{0x6c}, {0x60, 0x1}, {0x48}, {0x30, 0x1}, {0x3, 0x1}, {0x16}, {0x9}, {0x16}, {0x6c}, {0xb}, {0x2}, {0x24, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x40000) (rerun: 64) [ 911.383109][T24483] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. [ 911.404502][T24480] FAULT_INJECTION: forcing a failure. [ 911.404502][T24480] name failslab, interval 1, probability 0, space 0, times 0 [ 911.421525][T24480] CPU: 1 PID: 24480 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 911.431755][T24480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 911.441788][T24480] Call Trace: [ 911.445061][T24480] dump_stack+0x1d8/0x241 [ 911.449358][T24480] ? panic+0x73e/0x73e [ 911.453394][T24480] ? __kasan_kmalloc+0x1a5/0x1e0 [ 911.458297][T24480] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 911.464070][T24480] ? blk_mq_init_tags+0x74/0x290 [ 911.468973][T24480] ? blk_mq_alloc_rq_map+0x93/0x1a0 [ 911.474215][T24480] ? blk_mq_init_sched+0x1f2/0xaf0 [ 911.479294][T24480] ? __device_add_disk+0xf1/0x1200 [ 911.484371][T24480] ? loop_add+0x554/0x710 [ 911.488666][T24480] ? loop_control_ioctl+0x564/0x740 [ 911.493831][T24480] ? do_vfs_ioctl+0x744/0x1730 [ 911.498560][T24480] should_fail+0x709/0x870 [ 911.502944][T24480] ? setup_fault_attr+0x3d0/0x3d0 [ 911.507936][T24480] ? sbitmap_queue_init_node+0x15e/0xf70 [ 911.513532][T24480] should_failslab+0x5/0x20 [ 911.518001][T24480] __kmalloc+0x51/0x2b0 [ 911.522126][T24480] sbitmap_queue_init_node+0x15e/0xf70 [ 911.527563][T24480] ? blk_mq_init_tags+0x74/0x290 [ 911.532491][T24480] blk_mq_init_tags+0xef/0x290 [ 911.537249][T24480] blk_mq_alloc_rq_map+0x93/0x1a0 [ 911.542250][T24480] blk_mq_init_sched+0x1f2/0xaf0 [ 911.547157][T24480] elevator_init_mq+0x2cd/0x3f0 [ 911.551980][T24480] __device_add_disk+0xf1/0x1200 [ 911.556892][T24480] ? sprintf+0xd6/0x120 [ 911.561012][T24480] ? device_add_disk+0x30/0x30 [ 911.565742][T24480] ? vsprintf+0x30/0x30 [ 911.569862][T24480] ? device_initialize+0x1c7/0x3d0 [ 911.574940][T24480] ? __alloc_disk_node+0x326/0x380 [ 911.580019][T24480] loop_add+0x554/0x710 [ 911.584144][T24480] loop_control_ioctl+0x564/0x740 [ 911.589139][T24480] ? loop_remove+0xa0/0xa0 [ 911.593522][T24480] ? __lru_cache_add+0x1bf/0x210 [ 911.598439][T24480] ? memset+0x1f/0x40 [ 911.602387][T24480] ? fsnotify+0x1332/0x13f0 [ 911.606856][T24480] ? loop_remove+0xa0/0xa0 [ 911.611241][T24480] do_vfs_ioctl+0x744/0x1730 [ 911.615803][T24480] ? selinux_file_ioctl+0x723/0x970 [ 911.621145][T24480] ? ioctl_preallocate+0x250/0x250 [ 911.626227][T24480] ? __fget+0x40c/0x4a0 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x800}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x2710, @local}, 0x10, 0x80000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000100)=0x2, 0x8) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6, @local}, 0x10) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:10 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 35) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x6808ce0e, 0x8, 0x328, 0x8, 0x96f, 0x9, 0x7}, 0x1c) getsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000000100)=""/86, &(0x7f0000000180)=0x56) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x300, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:10 executing program 3: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x26, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 911.630350][T24480] ? fget_many+0x20/0x20 [ 911.634561][T24480] ? check_preemption_disabled+0x154/0x330 [ 911.640340][T24480] ? debug_smp_processor_id+0x20/0x20 [ 911.645688][T24480] ? security_file_ioctl+0x9d/0xb0 [ 911.650771][T24480] __x64_sys_ioctl+0xd4/0x110 [ 911.655423][T24480] do_syscall_64+0xcb/0x1c0 [ 911.659900][T24480] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 911.667123][T24480] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xa, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x6808ce0e, 0x8, 0x328, 0x8, 0x96f, 0x9, 0x7}, 0x1c) getsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000000100)=""/86, &(0x7f0000000180)=0x56) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x300, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x300, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:10 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r5, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f00000000c0)={0x2, r5}) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r6, 0x8004af70, &(0x7f0000000140)) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x2, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 911.744182][T24524] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.5'. [ 911.770167][T24520] FAULT_INJECTION: forcing a failure. [ 911.770167][T24520] name failslab, interval 1, probability 0, space 0, times 0 [ 911.785759][T24520] CPU: 0 PID: 24520 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 911.796002][T24520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 911.806033][T24520] Call Trace: [ 911.809306][T24520] dump_stack+0x1d8/0x241 [ 911.813604][T24520] ? panic+0x73e/0x73e [ 911.817642][T24520] ? __kasan_kmalloc+0x1a5/0x1e0 [ 911.822549][T24520] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 911.828321][T24520] ? blk_mq_init_tags+0x74/0x290 [ 911.833224][T24520] ? blk_mq_alloc_rq_map+0x93/0x1a0 [ 911.838389][T24520] ? blk_mq_init_sched+0x1f2/0xaf0 [ 911.843477][T24520] ? __device_add_disk+0xf1/0x1200 [ 911.848560][T24520] ? loop_add+0x554/0x710 [ 911.852859][T24520] ? loop_control_ioctl+0x564/0x740 [ 911.858026][T24520] ? do_vfs_ioctl+0x744/0x1730 [ 911.862761][T24520] should_fail+0x709/0x870 [ 911.867146][T24520] ? setup_fault_attr+0x3d0/0x3d0 [ 911.872142][T24520] ? sbitmap_queue_init_node+0x15e/0xf70 [ 911.877738][T24520] should_failslab+0x5/0x20 [ 911.882207][T24520] __kmalloc+0x51/0x2b0 [ 911.886342][T24520] sbitmap_queue_init_node+0x15e/0xf70 [ 911.891773][T24520] ? blk_mq_init_tags+0x74/0x290 [ 911.896679][T24520] blk_mq_init_tags+0xef/0x290 [ 911.901412][T24520] blk_mq_alloc_rq_map+0x93/0x1a0 [ 911.906403][T24520] blk_mq_init_sched+0x1f2/0xaf0 [ 911.911308][T24520] elevator_init_mq+0x2cd/0x3f0 [ 911.916139][T24520] __device_add_disk+0xf1/0x1200 [ 911.921041][T24520] ? sprintf+0xd6/0x120 [ 911.925166][T24520] ? device_add_disk+0x30/0x30 [ 911.929894][T24520] ? vsprintf+0x30/0x30 [ 911.934019][T24520] ? device_initialize+0x1c7/0x3d0 [ 911.939099][T24520] ? __alloc_disk_node+0x326/0x380 [ 911.944181][T24520] loop_add+0x554/0x710 [ 911.948307][T24520] loop_control_ioctl+0x564/0x740 [ 911.953301][T24520] ? loop_remove+0xa0/0xa0 [ 911.957684][T24520] ? __lru_cache_add+0x1bf/0x210 [ 911.962586][T24520] ? memset+0x1f/0x40 [ 911.966535][T24520] ? fsnotify+0x1332/0x13f0 [ 911.971003][T24520] ? loop_remove+0xa0/0xa0 [ 911.975385][T24520] do_vfs_ioctl+0x744/0x1730 [ 911.979943][T24520] ? selinux_file_ioctl+0x723/0x970 [ 911.985111][T24520] ? ioctl_preallocate+0x250/0x250 [ 911.990190][T24520] ? __fget+0x40c/0x4a0 17:08:10 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 36) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:10 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r5, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f00000000c0)={0x2, r5}) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r6, 0x8004af70, &(0x7f0000000140)) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r5, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f00000000c0)={0x2, r5}) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$VHOST_VDPA_GET_DEVICE_ID(r6, 0x8004af70, &(0x7f0000000140)) (async) 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xa00, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x6808ce0e, 0x8, 0x328, 0x8, 0x96f, 0x9, 0x7}, 0x1c) getsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000000100)=""/86, &(0x7f0000000180)=0x56) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x300, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (rerun: 32) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x8, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 911.994317][T24520] ? fget_many+0x20/0x20 [ 911.998533][T24520] ? check_preemption_disabled+0x154/0x330 [ 912.004306][T24520] ? debug_smp_processor_id+0x20/0x20 [ 912.009652][T24520] ? security_file_ioctl+0x9d/0xb0 [ 912.014727][T24520] __x64_sys_ioctl+0xd4/0x110 [ 912.019376][T24520] do_syscall_64+0xcb/0x1c0 [ 912.023856][T24520] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 912.035839][T24520] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x235e, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:10 executing program 4: socketpair(0xb, 0x3, 0x6, &(0x7f0000000280)) r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) socketpair(0x9, 0x4, 0x9, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast1, @dev}, &(0x7f0000000080)=0xc) r2 = socket$packet(0x11, 0x2, 0x300) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x11000, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000180)=0x1) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) socketpair(0x27, 0x4, 0x4, &(0x7f0000000240)) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x1000}, 0x4) recvfrom$packet(r3, &(0x7f00000001c0)=""/113, 0x71, 0x2000, 0x0, 0x0) 17:08:10 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x300, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:10 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r5, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f00000000c0)={0x2, r5}) (async) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r6, 0x8004af70, &(0x7f0000000140)) 17:08:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xe104a619c24c8899}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000004}, 0x20000000) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x3, 0x20, 0xf3c, 0x401, 0x10000, 0x4, 0x100}, 0x1c) 17:08:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x4000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 912.096855][T24555] FAULT_INJECTION: forcing a failure. [ 912.096855][T24555] name failslab, interval 1, probability 0, space 0, times 0 [ 912.113505][T24555] CPU: 0 PID: 24555 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 912.123744][T24555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 912.133777][T24555] Call Trace: [ 912.137041][T24555] dump_stack+0x1d8/0x241 [ 912.141340][T24555] ? panic+0x73e/0x73e [ 912.145388][T24555] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 912.151173][T24555] should_fail+0x709/0x870 [ 912.155558][T24555] ? setup_fault_attr+0x3d0/0x3d0 [ 912.160560][T24555] ? pcpu_alloc+0xb62/0x1060 [ 912.165120][T24555] ? sbitmap_queue_init_node+0x69c/0xf70 [ 912.170720][T24555] should_failslab+0x5/0x20 [ 912.175192][T24555] kmem_cache_alloc_trace+0x28/0x240 [ 912.180444][T24555] sbitmap_queue_init_node+0x69c/0xf70 [ 912.185870][T24555] blk_mq_init_tags+0x153/0x290 [ 912.190690][T24555] blk_mq_alloc_rq_map+0x93/0x1a0 [ 912.195681][T24555] blk_mq_init_sched+0x1f2/0xaf0 [ 912.200599][T24555] elevator_init_mq+0x2cd/0x3f0 [ 912.205420][T24555] __device_add_disk+0xf1/0x1200 [ 912.210332][T24555] ? sprintf+0xd6/0x120 [ 912.214455][T24555] ? device_add_disk+0x30/0x30 [ 912.219190][T24555] ? vsprintf+0x30/0x30 [ 912.223330][T24555] ? device_initialize+0x1c7/0x3d0 [ 912.228406][T24555] ? __alloc_disk_node+0x326/0x380 [ 912.233487][T24555] loop_add+0x554/0x710 [ 912.237613][T24555] loop_control_ioctl+0x564/0x740 [ 912.242607][T24555] ? loop_remove+0xa0/0xa0 [ 912.246990][T24555] ? __lru_cache_add+0x1bf/0x210 [ 912.251893][T24555] ? memset+0x1f/0x40 [ 912.255844][T24555] ? fsnotify+0x1332/0x13f0 [ 912.260314][T24555] ? loop_remove+0xa0/0xa0 [ 912.264696][T24555] do_vfs_ioctl+0x744/0x1730 [ 912.269254][T24555] ? selinux_file_ioctl+0x723/0x970 [ 912.274448][T24555] ? ioctl_preallocate+0x250/0x250 [ 912.279531][T24555] ? __fget+0x40c/0x4a0 [ 912.283657][T24555] ? fget_many+0x20/0x20 [ 912.287872][T24555] ? check_preemption_disabled+0x154/0x330 17:08:11 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 37) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async, rerun: 32) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xe104a619c24c8899}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000004}, 0x20000000) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x3, 0x20, 0xf3c, 0x401, 0x10000, 0x4, 0x100}, 0x1c) 17:08:11 executing program 4: socketpair(0xb, 0x3, 0x6, &(0x7f0000000280)) (async) r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) socketpair(0x9, 0x4, 0x9, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast1, @dev}, &(0x7f0000000080)=0xc) r2 = socket$packet(0x11, 0x2, 0x300) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x11000, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000180)=0x1) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) socketpair(0x27, 0x4, 0x4, &(0x7f0000000240)) (async, rerun: 32) r4 = socket$packet(0x11, 0x2, 0x300) (rerun: 32) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x1000}, 0x4) (async) recvfrom$packet(r3, &(0x7f00000001c0)=""/113, 0x71, 0x2000, 0x0, 0x0) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x5e23, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x38000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x102002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x234, r0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7}, {0x5}, {0x6, 0x11, 0x40}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xf8000000}, {0x6, 0x16, 0xfe01}, {0x5}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xfe000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0xb3ce}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0xb7e2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x7}, {0x8, 0xb, 0xb4c}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x7ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x90}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x3}}]}, 0x234}, 0x1, 0x0, 0x0, 0x24000051}, 0x4) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r0, 0x400, 0x70bd26, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24811}, 0x4004000) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r2 = accept4$packet(r1, 0x0, &(0x7f00000000c0), 0x800) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x44, 0x7, 0xfffffffe, 0x101, 0xffffff0c, 0x4}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000580), 0x4) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000006c0), 0x200000, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x80, r0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe0000000}}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}], @NL80211_ATTR_HE_OBSS_PD={0x34, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x2}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "a68b37a58635a59b"}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "24cc494dcdd23703"}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "1628484d8183eb7f"}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x0) [ 912.293642][T24555] ? debug_smp_processor_id+0x20/0x20 [ 912.298979][T24555] ? security_file_ioctl+0x9d/0xb0 [ 912.304057][T24555] __x64_sys_ioctl+0xd4/0x110 [ 912.308705][T24555] do_syscall_64+0xcb/0x1c0 [ 912.313181][T24555] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 912.321281][T24555] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xe104a619c24c8899}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000004}, 0x20000000) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x3, 0x20, 0xf3c, 0x401, 0x10000, 0x4, 0x100}, 0x1c) 17:08:11 executing program 4: socketpair(0xb, 0x3, 0x6, &(0x7f0000000280)) (async) r0 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) socketpair(0x9, 0x4, 0x9, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast1, @dev}, &(0x7f0000000080)=0xc) r2 = socket$packet(0x11, 0x2, 0x300) (async) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x11000, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000180)=0x1) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) (async) socketpair(0x27, 0x4, 0x4, &(0x7f0000000240)) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x1000}, 0x4) recvfrom$packet(r3, &(0x7f00000001c0)=""/113, 0x71, 0x2000, 0x0, 0x0) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x24008000) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x2, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x102002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x234, r0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7}, {0x5}, {0x6, 0x11, 0x40}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xf8000000}, {0x6, 0x16, 0xfe01}, {0x5}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xfe000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0xb3ce}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0xb7e2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x7}, {0x8, 0xb, 0xb4c}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x7ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x90}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x3}}]}, 0x234}, 0x1, 0x0, 0x0, 0x24000051}, 0x4) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r0, 0x400, 0x70bd26, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24811}, 0x4004000) (async, rerun: 32) r1 = socket$packet(0x11, 0x2, 0x300) (rerun: 32) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) r2 = accept4$packet(r1, 0x0, &(0x7f00000000c0), 0x800) (async, rerun: 64) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x44, 0x7, 0xfffffffe, 0x101, 0xffffff0c, 0x4}, 0x1c) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000580), 0x4) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000006c0), 0x200000, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x80, r0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe0000000}}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) (async) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}], @NL80211_ATTR_HE_OBSS_PD={0x34, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x2}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "a68b37a58635a59b"}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "24cc494dcdd23703"}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "1628484d8183eb7f"}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x0) [ 912.412040][T24597] FAULT_INJECTION: forcing a failure. [ 912.412040][T24597] name failslab, interval 1, probability 0, space 0, times 0 [ 912.430469][T24597] CPU: 0 PID: 24597 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 912.440707][T24597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 912.450749][T24597] Call Trace: [ 912.454035][T24597] dump_stack+0x1d8/0x241 [ 912.458351][T24597] ? panic+0x73e/0x73e [ 912.462405][T24597] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 912.468205][T24597] should_fail+0x709/0x870 [ 912.472610][T24597] ? sbitmap_queue_init_node+0x69c/0xf70 [ 912.478216][T24597] ? setup_fault_attr+0x3d0/0x3d0 [ 912.483218][T24597] ? sbitmap_queue_init_node+0xb3d/0xf70 [ 912.488819][T24597] ? blk_mq_alloc_rq_map+0xb3/0x1a0 [ 912.494101][T24597] should_failslab+0x5/0x20 [ 912.498572][T24597] __kmalloc+0x51/0x2b0 [ 912.502697][T24597] blk_mq_alloc_rq_map+0xb3/0x1a0 [ 912.507691][T24597] blk_mq_init_sched+0x1f2/0xaf0 [ 912.512597][T24597] elevator_init_mq+0x2cd/0x3f0 [ 912.517415][T24597] __device_add_disk+0xf1/0x1200 [ 912.522319][T24597] ? sprintf+0xd6/0x120 [ 912.526443][T24597] ? device_add_disk+0x30/0x30 [ 912.531173][T24597] ? vsprintf+0x30/0x30 [ 912.535299][T24597] ? device_initialize+0x1c7/0x3d0 [ 912.540390][T24597] ? __alloc_disk_node+0x326/0x380 [ 912.545479][T24597] loop_add+0x554/0x710 [ 912.549605][T24597] loop_control_ioctl+0x564/0x740 [ 912.554595][T24597] ? loop_remove+0xa0/0xa0 [ 912.558980][T24597] ? __lru_cache_add+0x1bf/0x210 [ 912.563886][T24597] ? memset+0x1f/0x40 [ 912.567834][T24597] ? fsnotify+0x1332/0x13f0 [ 912.572304][T24597] ? loop_remove+0xa0/0xa0 [ 912.576691][T24597] do_vfs_ioctl+0x744/0x1730 [ 912.581251][T24597] ? selinux_file_ioctl+0x723/0x970 [ 912.586416][T24597] ? ioctl_preallocate+0x250/0x250 [ 912.591493][T24597] ? __fget+0x40c/0x4a0 [ 912.595617][T24597] ? fget_many+0x20/0x20 [ 912.599827][T24597] ? check_preemption_disabled+0x154/0x330 [ 912.605599][T24597] ? debug_smp_processor_id+0x20/0x20 17:08:11 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 38) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x800300, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x24008000) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:11 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socketpair(0x3, 0x4, 0x80000001, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x81, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x3, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x24008000) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x24008000) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:11 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socketpair(0x3, 0x4, 0x80000001, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x81, 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (rerun: 32) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x1000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x102002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x234, r0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7}, {0x5}, {0x6, 0x11, 0x40}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xf8000000}, {0x6, 0x16, 0xfe01}, {0x5}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xfe000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0xb3ce}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0xb7e2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x7}, {0x8, 0xb, 0xb4c}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x7ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x90}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x3}}]}, 0x234}, 0x1, 0x0, 0x0, 0x24000051}, 0x4) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r0, 0x400, 0x70bd26, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24811}, 0x4004000) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r2 = accept4$packet(r1, 0x0, &(0x7f00000000c0), 0x800) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x44, 0x7, 0xfffffffe, 0x101, 0xffffff0c, 0x4}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000580), 0x4) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000006c0), 0x200000, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x80, r0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe0000000}}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}], @NL80211_ATTR_HE_OBSS_PD={0x34, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x2}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "a68b37a58635a59b"}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "24cc494dcdd23703"}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "1628484d8183eb7f"}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x102002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x234, r0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7}, {0x5}, {0x6, 0x11, 0x40}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xf8000000}, {0x6, 0x16, 0xfe01}, {0x5}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xfe000000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0xb3ce}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0xb7e2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x7}, {0x8, 0xb, 0xb4c}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x7ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x1}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x90}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x3}}]}, 0x234}, 0x1, 0x0, 0x0, 0x24000051}, 0x4) (async) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, r0, 0x400, 0x70bd26, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24811}, 0x4004000) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) accept4$packet(r1, 0x0, &(0x7f00000000c0), 0x800) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x44, 0x7, 0xfffffffe, 0x101, 0xffffff0c, 0x4}, 0x1c) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000580), 0x4) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f00000006c0), 0x200000, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x80, r0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe0000000}}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) (async) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}], @NL80211_ATTR_HE_OBSS_PD={0x34, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x2}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "a68b37a58635a59b"}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "24cc494dcdd23703"}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "1628484d8183eb7f"}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$loop(&(0x7f0000000040), 0xc8, 0x200000) ioctl$BLKRRPART(r1, 0x125f, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x80, 0x2}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 912.610940][T24597] ? security_file_ioctl+0x9d/0xb0 [ 912.616018][T24597] __x64_sys_ioctl+0xd4/0x110 [ 912.620663][T24597] do_syscall_64+0xcb/0x1c0 [ 912.625136][T24597] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 912.631410][T24597] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$loop(&(0x7f0000000040), 0xc8, 0x200000) ioctl$BLKRRPART(r1, 0x125f, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x80, 0x2}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$loop(&(0x7f0000000040), 0xc8, 0x200000) ioctl$BLKRRPART(r1, 0x125f, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x80, 0x2}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 912.706049][T24627] FAULT_INJECTION: forcing a failure. [ 912.706049][T24627] name failslab, interval 1, probability 0, space 0, times 0 [ 912.719649][T24627] CPU: 1 PID: 24627 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 912.729873][T24627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 912.740016][T24627] Call Trace: [ 912.743283][T24627] dump_stack+0x1d8/0x241 [ 912.747585][T24627] ? panic+0x73e/0x73e [ 912.751623][T24627] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 912.757404][T24627] should_fail+0x709/0x870 [ 912.761789][T24627] ? setup_fault_attr+0x3d0/0x3d0 [ 912.766788][T24627] ? blk_mq_alloc_rq_map+0xe9/0x1a0 [ 912.771952][T24627] should_failslab+0x5/0x20 [ 912.776424][T24627] __kmalloc+0x51/0x2b0 [ 912.780546][T24627] ? blk_mq_alloc_rq_map+0xb3/0x1a0 [ 912.785713][T24627] blk_mq_alloc_rq_map+0xe9/0x1a0 [ 912.790710][T24627] blk_mq_init_sched+0x1f2/0xaf0 [ 912.795615][T24627] elevator_init_mq+0x2cd/0x3f0 [ 912.800433][T24627] __device_add_disk+0xf1/0x1200 [ 912.805337][T24627] ? sprintf+0xd6/0x120 [ 912.809464][T24627] ? device_add_disk+0x30/0x30 [ 912.814191][T24627] ? vsprintf+0x30/0x30 [ 912.818373][T24627] ? device_initialize+0x1c7/0x3d0 [ 912.823451][T24627] ? __alloc_disk_node+0x326/0x380 [ 912.828526][T24627] loop_add+0x554/0x710 [ 912.832657][T24627] loop_control_ioctl+0x564/0x740 [ 912.837653][T24627] ? loop_remove+0xa0/0xa0 [ 912.842037][T24627] ? __lru_cache_add+0x1bf/0x210 [ 912.846941][T24627] ? memset+0x1f/0x40 [ 912.850891][T24627] ? fsnotify+0x1332/0x13f0 [ 912.855371][T24627] ? loop_remove+0xa0/0xa0 [ 912.859763][T24627] do_vfs_ioctl+0x744/0x1730 [ 912.864323][T24627] ? selinux_file_ioctl+0x723/0x970 [ 912.869494][T24627] ? ioctl_preallocate+0x250/0x250 [ 912.874583][T24627] ? __fget+0x40c/0x4a0 [ 912.878714][T24627] ? fget_many+0x20/0x20 [ 912.882937][T24627] ? check_preemption_disabled+0x154/0x330 [ 912.888710][T24627] ? debug_smp_processor_id+0x20/0x20 [ 912.894049][T24627] ? security_file_ioctl+0x9d/0xb0 [ 912.899127][T24627] __x64_sys_ioctl+0xd4/0x110 17:08:11 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 39) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x4, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000000, 0x410040) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000080)={0x1, 0xc490}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x2000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x1e) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:11 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socketpair(0x3, 0x4, 0x80000001, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x81, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 912.903780][T24627] do_syscall_64+0xcb/0x1c0 [ 912.908254][T24627] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 912.917018][T24627] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x3000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x5, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000000, 0x410040) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000080)={0x1, 0xc490}) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:11 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x1e) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x1e) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:11 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000000, 0x410040) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000080)={0x1, 0xc490}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000000, 0x410040) (async) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000080)={0x1, 0xc490}) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) 17:08:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000400), r1) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r2, 0x101, 0x0, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x800, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x34000051}, 0x40000) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r5, 0x532, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x3}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x8040800) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 913.000461][T24684] FAULT_INJECTION: forcing a failure. [ 913.000461][T24684] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 913.013902][T24684] CPU: 1 PID: 24684 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 913.024140][T24684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 913.034180][T24684] Call Trace: [ 913.037455][T24684] dump_stack+0x1d8/0x241 [ 913.041760][T24684] ? panic+0x73e/0x73e [ 913.045812][T24684] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 913.051673][T24684] ? sbitmap_queue_init_node+0x69c/0xf70 [ 913.057283][T24684] should_fail+0x709/0x870 [ 913.061673][T24684] ? elevator_init_mq+0x2cd/0x3f0 [ 913.066669][T24684] ? setup_fault_attr+0x3d0/0x3d0 [ 913.071660][T24684] ? elevator_init_mq+0x2cd/0x3f0 [ 913.076654][T24684] ? __device_add_disk+0xf1/0x1200 [ 913.081738][T24684] ? loop_add+0x554/0x710 [ 913.086129][T24684] ? loop_control_ioctl+0x564/0x740 [ 913.091310][T24684] ? do_vfs_ioctl+0x744/0x1730 [ 913.096042][T24684] ? do_syscall_64+0xcb/0x1c0 [ 913.100688][T24684] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 913.106730][T24684] __alloc_pages_nodemask+0x1b6/0x860 [ 913.112076][T24684] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 913.117590][T24684] ? find_next_bit+0xe5/0x110 [ 913.122236][T24684] ? blk_mq_hw_queue_to_node+0xeb/0x100 [ 913.127751][T24684] blk_mq_alloc_rqs+0x252/0x6d0 [ 913.132577][T24684] blk_mq_init_sched+0x256/0xaf0 [ 913.137485][T24684] elevator_init_mq+0x2cd/0x3f0 [ 913.142305][T24684] __device_add_disk+0xf1/0x1200 [ 913.147212][T24684] ? sprintf+0xd6/0x120 [ 913.151339][T24684] ? device_add_disk+0x30/0x30 [ 913.156073][T24684] ? vsprintf+0x30/0x30 [ 913.160198][T24684] ? device_initialize+0x1c7/0x3d0 [ 913.165278][T24684] ? __alloc_disk_node+0x326/0x380 [ 913.170358][T24684] loop_add+0x554/0x710 [ 913.174485][T24684] loop_control_ioctl+0x564/0x740 [ 913.179478][T24684] ? loop_remove+0xa0/0xa0 [ 913.183865][T24684] ? __lru_cache_add+0x1bf/0x210 [ 913.188770][T24684] ? memset+0x1f/0x40 [ 913.192727][T24684] ? fsnotify+0x1332/0x13f0 [ 913.197200][T24684] ? loop_remove+0xa0/0xa0 [ 913.201590][T24684] do_vfs_ioctl+0x744/0x1730 [ 913.206161][T24684] ? selinux_file_ioctl+0x723/0x970 [ 913.211334][T24684] ? ioctl_preallocate+0x250/0x250 [ 913.216420][T24684] ? __fget+0x40c/0x4a0 [ 913.220544][T24684] ? fget_many+0x20/0x20 [ 913.224757][T24684] ? check_preemption_disabled+0x154/0x330 [ 913.230534][T24684] ? debug_smp_processor_id+0x20/0x20 [ 913.235877][T24684] ? security_file_ioctl+0x9d/0xb0 [ 913.240960][T24684] __x64_sys_ioctl+0xd4/0x110 [ 913.245607][T24684] do_syscall_64+0xcb/0x1c0 17:08:11 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 40) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x6, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x8000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x29}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x30, 0x1}, {0x1b, 0x1}]}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0xfc00}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc, 0xbd, [0xf6b8, 0x20, 0x0, 0x20]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc80127d71779a944}, 0x804) 17:08:11 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x5}, 0x1e) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000400), r1) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r2, 0x101, 0x0, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x800, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x34000051}, 0x40000) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0) (async) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r5, 0x532, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x3}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x8040800) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 913.250080][T24684] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xa000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:11 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x8, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:11 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x29}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x30, 0x1}, {0x1b, 0x1}]}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0xfc00}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc, 0xbd, [0xf6b8, 0x20, 0x0, 0x20]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc80127d71779a944}, 0x804) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x29}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x30, 0x1}, {0x1b, 0x1}]}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0xfc00}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc, 0xbd, [0xf6b8, 0x20, 0x0, 0x20]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc80127d71779a944}, 0x804) (async) 17:08:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000400), r1) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r2, 0x101, 0x0, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x800, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x34000051}, 0x40000) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r5, 0x532, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x3}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x8040800) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000400), r1) (async) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r2, 0x101, 0x0, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x0) (async) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x800, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x34000051}, 0x40000) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NLBL_CALIPSO_C_LIST(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) (async) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r5, 0x532, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x3}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x8040800) (async) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x29}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x30, 0x1}, {0x1b, 0x1}]}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0xfc00}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc, 0xbd, [0xf6b8, 0x20, 0x0, 0x20]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc80127d71779a944}, 0x804) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x29}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x30, 0x1}, {0x1b, 0x1}]}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0xfc00}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc, 0xbd, [0xf6b8, 0x20, 0x0, 0x20]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc80127d71779a944}, 0x804) (async) [ 913.352860][T24735] FAULT_INJECTION: forcing a failure. [ 913.352860][T24735] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 913.368958][T24735] CPU: 1 PID: 24735 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 913.379192][T24735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 913.389223][T24735] Call Trace: [ 913.392496][T24735] dump_stack+0x1d8/0x241 [ 913.396809][T24735] ? panic+0x73e/0x73e [ 913.400853][T24735] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 913.406636][T24735] ? preempt_count_add+0x8d/0x180 [ 913.411629][T24735] should_fail+0x709/0x870 [ 913.416020][T24735] ? setup_fault_attr+0x3d0/0x3d0 [ 913.421027][T24735] __alloc_pages_nodemask+0x1b6/0x860 [ 913.426377][T24735] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 913.431895][T24735] ? find_next_bit+0xe5/0x110 [ 913.436543][T24735] ? memset+0x1f/0x40 [ 913.440498][T24735] blk_mq_alloc_rqs+0x252/0x6d0 [ 913.445327][T24735] blk_mq_init_sched+0x256/0xaf0 [ 913.450238][T24735] elevator_init_mq+0x2cd/0x3f0 [ 913.455067][T24735] __device_add_disk+0xf1/0x1200 [ 913.460073][T24735] ? sprintf+0xd6/0x120 [ 913.464220][T24735] ? device_add_disk+0x30/0x30 [ 913.468962][T24735] ? vsprintf+0x30/0x30 [ 913.473091][T24735] ? device_initialize+0x1c7/0x3d0 [ 913.478171][T24735] ? __alloc_disk_node+0x326/0x380 [ 913.483250][T24735] loop_add+0x554/0x710 [ 913.487387][T24735] loop_control_ioctl+0x564/0x740 [ 913.492391][T24735] ? loop_remove+0xa0/0xa0 [ 913.496779][T24735] ? __lru_cache_add+0x1bf/0x210 [ 913.501682][T24735] ? memset+0x1f/0x40 [ 913.505632][T24735] ? fsnotify+0x1332/0x13f0 [ 913.510108][T24735] ? loop_remove+0xa0/0xa0 [ 913.514493][T24735] do_vfs_ioctl+0x744/0x1730 [ 913.519054][T24735] ? selinux_file_ioctl+0x723/0x970 [ 913.524218][T24735] ? ioctl_preallocate+0x250/0x250 [ 913.529299][T24735] ? __fget+0x40c/0x4a0 [ 913.533423][T24735] ? fget_many+0x20/0x20 [ 913.537634][T24735] ? check_preemption_disabled+0x154/0x330 [ 913.543410][T24735] ? debug_smp_processor_id+0x20/0x20 [ 913.548751][T24735] ? security_file_ioctl+0x9d/0xb0 17:08:12 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 41) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x10001, 0x8000) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000180)) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x2, 0x40000) bind$vsock_stream(r2, &(0x7f00000001c0)={0x28, 0x0, 0x2711, @host}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032bbd7000fddbdf250e00000008000300", @ANYRES32=0x0, @ANYBLOB="0500290000000000050029001500000008002c001600000008000300", @ANYRES32=0x0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r3, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, 0x0, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) socket$inet6(0xa, 0x4, 0x8) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0xd71b62230a46831f, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x95df}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20040044) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x40000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x9, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socket$packet(0x11, 0x3, 0x300) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (rerun: 64) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x5e230000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xa, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 913.553837][T24735] __x64_sys_ioctl+0xd4/0x110 [ 913.558502][T24735] do_syscall_64+0xcb/0x1c0 [ 913.562985][T24735] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000280)={0xffffffff, 0x202000}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8, 0x8000}, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0xff, 0xffffffff, 0x0, 0x2, 0x4f, 0x7, 0x40003ff}, 0x1c) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x601, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x41) getgroups(0x4, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee01]) r4 = getgid() getgroups(0xa, &(0x7f0000000300)=[0xee01, 0xee00, 0xffffffffffffffff, r3, 0x0, 0xee01, 0xee00, r4, 0xffffffffffffffff, 0xffffffffffffffff]) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) socket$packet(0x11, 0x3, 0x300) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000280)={0xffffffff, 0x202000}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8, 0x8000}, 0x4) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0xff, 0xffffffff, 0x0, 0x2, 0x4f, 0x7, 0x40003ff}, 0x1c) (async) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) (async, rerun: 64) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) (rerun: 64) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x601, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x41) getgroups(0x4, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee01]) (async) r4 = getgid() getgroups(0xa, &(0x7f0000000300)=[0xee01, 0xee00, 0xffffffffffffffff, r3, 0x0, 0xee01, 0xee00, r4, 0xffffffffffffffff, 0xffffffffffffffff]) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (rerun: 64) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x9effffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x10001, 0x8000) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000180)) (async, rerun: 64) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x2, 0x40000) (rerun: 64) bind$vsock_stream(r2, &(0x7f00000001c0)={0x28, 0x0, 0x2711, @host}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032bbd7000fddbdf250e00000008000300", @ANYRES32=0x0, @ANYBLOB="0500290000000000050029001500000008002c001600000008000300", @ANYRES32=0x0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r3, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, 0x0, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) socket$inet6(0xa, 0x4, 0x8) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0xd71b62230a46831f, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x95df}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20040044) [ 913.694522][T24773] FAULT_INJECTION: forcing a failure. [ 913.694522][T24773] name failslab, interval 1, probability 0, space 0, times 0 [ 913.715298][T24773] CPU: 1 PID: 24773 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 913.725540][T24773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 913.735578][T24773] Call Trace: [ 913.738845][T24773] dump_stack+0x1d8/0x241 [ 913.743145][T24773] ? panic+0x73e/0x73e [ 913.747186][T24773] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 913.752964][T24773] ? __alloc_pages_nodemask+0x372/0x860 [ 913.758477][T24773] should_fail+0x709/0x870 [ 913.762862][T24773] ? setup_fault_attr+0x3d0/0x3d0 [ 913.767862][T24773] ? find_next_bit+0xe5/0x110 [ 913.772534][T24773] ? memset+0x1f/0x40 [ 913.776500][T24773] ? lo_complete_rq+0x2a0/0x2a0 [ 913.781329][T24773] ? loop_init_request+0x31/0xa0 [ 913.786247][T24773] ? elevator_alloc+0x4b/0xc0 [ 913.790899][T24773] should_failslab+0x5/0x20 [ 913.795371][T24773] kmem_cache_alloc_trace+0x28/0x240 [ 913.800626][T24773] elevator_alloc+0x4b/0xc0 [ 913.805099][T24773] dd_init_queue+0x1f/0x330 [ 913.809572][T24773] blk_mq_init_sched+0x45c/0xaf0 [ 913.814479][T24773] elevator_init_mq+0x2cd/0x3f0 [ 913.819298][T24773] __device_add_disk+0xf1/0x1200 [ 913.824207][T24773] ? sprintf+0xd6/0x120 [ 913.828343][T24773] ? device_add_disk+0x30/0x30 [ 913.833084][T24773] ? vsprintf+0x30/0x30 [ 913.837214][T24773] ? device_initialize+0x1c7/0x3d0 [ 913.842294][T24773] ? __alloc_disk_node+0x326/0x380 [ 913.847373][T24773] loop_add+0x554/0x710 [ 913.851498][T24773] loop_control_ioctl+0x564/0x740 [ 913.856621][T24773] ? loop_remove+0xa0/0xa0 [ 913.861020][T24773] ? __lru_cache_add+0x1bf/0x210 [ 913.865926][T24773] ? memset+0x1f/0x40 [ 913.869877][T24773] ? fsnotify+0x1332/0x13f0 [ 913.874351][T24773] ? loop_remove+0xa0/0xa0 [ 913.878742][T24773] do_vfs_ioctl+0x744/0x1730 [ 913.883307][T24773] ? selinux_file_ioctl+0x723/0x970 [ 913.888473][T24773] ? ioctl_preallocate+0x250/0x250 17:08:12 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 42) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xb, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xeaffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000280)={0xffffffff, 0x202000}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8, 0x8000}, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0xff, 0xffffffff, 0x0, 0x2, 0x4f, 0x7, 0x40003ff}, 0x1c) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x601, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x41) getgroups(0x4, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee01]) r4 = getgid() getgroups(0xa, &(0x7f0000000300)=[0xee01, 0xee00, 0xffffffffffffffff, r3, 0x0, 0xee01, 0xee00, r4, 0xffffffffffffffff, 0xffffffffffffffff]) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000280)={0xffffffff, 0x202000}) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x8, 0x8000}, 0x4) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0xff, 0xffffffff, 0x0, 0x2, 0x4f, 0x7, 0x40003ff}, 0x1c) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) (async) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x601, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x41) (async) getgroups(0x4, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xee01]) (async) getgid() (async) getgroups(0xa, &(0x7f0000000300)=[0xee01, 0xee00, 0xffffffffffffffff, r3, 0x0, 0xee01, 0xee00, r4, 0xffffffffffffffff, 0xffffffffffffffff]) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x2d8, r1, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x1ff}, {0x5}, {0x6, 0x11, 0x1f}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xffff0001}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x200}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1ca4}, {0x8, 0xb, 0xdfd48e9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x16, 0x1f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x800}, {0x8, 0xb, 0x40}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x1e5a}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x1000}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x8}}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x800}, 0x40005) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000480)=@req3={0x5, 0xcb3a, 0x2, 0x8000, 0x60b, 0x1f, 0x8}, 0x1c) [ 913.893554][T24773] ? __fget+0x40c/0x4a0 [ 913.897681][T24773] ? fget_many+0x20/0x20 [ 913.901893][T24773] ? check_preemption_disabled+0x154/0x330 [ 913.907671][T24773] ? debug_smp_processor_id+0x20/0x20 [ 913.913019][T24773] ? security_file_ioctl+0x9d/0xb0 [ 913.918109][T24773] __x64_sys_ioctl+0xd4/0x110 [ 913.922775][T24773] do_syscall_64+0xcb/0x1c0 [ 913.927256][T24773] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 913.934053][T24773] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x10001, 0x8000) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000180)) (async, rerun: 32) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x2, 0x40000) (rerun: 32) bind$vsock_stream(r2, &(0x7f00000001c0)={0x28, 0x0, 0x2711, @host}, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032bbd7000fddbdf250e00000008000300", @ANYRES32=0x0, @ANYBLOB="0500290000000000050029001500000008002c001600000008000300", @ANYRES32=0x0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r3, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, 0x0, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async, rerun: 32) socket$inet6(0xa, 0x4, 0x8) (async, rerun: 32) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0xd71b62230a46831f, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x95df}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20040044) 17:08:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x2d8, r1, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x1ff}, {0x5}, {0x6, 0x11, 0x1f}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xffff0001}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x200}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1ca4}, {0x8, 0xb, 0xdfd48e9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x16, 0x1f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x800}, {0x8, 0xb, 0x40}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x1e5a}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x1000}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x8}}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x800}, 0x40005) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000480)=@req3={0x5, 0xcb3a, 0x2, 0x8000, 0x60b, 0x1f, 0x8}, 0x1c) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xefffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x2d8, r1, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x1ff}, {0x5}, {0x6, 0x11, 0x1f}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xffff0001}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x200}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1ca4}, {0x8, 0xb, 0xdfd48e9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x16, 0x1f}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x800}, {0x8, 0xb, 0x40}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x1e5a}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x1000}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x5}, {0x5}, {0x6, 0x11, 0xff}, {0x8, 0xb, 0x8}}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x800}, 0x40005) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000480)=@req3={0x5, 0xcb3a, 0x2, 0x8000, 0x60b, 0x1f, 0x8}, 0x1c) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xf0ffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) socketpair(0x11, 0x4, 0x8, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x1db7, 0x4) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x51, 0x4000) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x1) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x10, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 914.043848][T24795] FAULT_INJECTION: forcing a failure. [ 914.043848][T24795] name failslab, interval 1, probability 0, space 0, times 0 [ 914.057423][T24795] CPU: 0 PID: 24795 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 914.067655][T24795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.077688][T24795] Call Trace: [ 914.080955][T24795] dump_stack+0x1d8/0x241 [ 914.085254][T24795] ? panic+0x73e/0x73e [ 914.089292][T24795] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 914.095067][T24795] should_fail+0x709/0x870 [ 914.099453][T24795] ? setup_fault_attr+0x3d0/0x3d0 [ 914.104447][T24795] ? dd_init_queue+0x69/0x330 [ 914.109093][T24795] should_failslab+0x5/0x20 [ 914.113563][T24795] kmem_cache_alloc_trace+0x28/0x240 [ 914.118816][T24795] dd_init_queue+0x69/0x330 [ 914.123290][T24795] blk_mq_init_sched+0x45c/0xaf0 [ 914.128203][T24795] elevator_init_mq+0x2cd/0x3f0 [ 914.133024][T24795] __device_add_disk+0xf1/0x1200 [ 914.137936][T24795] ? sprintf+0xd6/0x120 [ 914.142060][T24795] ? device_add_disk+0x30/0x30 [ 914.146790][T24795] ? vsprintf+0x30/0x30 [ 914.150914][T24795] ? device_initialize+0x1c7/0x3d0 [ 914.155993][T24795] ? __alloc_disk_node+0x326/0x380 [ 914.161077][T24795] loop_add+0x554/0x710 [ 914.165203][T24795] loop_control_ioctl+0x564/0x740 [ 914.170203][T24795] ? loop_remove+0xa0/0xa0 [ 914.174588][T24795] ? __lru_cache_add+0x1bf/0x210 [ 914.179492][T24795] ? memset+0x1f/0x40 [ 914.183443][T24795] ? fsnotify+0x1332/0x13f0 [ 914.187913][T24795] ? loop_remove+0xa0/0xa0 [ 914.192308][T24795] do_vfs_ioctl+0x744/0x1730 [ 914.196867][T24795] ? selinux_file_ioctl+0x723/0x970 [ 914.202036][T24795] ? ioctl_preallocate+0x250/0x250 [ 914.207120][T24795] ? __fget+0x40c/0x4a0 [ 914.211249][T24795] ? fget_many+0x20/0x20 [ 914.215477][T24795] ? check_preemption_disabled+0x154/0x330 [ 914.221269][T24795] ? debug_smp_processor_id+0x20/0x20 [ 914.226626][T24795] ? security_file_ioctl+0x9d/0xb0 [ 914.231712][T24795] __x64_sys_ioctl+0xd4/0x110 [ 914.236489][T24795] do_syscall_64+0xcb/0x1c0 17:08:12 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 43) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:12 executing program 3: r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000080)) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r2 = gettid() syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/ipc\x00') 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xfeffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x11, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async) socketpair(0x11, 0x4, 0x8, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async, rerun: 64) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x1db7, 0x4) (async) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x51, 0x4000) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x1) 17:08:12 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x12, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:12 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async) socketpair(0x11, 0x4, 0x8, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x1db7, 0x4) r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x51, 0x4000) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x1) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xffffff7f, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 914.240983][T24795] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 914.249290][T24795] "mq-deadline" elevator initialization failed, falling back to "none" 17:08:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) 17:08:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xffffff9e, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:12 executing program 3: r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000080)) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r2 = gettid() syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/ipc\x00') getpgid(0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000080)) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) gettid() (async) syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/ipc\x00') (async) [ 914.369069][T24846] FAULT_INJECTION: forcing a failure. [ 914.369069][T24846] name failslab, interval 1, probability 0, space 0, times 0 [ 914.381828][T24846] CPU: 0 PID: 24846 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 914.392051][T24846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.402094][T24846] Call Trace: [ 914.405368][T24846] dump_stack+0x1d8/0x241 [ 914.409673][T24846] ? panic+0x73e/0x73e [ 914.413722][T24846] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 914.419507][T24846] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 914.425567][T24846] should_fail+0x709/0x870 [ 914.429964][T24846] ? setup_fault_attr+0x3d0/0x3d0 [ 914.434968][T24846] ? device_create_vargs+0x7d/0x210 [ 914.440143][T24846] should_failslab+0x5/0x20 [ 914.444621][T24846] kmem_cache_alloc_trace+0x28/0x240 [ 914.449925][T24846] device_create_vargs+0x7d/0x210 [ 914.454924][T24846] device_create+0xea/0x130 [ 914.459400][T24846] ? device_create_vargs+0x210/0x210 [ 914.464656][T24846] bdi_register_va+0x89/0x5e0 [ 914.469309][T24846] bdi_register+0xd1/0x120 [ 914.473708][T24846] ? __device_add_disk+0x539/0x1200 [ 914.478876][T24846] ? bdi_register_va+0x5e0/0x5e0 [ 914.483830][T24846] ? percpu_ref_resurrect+0x113/0x190 [ 914.489171][T24846] bdi_register_owner+0x56/0xf0 [ 914.493997][T24846] __device_add_disk+0x5b8/0x1200 [ 914.498997][T24846] ? device_add_disk+0x30/0x30 [ 914.503740][T24846] ? vsprintf+0x30/0x30 [ 914.507879][T24846] ? device_initialize+0x1c7/0x3d0 [ 914.512961][T24846] ? __alloc_disk_node+0x326/0x380 [ 914.518048][T24846] loop_add+0x554/0x710 [ 914.522177][T24846] loop_control_ioctl+0x564/0x740 [ 914.527178][T24846] ? loop_remove+0xa0/0xa0 [ 914.531573][T24846] ? __lru_cache_add+0x1bf/0x210 [ 914.536483][T24846] ? memset+0x1f/0x40 [ 914.540437][T24846] ? fsnotify+0x1332/0x13f0 [ 914.544913][T24846] ? loop_remove+0xa0/0xa0 [ 914.549300][T24846] do_vfs_ioctl+0x744/0x1730 [ 914.553866][T24846] ? selinux_file_ioctl+0x723/0x970 [ 914.559034][T24846] ? ioctl_preallocate+0x250/0x250 [ 914.564119][T24846] ? __fget+0x40c/0x4a0 [ 914.568246][T24846] ? fget_many+0x20/0x20 [ 914.572458][T24846] ? check_preemption_disabled+0x154/0x330 [ 914.578237][T24846] ? debug_smp_processor_id+0x20/0x20 [ 914.583579][T24846] ? security_file_ioctl+0x9d/0xb0 [ 914.588661][T24846] __x64_sys_ioctl+0xd4/0x110 [ 914.593322][T24846] do_syscall_64+0xcb/0x1c0 [ 914.597818][T24846] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 914.603884][T24846] ------------[ cut here ]------------ [ 914.609343][T24846] WARNING: CPU: 0 PID: 24846 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 914.618432][T24846] Modules linked in: [ 914.622317][T24846] CPU: 0 PID: 24846 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 914.632526][T24846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.642563][T24846] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 914.648339][T24846] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 914.668005][T24846] RSP: 0018:ffff8881e31dfa00 EFLAGS: 00010246 [ 914.674043][T24846] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 914.681986][T24846] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 914.689931][T24846] RBP: ffff8881e31dfb40 R08: ffffffff821f8e93 R09: fffffbfff0bac467 [ 914.697875][T24846] R10: fffffbfff0bac467 R11: 1ffffffff0bac466 R12: ffff8881e21e1000 [ 914.705819][T24846] R13: dffffc0000000000 R14: ffff8881e21e1070 R15: 1ffff1103c43c29d [ 914.713766][T24846] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 914.722676][T24846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 914.729241][T24846] CR2: 00007f98da1e4ff8 CR3: 00000001ebbad000 CR4: 00000000003406f0 [ 914.737192][T24846] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 914.745142][T24846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 914.753086][T24846] Call Trace: [ 914.756358][T24846] ? device_add_disk+0x30/0x30 [ 914.761092][T24846] ? vsprintf+0x30/0x30 [ 914.765219][T24846] ? device_initialize+0x1c7/0x3d0 [ 914.770304][T24846] ? __alloc_disk_node+0x326/0x380 [ 914.775385][T24846] loop_add+0x554/0x710 [ 914.779516][T24846] loop_control_ioctl+0x564/0x740 [ 914.784514][T24846] ? loop_remove+0xa0/0xa0 [ 914.789109][T24846] ? __lru_cache_add+0x1bf/0x210 [ 914.794022][T24846] ? memset+0x1f/0x40 [ 914.797979][T24846] ? fsnotify+0x1332/0x13f0 [ 914.802459][T24846] ? loop_remove+0xa0/0xa0 [ 914.806862][T24846] do_vfs_ioctl+0x744/0x1730 [ 914.811433][T24846] ? selinux_file_ioctl+0x723/0x970 17:08:13 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 44) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:13 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x13, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) (async) 17:08:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xffffffea, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:13 executing program 3: r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000080)) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) r2 = gettid() syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/ipc\x00') 17:08:13 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000300)=0x14) getgroups(0x4, &(0x7f0000000100)=[0xffffffffffffffff, 0x0, 0xee01, 0xffffffffffffffff]) r4 = getuid() getgroups(0x2, &(0x7f0000000280)=[r2, 0xee00]) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@debug={'debug', 0x3d, 0x1}}, {@version_L}, {@noextend}, {@cache_fscache}, {@access_user}, {@loose}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@cache_mmap}, {@dfltuid={'dfltuid', 0x3d, r4}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x5d, 0x64, 0x65, 0x34, 0x6, 0x63, 0x31], 0x2d, [0x65, 0x38, 0x61, 0x35], 0x2d, [0x35, 0x30, 0x38, 0x35], 0x2d, [0x66, 0x37, 0x37, 0x37], 0x2d, [0x62, 0x33, 0x64, 0x30, 0x34, 0x37, 0x64, 0x31]}}}, {@uid_lt={'uid<', 0xee00}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}]}}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) socket$bt_rfcomm(0x1f, 0x1, 0x3) 17:08:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xffffffef, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 914.816601][T24846] ? ioctl_preallocate+0x250/0x250 [ 914.821688][T24846] ? __fget+0x40c/0x4a0 [ 914.825904][T24846] ? fget_many+0x20/0x20 [ 914.830118][T24846] ? check_preemption_disabled+0x154/0x330 [ 914.835896][T24846] ? debug_smp_processor_id+0x20/0x20 [ 914.841241][T24846] ? security_file_ioctl+0x9d/0xb0 [ 914.846323][T24846] __x64_sys_ioctl+0xd4/0x110 [ 914.850972][T24846] do_syscall_64+0xcb/0x1c0 [ 914.855448][T24846] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 914.861322][T24846] ---[ end trace 03bf7d324617ae24 ]--- 17:08:13 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) r1 = socket$packet(0x11, 0x2, 0x300) (rerun: 32) getpeername$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000300)=0x14) (async) getgroups(0x4, &(0x7f0000000100)=[0xffffffffffffffff, 0x0, 0xee01, 0xffffffffffffffff]) (async, rerun: 32) r4 = getuid() (rerun: 32) getgroups(0x2, &(0x7f0000000280)=[r2, 0xee00]) (async) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@debug={'debug', 0x3d, 0x1}}, {@version_L}, {@noextend}, {@cache_fscache}, {@access_user}, {@loose}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@cache_mmap}, {@dfltuid={'dfltuid', 0x3d, r4}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x5d, 0x64, 0x65, 0x34, 0x6, 0x63, 0x31], 0x2d, [0x65, 0x38, 0x61, 0x35], 0x2d, [0x35, 0x30, 0x38, 0x35], 0x2d, [0x66, 0x37, 0x37, 0x37], 0x2d, [0x62, 0x33, 0x64, 0x30, 0x34, 0x37, 0x64, 0x31]}}}, {@uid_lt={'uid<', 0xee00}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}]}}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async, rerun: 64) socket$packet(0x11, 0x2, 0x300) (async, rerun: 64) socket$bt_rfcomm(0x1f, 0x1, 0x3) 17:08:13 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x14, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @empty}, &(0x7f0000000140)=0xc) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x100000001, 0x10000) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x20, 0x80) accept4$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14, 0x80800) getpeername$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) 17:08:13 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async, rerun: 32) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @empty}, &(0x7f0000000140)=0xc) (rerun: 32) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x10) (async) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x100000001, 0x10000) (async) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x20, 0x80) accept4$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14, 0x80800) getpeername$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) [ 914.936610][T24889] FAULT_INJECTION: forcing a failure. [ 914.936610][T24889] name failslab, interval 1, probability 0, space 0, times 0 [ 914.949995][T24889] CPU: 0 PID: 24889 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 914.961614][T24889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.971787][T24889] Call Trace: [ 914.975060][T24889] dump_stack+0x1d8/0x241 [ 914.979364][T24889] ? panic+0x73e/0x73e [ 914.983405][T24889] ? bdi_register_va+0x89/0x5e0 [ 914.988228][T24889] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 914.994095][T24889] ? loop_add+0x554/0x710 [ 914.998397][T24889] ? do_vfs_ioctl+0x744/0x1730 [ 915.003132][T24889] ? __x64_sys_ioctl+0xd4/0x110 [ 915.007952][T24889] ? do_syscall_64+0xcb/0x1c0 [ 915.012605][T24889] should_fail+0x709/0x870 [ 915.017002][T24889] ? setup_fault_attr+0x3d0/0x3d0 [ 915.022001][T24889] ? _raw_spin_lock+0x1b0/0x1b0 [ 915.026826][T24889] ? memset+0x1f/0x40 [ 915.030821][T24889] ? kobject_set_name_vargs+0x5d/0x110 [ 915.036278][T24889] should_failslab+0x5/0x20 [ 915.040759][T24889] __kmalloc_track_caller+0x4f/0x280 [ 915.046020][T24889] kstrdup_const+0x51/0x90 [ 915.050590][T24889] kobject_set_name_vargs+0x5d/0x110 [ 915.055850][T24889] device_create_vargs+0x182/0x210 [ 915.060932][T24889] device_create+0xea/0x130 [ 915.065408][T24889] ? device_create_vargs+0x210/0x210 [ 915.070663][T24889] bdi_register_va+0x89/0x5e0 [ 915.075314][T24889] bdi_register+0xd1/0x120 [ 915.079701][T24889] ? __device_add_disk+0x539/0x1200 [ 915.084868][T24889] ? bdi_register_va+0x5e0/0x5e0 [ 915.089776][T24889] ? percpu_ref_resurrect+0x113/0x190 [ 915.095119][T24889] bdi_register_owner+0x56/0xf0 [ 915.099942][T24889] __device_add_disk+0x5b8/0x1200 [ 915.104936][T24889] ? device_add_disk+0x30/0x30 [ 915.109676][T24889] ? vsprintf+0x30/0x30 [ 915.113804][T24889] ? device_initialize+0x1c7/0x3d0 [ 915.118910][T24889] ? __alloc_disk_node+0x326/0x380 [ 915.123989][T24889] loop_add+0x554/0x710 [ 915.128117][T24889] loop_control_ioctl+0x564/0x740 [ 915.133112][T24889] ? loop_remove+0xa0/0xa0 [ 915.137502][T24889] ? __lru_cache_add+0x1bf/0x210 [ 915.142407][T24889] ? memset+0x1f/0x40 [ 915.146360][T24889] ? fsnotify+0x1332/0x13f0 [ 915.150839][T24889] ? loop_remove+0xa0/0xa0 [ 915.155227][T24889] do_vfs_ioctl+0x744/0x1730 [ 915.159788][T24889] ? selinux_file_ioctl+0x723/0x970 [ 915.164956][T24889] ? ioctl_preallocate+0x250/0x250 [ 915.170166][T24889] ? __fget+0x40c/0x4a0 [ 915.174293][T24889] ? fget_many+0x20/0x20 [ 915.178574][T24889] ? check_preemption_disabled+0x154/0x330 [ 915.184349][T24889] ? debug_smp_processor_id+0x20/0x20 [ 915.189693][T24889] ? security_file_ioctl+0x9d/0xb0 [ 915.194863][T24889] __x64_sys_ioctl+0xd4/0x110 [ 915.199511][T24889] do_syscall_64+0xcb/0x1c0 [ 915.203988][T24889] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 915.213045][T24889] ------------[ cut here ]------------ [ 915.218519][T24889] WARNING: CPU: 0 PID: 24889 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 915.227592][T24889] Modules linked in: [ 915.231463][T24889] CPU: 0 PID: 24889 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 915.243052][T24889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 915.253089][T24889] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 915.258866][T24889] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 915.278528][T24889] RSP: 0018:ffff8881e683fa00 EFLAGS: 00010246 [ 915.284563][T24889] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 915.292510][T24889] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 915.300463][T24889] RBP: ffff8881e683fb40 R08: ffffffff821f8e93 R09: 0000000000000003 [ 915.308526][T24889] R10: ffffed103cd07e51 R11: 1ffff1103cd07e50 R12: ffff8881cfd42000 [ 915.316470][T24889] R13: dffffc0000000000 R14: ffff8881cfd42070 R15: 1ffff11039fa849d [ 915.325289][T24889] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 915.334195][T24889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 915.340755][T24889] CR2: 00007f98da1c4718 CR3: 00000001e0437000 CR4: 00000000003406f0 [ 915.348704][T24889] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 915.356648][T24889] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 915.364595][T24889] Call Trace: [ 915.367861][T24889] ? device_add_disk+0x30/0x30 [ 915.372597][T24889] ? vsprintf+0x30/0x30 [ 915.376737][T24889] ? device_initialize+0x1c7/0x3d0 [ 915.381860][T24889] ? __alloc_disk_node+0x326/0x380 [ 915.386949][T24889] loop_add+0x554/0x710 [ 915.391168][T24889] loop_control_ioctl+0x564/0x740 [ 915.396164][T24889] ? loop_remove+0xa0/0xa0 [ 915.400555][T24889] ? __lru_cache_add+0x1bf/0x210 [ 915.405463][T24889] ? memset+0x1f/0x40 [ 915.409439][T24889] ? fsnotify+0x1332/0x13f0 [ 915.413917][T24889] ? loop_remove+0xa0/0xa0 [ 915.418307][T24889] do_vfs_ioctl+0x744/0x1730 [ 915.422868][T24889] ? selinux_file_ioctl+0x723/0x970 [ 915.428040][T24889] ? ioctl_preallocate+0x250/0x250 [ 915.433126][T24889] ? __fget+0x40c/0x4a0 17:08:14 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 45) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async, rerun: 64) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @empty}, &(0x7f0000000140)=0xc) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x100000001, 0x10000) (async) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x20, 0x80) accept4$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14, 0x80800) (async, rerun: 32) getpeername$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) (rerun: 32) 17:08:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xfffffff0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:14 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000300)=0x14) getgroups(0x4, &(0x7f0000000100)=[0xffffffffffffffff, 0x0, 0xee01, 0xffffffffffffffff]) (async) r4 = getuid() getgroups(0x2, &(0x7f0000000280)=[r2, 0xee00]) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@debug={'debug', 0x3d, 0x1}}, {@version_L}, {@noextend}, {@cache_fscache}, {@access_user}, {@loose}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@cache_mmap}, {@dfltuid={'dfltuid', 0x3d, r4}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x5d, 0x64, 0x65, 0x34, 0x6, 0x63, 0x31], 0x2d, [0x65, 0x38, 0x61, 0x35], 0x2d, [0x35, 0x30, 0x38, 0x35], 0x2d, [0x66, 0x37, 0x37, 0x37], 0x2d, [0x62, 0x33, 0x64, 0x30, 0x34, 0x37, 0x64, 0x31]}}}, {@uid_lt={'uid<', 0xee00}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}]}}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$bt_rfcomm(0x1f, 0x1, 0x3) 17:08:14 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x300, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:14 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 915.437252][T24889] ? fget_many+0x20/0x20 [ 915.441466][T24889] ? check_preemption_disabled+0x154/0x330 [ 915.447244][T24889] ? debug_smp_processor_id+0x20/0x20 [ 915.452678][T24889] ? security_file_ioctl+0x9d/0xb0 [ 915.457936][T24889] __x64_sys_ioctl+0xd4/0x110 [ 915.462731][T24889] do_syscall_64+0xcb/0x1c0 [ 915.467208][T24889] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 915.473198][T24889] ---[ end trace 03bf7d324617ae25 ]--- 17:08:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0xfffffffe, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x115d25ed98d6481e, 0x0) connect$packet(r3, &(0x7f0000000240)={0x11, 0xf0, r1, 0x1, 0x9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0xe8, 0x0, 0x9, 0x11, @dev={0xfe, 0x80, '\x00', 0x12}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x400}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) bind$bt_rfcomm(r2, &(0x7f00000000c0)={0x1f, @none, 0x20}, 0xa) connect$bt_rfcomm(r2, &(0x7f0000000100)={0x1f, @any, 0x4}, 0xa) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) getpeername$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) 17:08:14 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:14 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x500, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x115d25ed98d6481e, 0x0) connect$packet(r3, &(0x7f0000000240)={0x11, 0xf0, r1, 0x1, 0x9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0xe8, 0x0, 0x9, 0x11, @dev={0xfe, 0x80, '\x00', 0x12}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x400}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) (async) bind$bt_rfcomm(r2, &(0x7f00000000c0)={0x1f, @none, 0x20}, 0xa) connect$bt_rfcomm(r2, &(0x7f0000000100)={0x1f, @any, 0x4}, 0xa) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async, rerun: 32) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async, rerun: 32) getpeername$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) (rerun: 32) 17:08:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 915.543074][T24911] FAULT_INJECTION: forcing a failure. [ 915.543074][T24911] name failslab, interval 1, probability 0, space 0, times 0 [ 915.556749][T24911] CPU: 0 PID: 24911 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 915.568372][T24911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 915.578421][T24911] Call Trace: [ 915.581712][T24911] dump_stack+0x1d8/0x241 [ 915.586039][T24911] ? panic+0x73e/0x73e [ 915.590087][T24911] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 915.595872][T24911] should_fail+0x709/0x870 [ 915.600267][T24911] ? setup_fault_attr+0x3d0/0x3d0 [ 915.605351][T24911] ? device_add+0xb6/0xbc0 [ 915.609740][T24911] should_failslab+0x5/0x20 [ 915.614215][T24911] kmem_cache_alloc_trace+0x28/0x240 [ 915.619474][T24911] device_add+0xb6/0xbc0 [ 915.623693][T24911] device_create_vargs+0x1b8/0x210 [ 915.628864][T24911] device_create+0xea/0x130 [ 915.633344][T24911] ? device_create_vargs+0x210/0x210 [ 915.638606][T24911] bdi_register_va+0x89/0x5e0 [ 915.643258][T24911] bdi_register+0xd1/0x120 [ 915.647645][T24911] ? __device_add_disk+0x539/0x1200 [ 915.652813][T24911] ? bdi_register_va+0x5e0/0x5e0 [ 915.657723][T24911] ? percpu_ref_resurrect+0x113/0x190 [ 915.663067][T24911] bdi_register_owner+0x56/0xf0 [ 915.667893][T24911] __device_add_disk+0x5b8/0x1200 [ 915.672893][T24911] ? device_add_disk+0x30/0x30 [ 915.677638][T24911] ? vsprintf+0x30/0x30 [ 915.681766][T24911] ? device_initialize+0x1c7/0x3d0 [ 915.686860][T24911] ? __alloc_disk_node+0x326/0x380 [ 915.691947][T24911] loop_add+0x554/0x710 [ 915.696090][T24911] loop_control_ioctl+0x564/0x740 [ 915.701094][T24911] ? loop_remove+0xa0/0xa0 [ 915.705487][T24911] ? __lru_cache_add+0x1bf/0x210 [ 915.710397][T24911] ? memset+0x1f/0x40 [ 915.714352][T24911] ? fsnotify+0x1332/0x13f0 [ 915.718829][T24911] ? loop_remove+0xa0/0xa0 [ 915.723219][T24911] do_vfs_ioctl+0x744/0x1730 [ 915.727786][T24911] ? selinux_file_ioctl+0x723/0x970 [ 915.732967][T24911] ? ioctl_preallocate+0x250/0x250 [ 915.738054][T24911] ? __fget+0x40c/0x4a0 [ 915.742277][T24911] ? fget_many+0x20/0x20 [ 915.746492][T24911] ? check_preemption_disabled+0x154/0x330 [ 915.752299][T24911] ? debug_smp_processor_id+0x20/0x20 [ 915.757647][T24911] ? security_file_ioctl+0x9d/0xb0 [ 915.762903][T24911] __x64_sys_ioctl+0xd4/0x110 [ 915.767552][T24911] do_syscall_64+0xcb/0x1c0 [ 915.772033][T24911] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 915.778691][T24911] ------------[ cut here ]------------ [ 915.784164][T24911] WARNING: CPU: 0 PID: 24911 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 915.793244][T24911] Modules linked in: [ 915.797117][T24911] CPU: 0 PID: 24911 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 915.808710][T24911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 915.818750][T24911] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 915.824587][T24911] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 915.844164][T24911] RSP: 0018:ffff8881c498fa00 EFLAGS: 00010246 [ 915.850203][T24911] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 915.858146][T24911] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 915.866090][T24911] RBP: ffff8881c498fb40 R08: ffffffff821f8e93 R09: 0000000000000003 [ 915.874120][T24911] R10: ffffed1038931e55 R11: 1ffff11038931e54 R12: ffff8881ce034000 [ 915.882065][T24911] R13: dffffc0000000000 R14: ffff8881ce034070 R15: 1ffff11039c0689d [ 915.890013][T24911] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 915.898915][T24911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 915.905488][T24911] CR2: 00007f98da1c4718 CR3: 00000001cec0f000 CR4: 00000000003406f0 [ 915.913434][T24911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 915.921379][T24911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 915.929320][T24911] Call Trace: [ 915.932590][T24911] ? device_add_disk+0x30/0x30 [ 915.937333][T24911] ? vsprintf+0x30/0x30 [ 915.941471][T24911] ? device_initialize+0x1c7/0x3d0 [ 915.946557][T24911] ? __alloc_disk_node+0x326/0x380 [ 915.951649][T24911] loop_add+0x554/0x710 [ 915.955791][T24911] loop_control_ioctl+0x564/0x740 [ 915.960810][T24911] ? loop_remove+0xa0/0xa0 [ 915.965197][T24911] ? __lru_cache_add+0x1bf/0x210 [ 915.970105][T24911] ? memset+0x1f/0x40 [ 915.974058][T24911] ? fsnotify+0x1332/0x13f0 [ 915.978724][T24911] ? loop_remove+0xa0/0xa0 [ 915.983113][T24911] do_vfs_ioctl+0x744/0x1730 [ 915.987674][T24911] ? selinux_file_ioctl+0x723/0x970 17:08:14 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 46) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:14 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (rerun: 32) 17:08:14 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x600, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:14 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x3, 0x300) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x115d25ed98d6481e, 0x0) connect$packet(r3, &(0x7f0000000240)={0x11, 0xf0, r1, 0x1, 0x9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0xe8, 0x0, 0x9, 0x11, @dev={0xfe, 0x80, '\x00', 0x12}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x400}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) bind$bt_rfcomm(r2, &(0x7f00000000c0)={0x1f, @none, 0x20}, 0xa) connect$bt_rfcomm(r2, &(0x7f0000000100)={0x1f, @any, 0x4}, 0xa) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) getpeername$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x115d25ed98d6481e, 0x0) (async) connect$packet(r3, &(0x7f0000000240)={0x11, 0xf0, r1, 0x1, 0x9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}, 0x14) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0xe8, 0x0, 0x9, 0x11, @dev={0xfe, 0x80, '\x00', 0x12}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x400}}) (async) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) (async) bind$bt_rfcomm(r2, &(0x7f00000000c0)={0x1f, @none, 0x20}, 0xa) (async) connect$bt_rfcomm(r2, &(0x7f0000000100)={0x1f, @any, 0x4}, 0xa) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async) getpeername$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) (async) 17:08:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x2, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 915.992850][T24911] ? ioctl_preallocate+0x250/0x250 [ 915.997939][T24911] ? __fget+0x40c/0x4a0 [ 916.002067][T24911] ? fget_many+0x20/0x20 [ 916.006284][T24911] ? check_preemption_disabled+0x154/0x330 [ 916.012066][T24911] ? debug_smp_processor_id+0x20/0x20 [ 916.017412][T24911] ? security_file_ioctl+0x9d/0xb0 [ 916.022498][T24911] __x64_sys_ioctl+0xd4/0x110 [ 916.027152][T24911] do_syscall_64+0xcb/0x1c0 [ 916.031630][T24911] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.037493][T24911] ---[ end trace 03bf7d324617ae26 ]--- 17:08:14 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x900, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x3, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:14 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:14 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6_vti0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x7}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x2, 0x5, 0x6, 0x800}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) getsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000040)=""/64, &(0x7f0000000080)=0x40) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async, rerun: 32) getsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000040)=""/64, &(0x7f0000000080)=0x40) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 916.095041][T24945] FAULT_INJECTION: forcing a failure. [ 916.095041][T24945] name failslab, interval 1, probability 0, space 0, times 0 [ 916.108239][T24945] CPU: 0 PID: 24945 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 916.119859][T24945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.129985][T24945] Call Trace: [ 916.133257][T24945] dump_stack+0x1d8/0x241 [ 916.137562][T24945] ? panic+0x73e/0x73e [ 916.141604][T24945] ? unwind_next_frame+0x149e/0x1ed0 [ 916.146864][T24945] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 916.152641][T24945] should_fail+0x709/0x870 [ 916.157028][T24945] ? setup_fault_attr+0x3d0/0x3d0 [ 916.162026][T24945] ? deref_stack_reg+0x1f0/0x1f0 [ 916.166934][T24945] ? __unwind_start+0x72f/0x8e0 [ 916.171756][T24945] ? __kernfs_new_node+0x99/0x6d0 [ 916.176753][T24945] should_failslab+0x5/0x20 [ 916.181226][T24945] __kmalloc_track_caller+0x4f/0x280 [ 916.186484][T24945] ? stack_trace_save+0x200/0x200 [ 916.191477][T24945] kstrdup_const+0x51/0x90 [ 916.195870][T24945] __kernfs_new_node+0x99/0x6d0 [ 916.200698][T24945] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.206738][T24945] ? kernfs_new_node+0x160/0x160 [ 916.211655][T24945] ? stack_trace_save+0x132/0x200 [ 916.216659][T24945] ? stack_trace_snprint+0x170/0x170 [ 916.221918][T24945] ? stack_trace_save+0x132/0x200 [ 916.226948][T24945] kernfs_create_dir_ns+0x90/0x220 [ 916.232118][T24945] sysfs_create_dir_ns+0x181/0x390 [ 916.237203][T24945] ? sysfs_warn_dup+0xa0/0xa0 [ 916.241852][T24945] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.247890][T24945] kobject_add_internal+0x6ba/0xcb0 [ 916.253059][T24945] kobject_add+0x14c/0x210 [ 916.257447][T24945] ? _raw_spin_lock+0xa3/0x1b0 [ 916.262180][T24945] ? kobject_init+0x1d0/0x1d0 [ 916.266842][T24945] ? mutex_unlock+0x19/0x40 [ 916.271318][T24945] ? get_device_parent+0x2bd/0x420 [ 916.276402][T24945] device_add+0x3fc/0xbc0 [ 916.280751][T24945] device_create_vargs+0x1b8/0x210 [ 916.285833][T24945] device_create+0xea/0x130 [ 916.290310][T24945] ? device_create_vargs+0x210/0x210 [ 916.295567][T24945] bdi_register_va+0x89/0x5e0 [ 916.300215][T24945] bdi_register+0xd1/0x120 [ 916.304604][T24945] ? __device_add_disk+0x539/0x1200 [ 916.309772][T24945] ? bdi_register_va+0x5e0/0x5e0 [ 916.314682][T24945] ? percpu_ref_resurrect+0x113/0x190 [ 916.320047][T24945] bdi_register_owner+0x56/0xf0 [ 916.324872][T24945] __device_add_disk+0x5b8/0x1200 [ 916.329865][T24945] ? device_add_disk+0x30/0x30 [ 916.334601][T24945] ? vsprintf+0x30/0x30 [ 916.338735][T24945] ? device_initialize+0x1c7/0x3d0 [ 916.343819][T24945] ? __alloc_disk_node+0x326/0x380 [ 916.348900][T24945] loop_add+0x554/0x710 [ 916.353063][T24945] loop_control_ioctl+0x564/0x740 [ 916.358057][T24945] ? loop_remove+0xa0/0xa0 [ 916.362444][T24945] ? __lru_cache_add+0x1bf/0x210 [ 916.367353][T24945] ? memset+0x1f/0x40 [ 916.371313][T24945] ? fsnotify+0x1332/0x13f0 [ 916.375789][T24945] ? loop_remove+0xa0/0xa0 [ 916.380176][T24945] do_vfs_ioctl+0x744/0x1730 [ 916.384738][T24945] ? selinux_file_ioctl+0x723/0x970 [ 916.389906][T24945] ? ioctl_preallocate+0x250/0x250 [ 916.394987][T24945] ? __fget+0x40c/0x4a0 [ 916.399112][T24945] ? fget_many+0x20/0x20 [ 916.403326][T24945] ? check_preemption_disabled+0x154/0x330 [ 916.409103][T24945] ? debug_smp_processor_id+0x20/0x20 [ 916.414534][T24945] ? security_file_ioctl+0x9d/0xb0 [ 916.419614][T24945] __x64_sys_ioctl+0xd4/0x110 [ 916.424264][T24945] do_syscall_64+0xcb/0x1c0 [ 916.428739][T24945] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.435728][T24945] kobject_add_internal failed for 7:0 (error: -12 parent: bdi) [ 916.443428][T24945] ------------[ cut here ]------------ [ 916.448894][T24945] WARNING: CPU: 0 PID: 24945 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 916.458064][T24945] Modules linked in: [ 916.461936][T24945] CPU: 0 PID: 24945 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 916.473610][T24945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.483644][T24945] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 916.489420][T24945] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 916.509168][T24945] RSP: 0018:ffff8881e220fa00 EFLAGS: 00010246 [ 916.515207][T24945] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 916.523153][T24945] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 916.531099][T24945] RBP: ffff8881e220fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 916.539051][T24945] R10: ffffffff84800000 R11: 1ffff1103c441e00 R12: ffff8881f4fc2000 [ 916.547003][T24945] R13: dffffc0000000000 R14: ffff8881f4fc2070 R15: 1ffff1103e9f849d [ 916.554964][T24945] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 916.563881][T24945] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 916.570444][T24945] CR2: 00007f98da1c4718 CR3: 00000001eb490000 CR4: 00000000003406f0 [ 916.578401][T24945] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 916.586443][T24945] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 916.594393][T24945] Call Trace: [ 916.597674][T24945] ? device_add_disk+0x30/0x30 [ 916.602414][T24945] ? vsprintf+0x30/0x30 [ 916.606543][T24945] ? device_initialize+0x1c7/0x3d0 [ 916.611626][T24945] ? __alloc_disk_node+0x326/0x380 [ 916.616834][T24945] loop_add+0x554/0x710 [ 916.620965][T24945] loop_control_ioctl+0x564/0x740 [ 916.626051][T24945] ? loop_remove+0xa0/0xa0 [ 916.630439][T24945] ? __lru_cache_add+0x1bf/0x210 [ 916.635350][T24945] ? memset+0x1f/0x40 [ 916.639302][T24945] ? fsnotify+0x1332/0x13f0 [ 916.643784][T24945] ? loop_remove+0xa0/0xa0 [ 916.648197][T24945] do_vfs_ioctl+0x744/0x1730 [ 916.652769][T24945] ? selinux_file_ioctl+0x723/0x970 [ 916.657954][T24945] ? ioctl_preallocate+0x250/0x250 [ 916.663043][T24945] ? __fget+0x40c/0x4a0 [ 916.667173][T24945] ? fget_many+0x20/0x20 [ 916.671386][T24945] ? check_preemption_disabled+0x154/0x330 [ 916.677162][T24945] ? debug_smp_processor_id+0x20/0x20 [ 916.682508][T24945] ? security_file_ioctl+0x9d/0xb0 [ 916.687598][T24945] __x64_sys_ioctl+0xd4/0x110 [ 916.692247][T24945] do_syscall_64+0xcb/0x1c0 17:08:15 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 47) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) getsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000040)=""/64, &(0x7f0000000080)=0x40) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) getsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000040)=""/64, &(0x7f0000000080)=0x40) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x8, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:15 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6_vti0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x7}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x2, 0x5, 0x6, 0x800}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:15 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xa00, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:15 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2711, @local}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6, @remote}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r1, 0x8004af70, &(0x7f0000000100)) [ 916.696725][T24945] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.702591][T24945] ---[ end trace 03bf7d324617ae27 ]--- 17:08:15 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xb00, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2711, @local}, 0x10) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6, @remote}, 0x10) (async, rerun: 64) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (rerun: 64) ioctl$VHOST_VDPA_GET_DEVICE_ID(r1, 0x8004af70, &(0x7f0000000100)) 17:08:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xa, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:15 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:15 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6_vti0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80, 0x0, 0x7}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x2, 0x5, 0x6, 0x800}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 916.779079][T24997] FAULT_INJECTION: forcing a failure. [ 916.779079][T24997] name failslab, interval 1, probability 0, space 0, times 0 [ 916.792267][T24997] CPU: 0 PID: 24997 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 916.803879][T24997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.813911][T24997] Call Trace: [ 916.817179][T24997] dump_stack+0x1d8/0x241 [ 916.821479][T24997] ? panic+0x73e/0x73e [ 916.825523][T24997] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 916.831308][T24997] should_fail+0x709/0x870 [ 916.835701][T24997] ? setup_fault_attr+0x3d0/0x3d0 [ 916.840697][T24997] ? __kernfs_new_node+0xdb/0x6d0 [ 916.845694][T24997] should_failslab+0x5/0x20 [ 916.850169][T24997] kmem_cache_alloc+0x24/0x210 [ 916.854902][T24997] __kernfs_new_node+0xdb/0x6d0 [ 916.859723][T24997] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.865764][T24997] ? kernfs_new_node+0x160/0x160 [ 916.870673][T24997] ? stack_trace_save+0x132/0x200 [ 916.875667][T24997] ? stack_trace_snprint+0x170/0x170 [ 916.880960][T24997] ? stack_trace_save+0x132/0x200 [ 916.885958][T24997] kernfs_create_dir_ns+0x90/0x220 [ 916.891129][T24997] sysfs_create_dir_ns+0x181/0x390 [ 916.896209][T24997] ? sysfs_warn_dup+0xa0/0xa0 [ 916.900854][T24997] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 916.906891][T24997] kobject_add_internal+0x6ba/0xcb0 [ 916.912063][T24997] kobject_add+0x14c/0x210 [ 916.916450][T24997] ? _raw_spin_lock+0xa3/0x1b0 [ 916.921182][T24997] ? kobject_init+0x1d0/0x1d0 [ 916.925835][T24997] ? mutex_unlock+0x19/0x40 [ 916.930314][T24997] ? get_device_parent+0x2bd/0x420 [ 916.935392][T24997] device_add+0x3fc/0xbc0 [ 916.939691][T24997] device_create_vargs+0x1b8/0x210 [ 916.944771][T24997] device_create+0xea/0x130 [ 916.949244][T24997] ? device_create_vargs+0x210/0x210 [ 916.954500][T24997] bdi_register_va+0x89/0x5e0 [ 916.959164][T24997] bdi_register+0xd1/0x120 [ 916.963553][T24997] ? __device_add_disk+0x539/0x1200 [ 916.968719][T24997] ? bdi_register_va+0x5e0/0x5e0 [ 916.973645][T24997] ? percpu_ref_resurrect+0x113/0x190 [ 916.978985][T24997] bdi_register_owner+0x56/0xf0 [ 916.983817][T24997] __device_add_disk+0x5b8/0x1200 [ 916.988813][T24997] ? device_add_disk+0x30/0x30 [ 916.993543][T24997] ? vsprintf+0x30/0x30 [ 916.997671][T24997] ? device_initialize+0x1c7/0x3d0 [ 917.002759][T24997] ? __alloc_disk_node+0x326/0x380 [ 917.007848][T24997] loop_add+0x554/0x710 [ 917.011975][T24997] loop_control_ioctl+0x564/0x740 [ 917.016967][T24997] ? loop_remove+0xa0/0xa0 [ 917.021355][T24997] ? __lru_cache_add+0x1bf/0x210 [ 917.026263][T24997] ? memset+0x1f/0x40 [ 917.030220][T24997] ? fsnotify+0x1332/0x13f0 [ 917.034693][T24997] ? loop_remove+0xa0/0xa0 [ 917.039083][T24997] do_vfs_ioctl+0x744/0x1730 [ 917.043649][T24997] ? selinux_file_ioctl+0x723/0x970 [ 917.048816][T24997] ? ioctl_preallocate+0x250/0x250 [ 917.053908][T24997] ? __fget+0x40c/0x4a0 [ 917.058034][T24997] ? fget_many+0x20/0x20 [ 917.062248][T24997] ? check_preemption_disabled+0x154/0x330 [ 917.068021][T24997] ? debug_smp_processor_id+0x20/0x20 [ 917.073365][T24997] ? security_file_ioctl+0x9d/0xb0 [ 917.078446][T24997] __x64_sys_ioctl+0xd4/0x110 [ 917.083094][T24997] do_syscall_64+0xcb/0x1c0 [ 917.087569][T24997] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 917.094161][T24997] kobject_add_internal failed for 7:0 (error: -12 parent: bdi) [ 917.101907][T24997] ------------[ cut here ]------------ [ 917.107356][T24997] WARNING: CPU: 0 PID: 24997 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 917.116427][T24997] Modules linked in: [ 917.120296][T24997] CPU: 0 PID: 24997 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 917.131884][T24997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 917.141928][T24997] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 917.147704][T24997] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 917.167277][T24997] RSP: 0018:ffff8881f0b9fa00 EFLAGS: 00010246 [ 917.173313][T24997] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 917.181253][T24997] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 917.189196][T24997] RBP: ffff8881f0b9fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 917.197142][T24997] R10: ffffffff84800000 R11: 1ffff1103e173e00 R12: ffff8881ea574000 [ 917.205082][T24997] R13: dffffc0000000000 R14: ffff8881ea574070 R15: 1ffff1103d4ae89d [ 917.213027][T24997] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 917.221934][T24997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 917.228490][T24997] CR2: 00007f98da1e4ff8 CR3: 00000001ede49000 CR4: 00000000003406f0 [ 917.236434][T24997] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 917.244375][T24997] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 917.252314][T24997] Call Trace: [ 917.255583][T24997] ? device_add_disk+0x30/0x30 [ 917.260318][T24997] ? vsprintf+0x30/0x30 [ 917.264445][T24997] ? device_initialize+0x1c7/0x3d0 [ 917.269528][T24997] ? __alloc_disk_node+0x326/0x380 [ 917.274618][T24997] loop_add+0x554/0x710 [ 917.278747][T24997] loop_control_ioctl+0x564/0x740 [ 917.283743][T24997] ? loop_remove+0xa0/0xa0 [ 917.288131][T24997] ? __lru_cache_add+0x1bf/0x210 [ 917.293040][T24997] ? memset+0x1f/0x40 [ 917.296993][T24997] ? fsnotify+0x1332/0x13f0 [ 917.301464][T24997] ? loop_remove+0xa0/0xa0 [ 917.305853][T24997] do_vfs_ioctl+0x744/0x1730 [ 917.310414][T24997] ? selinux_file_ioctl+0x723/0x970 [ 917.315581][T24997] ? ioctl_preallocate+0x250/0x250 [ 917.320661][T24997] ? __fget+0x40c/0x4a0 [ 917.324788][T24997] ? fget_many+0x20/0x20 17:08:16 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 48) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x300, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x1100, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2711, @local}, 0x10) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6, @remote}, 0x10) (async) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r1, 0x8004af70, &(0x7f0000000100)) 17:08:16 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x1200, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 917.329001][T24997] ? check_preemption_disabled+0x154/0x330 [ 917.334780][T24997] ? debug_smp_processor_id+0x20/0x20 [ 917.340121][T24997] ? security_file_ioctl+0x9d/0xb0 [ 917.345205][T24997] __x64_sys_ioctl+0xd4/0x110 [ 917.349854][T24997] do_syscall_64+0xcb/0x1c0 [ 917.354327][T24997] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 917.360188][T24997] ---[ end trace 03bf7d324617ae28 ]--- 17:08:16 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$packet(0x11, 0x1, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000009c67fc9531e028174e39fb5646f686ca6a6bbd68f1746f5d8366ad88628e0f3ea82b316c40e61857f0783caa93e3bd38da3071220859a3c5dd1874bdc249258a8358416c7cdd0eb7748acaf47a4accbab13558388235c066d757a0e2ed4337adeb2656674fca9380e13b1be64d2247132c23901b6c1929fccf6c2d148f363cbbd5aa4d", @ANYRES16=0x0, @ANYBLOB="000327bd7000fcdbdf251c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40090}, 0x48000) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x1300, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:16 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xa00, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x9, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'vlan1\x00'}) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000000c0)={r3, 0x0, {0x0, 0x0, 0x0, 0x7, 0xe8000000, 0x0, 0x12, 0x1f, 0xcae29906c09b866f, "1d65aa2a78709f736d2c859fb7362739358bfb96620f978753fd8d1dc4aabd9088c30387babbc450962ef821ed96803722d86c23be152602f178045ba017d4b0", "9ac4f172b2363dff4400427739de9f3e8dcd04520f9298adc14a2b7dca2c4b2a130f227a9f8afd85205c27e24493a90a2772e8f4139f5b5fa7c29836457cb2e9", "dbf3304fb957724ceda58b049834fb3421935af6ed5815d90dc3e95a8500", [0x1, 0x1]}}) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x1400, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 917.432988][T25029] FAULT_INJECTION: forcing a failure. [ 917.432988][T25029] name failslab, interval 1, probability 0, space 0, times 0 [ 917.447595][T25029] CPU: 0 PID: 25029 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 917.459221][T25029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 917.469251][T25029] Call Trace: [ 917.472524][T25029] dump_stack+0x1d8/0x241 [ 917.476834][T25029] ? panic+0x73e/0x73e [ 917.480873][T25029] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 917.486647][T25029] ? idr_alloc+0x2f0/0x2f0 [ 917.491034][T25029] should_fail+0x709/0x870 [ 917.495423][T25029] ? setup_fault_attr+0x3d0/0x3d0 [ 917.500416][T25029] ? mutex_lock+0xa6/0x110 [ 917.504803][T25029] ? mutex_trylock+0xa0/0xa0 [ 917.509360][T25029] ? __kernfs_new_node+0xdb/0x6d0 [ 917.514352][T25029] should_failslab+0x5/0x20 [ 917.518826][T25029] kmem_cache_alloc+0x24/0x210 [ 917.523663][T25029] __kernfs_new_node+0xdb/0x6d0 [ 917.528485][T25029] ? kernfs_activate+0x3fc/0x420 [ 917.533390][T25029] ? mutex_unlock+0x19/0x40 [ 917.537867][T25029] ? kernfs_new_node+0x160/0x160 [ 917.542784][T25029] ? kernfs_create_dir_ns+0x1df/0x220 [ 917.548124][T25029] ? sysfs_create_dir_ns+0x181/0x390 [ 917.553373][T25029] ? sysfs_create_dir_ns+0x1c7/0x390 [ 917.558627][T25029] kernfs_new_node+0x95/0x160 [ 917.563276][T25029] __kernfs_create_file+0x45/0x260 [ 917.568361][T25029] sysfs_add_file_mode_ns+0x292/0x340 [ 917.573743][T25029] sysfs_create_file_ns+0x191/0x2a0 [ 917.578920][T25029] ? sysfs_add_file_mode_ns+0x340/0x340 [ 917.584432][T25029] ? dev_fwnode+0x4c/0x80 [ 917.588731][T25029] ? device_create_file+0xe8/0x1b0 [ 917.593810][T25029] device_add+0x4c3/0xbc0 [ 917.598110][T25029] device_create_vargs+0x1b8/0x210 [ 917.603189][T25029] device_create+0xea/0x130 [ 917.607661][T25029] ? device_create_vargs+0x210/0x210 [ 917.612916][T25029] bdi_register_va+0x89/0x5e0 [ 917.617563][T25029] bdi_register+0xd1/0x120 [ 917.621950][T25029] ? __device_add_disk+0x539/0x1200 [ 917.627116][T25029] ? bdi_register_va+0x5e0/0x5e0 [ 917.632026][T25029] ? percpu_ref_resurrect+0x113/0x190 [ 917.637371][T25029] bdi_register_owner+0x56/0xf0 [ 917.642191][T25029] __device_add_disk+0x5b8/0x1200 [ 917.647187][T25029] ? device_add_disk+0x30/0x30 [ 917.651922][T25029] ? vsprintf+0x30/0x30 [ 917.656049][T25029] ? device_initialize+0x1c7/0x3d0 [ 917.661131][T25029] ? __alloc_disk_node+0x326/0x380 [ 917.666220][T25029] loop_add+0x554/0x710 [ 917.670355][T25029] loop_control_ioctl+0x564/0x740 [ 917.675353][T25029] ? loop_remove+0xa0/0xa0 [ 917.679749][T25029] ? __lru_cache_add+0x1bf/0x210 [ 917.684667][T25029] ? memset+0x1f/0x40 [ 917.688628][T25029] ? fsnotify+0x1332/0x13f0 [ 917.693102][T25029] ? loop_remove+0xa0/0xa0 [ 917.697489][T25029] do_vfs_ioctl+0x744/0x1730 [ 917.702056][T25029] ? selinux_file_ioctl+0x723/0x970 [ 917.707226][T25029] ? ioctl_preallocate+0x250/0x250 [ 917.712308][T25029] ? __fget+0x40c/0x4a0 [ 917.716435][T25029] ? fget_many+0x20/0x20 [ 917.720653][T25029] ? check_preemption_disabled+0x154/0x330 [ 917.726460][T25029] ? debug_smp_processor_id+0x20/0x20 [ 917.731803][T25029] ? security_file_ioctl+0x9d/0xb0 [ 917.736919][T25029] __x64_sys_ioctl+0xd4/0x110 [ 917.741567][T25029] do_syscall_64+0xcb/0x1c0 [ 917.746070][T25029] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 917.753863][T25029] ------------[ cut here ]------------ [ 917.759340][T25029] WARNING: CPU: 0 PID: 25029 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 917.768450][T25029] Modules linked in: [ 917.772329][T25029] CPU: 0 PID: 25029 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 917.784016][T25029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 917.794068][T25029] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 917.799853][T25029] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 917.819466][T25029] RSP: 0018:ffff8881f0b9fa00 EFLAGS: 00010246 [ 917.825503][T25029] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 917.833452][T25029] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 917.841391][T25029] RBP: ffff8881f0b9fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 917.849334][T25029] R10: ffffffff84800000 R11: 1ffff1103e173e00 R12: ffff8881eaf4b000 [ 917.857280][T25029] R13: dffffc0000000000 R14: ffff8881eaf4b070 R15: 1ffff1103d5e969d [ 917.865222][T25029] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 917.874118][T25029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 917.880671][T25029] CR2: 00007f98da1c4718 CR3: 00000001cea91000 CR4: 00000000003406f0 [ 917.888613][T25029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 917.896582][T25029] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 917.904521][T25029] Call Trace: [ 917.907790][T25029] ? device_add_disk+0x30/0x30 [ 917.912523][T25029] ? vsprintf+0x30/0x30 [ 917.916649][T25029] ? device_initialize+0x1c7/0x3d0 [ 917.921744][T25029] ? __alloc_disk_node+0x326/0x380 [ 917.926827][T25029] loop_add+0x554/0x710 [ 917.930955][T25029] loop_control_ioctl+0x564/0x740 [ 917.935951][T25029] ? loop_remove+0xa0/0xa0 [ 917.940338][T25029] ? __lru_cache_add+0x1bf/0x210 [ 917.945245][T25029] ? memset+0x1f/0x40 [ 917.949198][T25029] ? fsnotify+0x1332/0x13f0 [ 917.953673][T25029] ? loop_remove+0xa0/0xa0 [ 917.958062][T25029] do_vfs_ioctl+0x744/0x1730 [ 917.962624][T25029] ? selinux_file_ioctl+0x723/0x970 [ 917.967790][T25029] ? ioctl_preallocate+0x250/0x250 [ 917.972872][T25029] ? __fget+0x40c/0x4a0 [ 917.976998][T25029] ? fget_many+0x20/0x20 17:08:16 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 49) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:16 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) r1 = socket$packet(0x11, 0x1, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async, rerun: 64) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000009c67fc9531e028174e39fb5646f686ca6a6bbd68f1746f5d8366ad88628e0f3ea82b316c40e61857f0783caa93e3bd38da3071220859a3c5dd1874bdc249258a8358416c7cdd0eb7748acaf47a4accbab13558388235c066d757a0e2ed4337adeb2656674fca9380e13b1be64d2247132c23901b6c1929fccf6c2d148f363cbbd5aa4d", @ANYRES16=0x0, @ANYBLOB="000327bd7000fcdbdf251c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40090}, 0x48000) (rerun: 64) 17:08:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x9, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'vlan1\x00'}) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000000c0)={r3, 0x0, {0x0, 0x0, 0x0, 0x7, 0xe8000000, 0x0, 0x12, 0x1f, 0xcae29906c09b866f, "1d65aa2a78709f736d2c859fb7362739358bfb96620f978753fd8d1dc4aabd9088c30387babbc450962ef821ed96803722d86c23be152602f178045ba017d4b0", "9ac4f172b2363dff4400427739de9f3e8dcd04520f9298adc14a2b7dca2c4b2a130f227a9f8afd85205c27e24493a90a2772e8f4139f5b5fa7c29836457cb2e9", "dbf3304fb957724ceda58b049834fb3421935af6ed5815d90dc3e95a8500", [0x1, 0x1]}}) 17:08:16 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x2279, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x235e, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x4000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x9, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'vlan1\x00'}) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000000c0)={r3, 0x0, {0x0, 0x0, 0x0, 0x7, 0xe8000000, 0x0, 0x12, 0x1f, 0xcae29906c09b866f, "1d65aa2a78709f736d2c859fb7362739358bfb96620f978753fd8d1dc4aabd9088c30387babbc450962ef821ed96803722d86c23be152602f178045ba017d4b0", "9ac4f172b2363dff4400427739de9f3e8dcd04520f9298adc14a2b7dca2c4b2a130f227a9f8afd85205c27e24493a90a2772e8f4139f5b5fa7c29836457cb2e9", "dbf3304fb957724ceda58b049834fb3421935af6ed5815d90dc3e95a8500", [0x1, 0x1]}}) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x9, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'vlan1\x00'}) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000000c0)={r3, 0x0, {0x0, 0x0, 0x0, 0x7, 0xe8000000, 0x0, 0x12, 0x1f, 0xcae29906c09b866f, "1d65aa2a78709f736d2c859fb7362739358bfb96620f978753fd8d1dc4aabd9088c30387babbc450962ef821ed96803722d86c23be152602f178045ba017d4b0", "9ac4f172b2363dff4400427739de9f3e8dcd04520f9298adc14a2b7dca2c4b2a130f227a9f8afd85205c27e24493a90a2772e8f4139f5b5fa7c29836457cb2e9", "dbf3304fb957724ceda58b049834fb3421935af6ed5815d90dc3e95a8500", [0x1, 0x1]}}) (async) 17:08:16 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$packet(0x11, 0x1, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async, rerun: 64) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000009c67fc9531e028174e39fb5646f686ca6a6bbd68f1746f5d8366ad88628e0f3ea82b316c40e61857f0783caa93e3bd38da3071220859a3c5dd1874bdc249258a8358416c7cdd0eb7748acaf47a4accbab13558388235c066d757a0e2ed4337adeb2656674fca9380e13b1be64d2247132c23901b6c1929fccf6c2d148f363cbbd5aa4d", @ANYRES16=0x0, @ANYBLOB="000327bd7000fcdbdf251c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40090}, 0x48000) (rerun: 64) 17:08:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x4000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 917.981208][T25029] ? check_preemption_disabled+0x154/0x330 [ 917.986990][T25029] ? debug_smp_processor_id+0x20/0x20 [ 917.992341][T25029] ? security_file_ioctl+0x9d/0xb0 [ 917.997421][T25029] __x64_sys_ioctl+0xd4/0x110 [ 918.002068][T25029] do_syscall_64+0xcb/0x1c0 [ 918.006551][T25029] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 918.012417][T25029] ---[ end trace 03bf7d324617ae29 ]--- 17:08:16 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x7922, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 918.074663][T25063] FAULT_INJECTION: forcing a failure. [ 918.074663][T25063] name failslab, interval 1, probability 0, space 0, times 0 [ 918.087951][T25063] CPU: 0 PID: 25063 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 918.099572][T25063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 918.109604][T25063] Call Trace: [ 918.112882][T25063] dump_stack+0x1d8/0x241 [ 918.117194][T25063] ? panic+0x73e/0x73e [ 918.121232][T25063] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 918.127014][T25063] ? idr_alloc+0x2f0/0x2f0 [ 918.131400][T25063] should_fail+0x709/0x870 [ 918.135786][T25063] ? setup_fault_attr+0x3d0/0x3d0 [ 918.140783][T25063] ? mutex_lock+0xa6/0x110 [ 918.145169][T25063] ? mutex_trylock+0xa0/0xa0 [ 918.149727][T25063] ? __kernfs_new_node+0xdb/0x6d0 [ 918.154721][T25063] should_failslab+0x5/0x20 [ 918.159193][T25063] kmem_cache_alloc+0x24/0x210 [ 918.163933][T25063] __kernfs_new_node+0xdb/0x6d0 [ 918.168756][T25063] ? kernfs_activate+0x3fc/0x420 [ 918.173672][T25063] ? mutex_unlock+0x19/0x40 [ 918.178144][T25063] ? kernfs_new_node+0x160/0x160 [ 918.183052][T25063] ? kernfs_create_dir_ns+0x1df/0x220 [ 918.188390][T25063] ? sysfs_create_dir_ns+0x181/0x390 [ 918.193652][T25063] ? sysfs_create_dir_ns+0x1c7/0x390 [ 918.198907][T25063] kernfs_new_node+0x95/0x160 [ 918.203641][T25063] __kernfs_create_file+0x45/0x260 [ 918.208721][T25063] sysfs_add_file_mode_ns+0x292/0x340 [ 918.214064][T25063] sysfs_create_file_ns+0x191/0x2a0 [ 918.219257][T25063] ? sysfs_add_file_mode_ns+0x340/0x340 [ 918.224779][T25063] ? dev_fwnode+0x4c/0x80 [ 918.229076][T25063] ? device_create_file+0xe8/0x1b0 [ 918.234155][T25063] device_add+0x4c3/0xbc0 [ 918.238634][T25063] device_create_vargs+0x1b8/0x210 [ 918.243714][T25063] device_create+0xea/0x130 [ 918.248190][T25063] ? device_create_vargs+0x210/0x210 [ 918.253452][T25063] bdi_register_va+0x89/0x5e0 [ 918.258100][T25063] bdi_register+0xd1/0x120 [ 918.262485][T25063] ? __device_add_disk+0x539/0x1200 [ 918.267653][T25063] ? bdi_register_va+0x5e0/0x5e0 [ 918.272560][T25063] ? percpu_ref_resurrect+0x113/0x190 [ 918.277908][T25063] bdi_register_owner+0x56/0xf0 [ 918.282729][T25063] __device_add_disk+0x5b8/0x1200 [ 918.287725][T25063] ? device_add_disk+0x30/0x30 [ 918.292456][T25063] ? vsprintf+0x30/0x30 [ 918.296588][T25063] ? device_initialize+0x1c7/0x3d0 [ 918.301671][T25063] ? __alloc_disk_node+0x326/0x380 [ 918.306752][T25063] loop_add+0x554/0x710 [ 918.310878][T25063] loop_control_ioctl+0x564/0x740 [ 918.315871][T25063] ? loop_remove+0xa0/0xa0 [ 918.320264][T25063] ? __lru_cache_add+0x1bf/0x210 [ 918.325187][T25063] ? memset+0x1f/0x40 [ 918.329147][T25063] ? fsnotify+0x1332/0x13f0 [ 918.333624][T25063] ? loop_remove+0xa0/0xa0 [ 918.338012][T25063] do_vfs_ioctl+0x744/0x1730 [ 918.342573][T25063] ? selinux_file_ioctl+0x723/0x970 [ 918.347740][T25063] ? ioctl_preallocate+0x250/0x250 [ 918.352858][T25063] ? __fget+0x40c/0x4a0 [ 918.356984][T25063] ? fget_many+0x20/0x20 [ 918.361198][T25063] ? check_preemption_disabled+0x154/0x330 [ 918.366970][T25063] ? debug_smp_processor_id+0x20/0x20 [ 918.372309][T25063] ? security_file_ioctl+0x9d/0xb0 [ 918.377389][T25063] __x64_sys_ioctl+0xd4/0x110 [ 918.382035][T25063] do_syscall_64+0xcb/0x1c0 [ 918.386511][T25063] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 918.396557][T25063] ------------[ cut here ]------------ [ 918.402018][T25063] WARNING: CPU: 1 PID: 25063 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 918.411085][T25063] Modules linked in: [ 918.414953][T25063] CPU: 1 PID: 25063 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 918.426546][T25063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 918.436581][T25063] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 918.442355][T25063] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 918.462015][T25063] RSP: 0018:ffff8881e3417a00 EFLAGS: 00010246 [ 918.468050][T25063] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 918.475990][T25063] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 918.483945][T25063] RBP: ffff8881e3417b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 918.491888][T25063] R10: ffffffff84800000 R11: 1ffff1103c682e00 R12: ffff8881eddbf000 [ 918.499833][T25063] R13: dffffc0000000000 R14: ffff8881eddbf070 R15: 1ffff1103dbb7e9d [ 918.507787][T25063] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 918.516688][T25063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 918.523243][T25063] CR2: 0000000000000000 CR3: 00000001f0526000 CR4: 00000000003406e0 [ 918.531196][T25063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 918.539144][T25063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 918.547083][T25063] Call Trace: [ 918.550350][T25063] ? device_add_disk+0x30/0x30 [ 918.555082][T25063] ? vsprintf+0x30/0x30 [ 918.559210][T25063] ? device_initialize+0x1c7/0x3d0 [ 918.564292][T25063] ? __alloc_disk_node+0x326/0x380 [ 918.569488][T25063] loop_add+0x554/0x710 [ 918.573625][T25063] loop_control_ioctl+0x564/0x740 [ 918.578627][T25063] ? loop_remove+0xa0/0xa0 [ 918.583016][T25063] ? __lru_cache_add+0x1bf/0x210 [ 918.588022][T25063] ? memset+0x1f/0x40 [ 918.591978][T25063] ? fsnotify+0x1332/0x13f0 [ 918.596449][T25063] ? loop_remove+0xa0/0xa0 [ 918.600837][T25063] do_vfs_ioctl+0x744/0x1730 [ 918.605403][T25063] ? selinux_file_ioctl+0x723/0x970 [ 918.610578][T25063] ? ioctl_preallocate+0x250/0x250 [ 918.615659][T25063] ? __fget+0x40c/0x4a0 [ 918.619805][T25063] ? fget_many+0x20/0x20 17:08:17 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 50) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x800) getsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f00000000c0)=""/230, &(0x7f00000001c0)=0xe6) 17:08:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x5e23, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:17 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x38000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x800) getsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f00000000c0)=""/230, &(0x7f00000001c0)=0xe6) 17:08:17 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) [ 918.624020][T25063] ? check_preemption_disabled+0x154/0x330 [ 918.629792][T25063] ? debug_smp_processor_id+0x20/0x20 [ 918.635134][T25063] ? security_file_ioctl+0x9d/0xb0 [ 918.640214][T25063] __x64_sys_ioctl+0xd4/0x110 [ 918.644861][T25063] do_syscall_64+0xcb/0x1c0 [ 918.649338][T25063] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 918.655200][T25063] ---[ end trace 03bf7d324617ae2a ]--- 17:08:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x38000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x800) getsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f00000000c0)=""/230, &(0x7f00000001c0)=0xe6) 17:08:17 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x800300, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:17 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1f, 0x7, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp_prespec={0x44, 0x1c, 0x63, 0x3, 0x1, [{@remote, 0xffffffe1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@rand_addr=0x64010102, 0x6}]}]}}}}}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x421d}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4080}, 0x40000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) 17:08:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x800300, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 918.724161][T25090] FAULT_INJECTION: forcing a failure. [ 918.724161][T25090] name failslab, interval 1, probability 0, space 0, times 0 [ 918.738461][T25090] CPU: 0 PID: 25090 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 918.750087][T25090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 918.760119][T25090] Call Trace: [ 918.763388][T25090] dump_stack+0x1d8/0x241 [ 918.767692][T25090] ? panic+0x73e/0x73e [ 918.771735][T25090] ? idr_get_free+0x6a3/0x840 [ 918.776381][T25090] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 918.782160][T25090] ? mutex_unlock+0x19/0x40 [ 918.786640][T25090] ? kernfs_xattr_get+0x81/0x90 [ 918.791460][T25090] should_fail+0x709/0x870 [ 918.795849][T25090] ? setup_fault_attr+0x3d0/0x3d0 [ 918.800841][T25090] ? idr_alloc+0x2f0/0x2f0 [ 918.805226][T25090] ? __kernfs_new_node+0x99/0x6d0 [ 918.810214][T25090] should_failslab+0x5/0x20 [ 918.814686][T25090] __kmalloc_track_caller+0x4f/0x280 [ 918.819952][T25090] kstrdup_const+0x51/0x90 [ 918.824345][T25090] __kernfs_new_node+0x99/0x6d0 [ 918.829172][T25090] ? mutex_lock+0xa6/0x110 [ 918.833560][T25090] ? kernfs_new_node+0x160/0x160 [ 918.838471][T25090] kernfs_new_node+0x95/0x160 [ 918.843131][T25090] kernfs_create_link+0x9c/0x1f0 [ 918.848046][T25090] sysfs_do_create_link_sd+0x85/0x100 [ 918.853393][T25090] device_add_class_symlinks+0x211/0x2a0 [ 918.859000][T25090] device_add+0x4e4/0xbc0 [ 918.863312][T25090] device_create_vargs+0x1b8/0x210 [ 918.868404][T25090] device_create+0xea/0x130 [ 918.872880][T25090] ? device_create_vargs+0x210/0x210 [ 918.878135][T25090] bdi_register_va+0x89/0x5e0 [ 918.882783][T25090] bdi_register+0xd1/0x120 [ 918.887171][T25090] ? __device_add_disk+0x539/0x1200 [ 918.892336][T25090] ? bdi_register_va+0x5e0/0x5e0 [ 918.897243][T25090] ? percpu_ref_resurrect+0x113/0x190 [ 918.902590][T25090] bdi_register_owner+0x56/0xf0 [ 918.907421][T25090] __device_add_disk+0x5b8/0x1200 [ 918.912426][T25090] ? device_add_disk+0x30/0x30 [ 918.917167][T25090] ? vsprintf+0x30/0x30 [ 918.921295][T25090] ? device_initialize+0x1c7/0x3d0 [ 918.926379][T25090] ? __alloc_disk_node+0x326/0x380 [ 918.931461][T25090] loop_add+0x554/0x710 [ 918.935592][T25090] loop_control_ioctl+0x564/0x740 [ 918.940588][T25090] ? loop_remove+0xa0/0xa0 [ 918.944973][T25090] ? __lru_cache_add+0x1bf/0x210 [ 918.949883][T25090] ? memset+0x1f/0x40 [ 918.953836][T25090] ? fsnotify+0x1332/0x13f0 [ 918.958315][T25090] ? loop_remove+0xa0/0xa0 [ 918.962700][T25090] do_vfs_ioctl+0x744/0x1730 [ 918.967260][T25090] ? selinux_file_ioctl+0x723/0x970 17:08:17 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async, rerun: 64) socket$packet(0x11, 0x2, 0x300) [ 918.972438][T25090] ? ioctl_preallocate+0x250/0x250 [ 918.977530][T25090] ? __fget+0x40c/0x4a0 [ 918.981659][T25090] ? fget_many+0x20/0x20 [ 918.985870][T25090] ? check_preemption_disabled+0x154/0x330 [ 918.991647][T25090] ? debug_smp_processor_id+0x20/0x20 [ 918.996989][T25090] ? security_file_ioctl+0x9d/0xb0 [ 919.002071][T25090] __x64_sys_ioctl+0xd4/0x110 [ 919.006719][T25090] do_syscall_64+0xcb/0x1c0 [ 919.011194][T25090] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 919.019465][T25090] ------------[ cut here ]------------ [ 919.024942][T25090] WARNING: CPU: 0 PID: 25090 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 919.034022][T25090] Modules linked in: [ 919.037902][T25090] CPU: 0 PID: 25090 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 919.049489][T25090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 919.059524][T25090] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 919.065301][T25090] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 919.084875][T25090] RSP: 0018:ffff8881e221fa00 EFLAGS: 00010246 [ 919.090915][T25090] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 919.098859][T25090] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 919.106801][T25090] RBP: ffff8881e221fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 919.114745][T25090] R10: ffffffff84800000 R11: 1ffff1103c443e00 R12: ffff8881f0d1b000 [ 919.122685][T25090] R13: dffffc0000000000 R14: ffff8881f0d1b070 R15: 1ffff1103e1a369d [ 919.130627][T25090] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 919.139525][T25090] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 919.146078][T25090] CR2: 00007eff620bb988 CR3: 00000001f0526000 CR4: 00000000003406f0 [ 919.154026][T25090] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 919.161970][T25090] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 919.169907][T25090] Call Trace: [ 919.173173][T25090] ? device_add_disk+0x30/0x30 [ 919.177912][T25090] ? vsprintf+0x30/0x30 [ 919.182040][T25090] ? device_initialize+0x1c7/0x3d0 [ 919.187121][T25090] ? __alloc_disk_node+0x326/0x380 [ 919.192200][T25090] loop_add+0x554/0x710 [ 919.196330][T25090] loop_control_ioctl+0x564/0x740 [ 919.201324][T25090] ? loop_remove+0xa0/0xa0 [ 919.205712][T25090] ? __lru_cache_add+0x1bf/0x210 [ 919.210621][T25090] ? memset+0x1f/0x40 [ 919.214574][T25090] ? fsnotify+0x1332/0x13f0 [ 919.219046][T25090] ? loop_remove+0xa0/0xa0 [ 919.223440][T25090] do_vfs_ioctl+0x744/0x1730 [ 919.228001][T25090] ? selinux_file_ioctl+0x723/0x970 [ 919.233167][T25090] ? ioctl_preallocate+0x250/0x250 [ 919.238251][T25090] ? __fget+0x40c/0x4a0 [ 919.242379][T25090] ? fget_many+0x20/0x20 [ 919.246591][T25090] ? check_preemption_disabled+0x154/0x330 [ 919.252365][T25090] ? debug_smp_processor_id+0x20/0x20 [ 919.257707][T25090] ? security_file_ioctl+0x9d/0xb0 [ 919.262787][T25090] __x64_sys_ioctl+0xd4/0x110 [ 919.267434][T25090] do_syscall_64+0xcb/0x1c0 17:08:17 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 51) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1}, 0x4) 17:08:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x1000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:17 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1f, 0x7, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp_prespec={0x44, 0x1c, 0x63, 0x3, 0x1, [{@remote, 0xffffffe1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@rand_addr=0x64010102, 0x6}]}]}}}}}) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x421d}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4080}, 0x40000000) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) 17:08:17 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x1000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x2000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1}, 0x4) 17:08:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$packet(0x11, 0x2, 0x300) (async) [ 919.271909][T25090] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 919.277770][T25090] ---[ end trace 03bf7d324617ae2b ]--- 17:08:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x3000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:18 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x2000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x8000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:18 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x3000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 919.356664][T25127] FAULT_INJECTION: forcing a failure. [ 919.356664][T25127] name failslab, interval 1, probability 0, space 0, times 0 [ 919.370988][T25127] CPU: 0 PID: 25127 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 919.382612][T25127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 919.392651][T25127] Call Trace: [ 919.395935][T25127] dump_stack+0x1d8/0x241 [ 919.400239][T25127] ? panic+0x73e/0x73e [ 919.404285][T25127] ? idr_get_free+0x6a3/0x840 [ 919.408939][T25127] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 919.414716][T25127] ? mutex_unlock+0x19/0x40 [ 919.419192][T25127] ? kernfs_xattr_get+0x81/0x90 [ 919.424012][T25127] should_fail+0x709/0x870 [ 919.428401][T25127] ? setup_fault_attr+0x3d0/0x3d0 [ 919.433393][T25127] ? idr_alloc+0x2f0/0x2f0 [ 919.437780][T25127] ? __kernfs_new_node+0x99/0x6d0 [ 919.442772][T25127] should_failslab+0x5/0x20 [ 919.447256][T25127] __kmalloc_track_caller+0x4f/0x280 [ 919.452511][T25127] kstrdup_const+0x51/0x90 [ 919.456902][T25127] __kernfs_new_node+0x99/0x6d0 [ 919.461725][T25127] ? mutex_lock+0xa6/0x110 [ 919.466114][T25127] ? kernfs_new_node+0x160/0x160 [ 919.471038][T25127] kernfs_new_node+0x95/0x160 [ 919.475689][T25127] kernfs_create_link+0x9c/0x1f0 [ 919.480598][T25127] sysfs_do_create_link_sd+0x85/0x100 [ 919.485940][T25127] device_add_class_symlinks+0x211/0x2a0 [ 919.491544][T25127] device_add+0x4e4/0xbc0 [ 919.495845][T25127] device_create_vargs+0x1b8/0x210 [ 919.500927][T25127] device_create+0xea/0x130 [ 919.505431][T25127] ? device_create_vargs+0x210/0x210 [ 919.510686][T25127] bdi_register_va+0x89/0x5e0 [ 919.515333][T25127] bdi_register+0xd1/0x120 [ 919.519720][T25127] ? __device_add_disk+0x539/0x1200 [ 919.524890][T25127] ? bdi_register_va+0x5e0/0x5e0 [ 919.529795][T25127] ? percpu_ref_resurrect+0x113/0x190 [ 919.535137][T25127] bdi_register_owner+0x56/0xf0 [ 919.539958][T25127] __device_add_disk+0x5b8/0x1200 [ 919.544952][T25127] ? device_add_disk+0x30/0x30 [ 919.549682][T25127] ? vsprintf+0x30/0x30 [ 919.553807][T25127] ? device_initialize+0x1c7/0x3d0 [ 919.558900][T25127] ? __alloc_disk_node+0x326/0x380 [ 919.563981][T25127] loop_add+0x554/0x710 [ 919.568124][T25127] loop_control_ioctl+0x564/0x740 [ 919.573142][T25127] ? loop_remove+0xa0/0xa0 [ 919.577552][T25127] ? __lru_cache_add+0x1bf/0x210 [ 919.582461][T25127] ? memset+0x1f/0x40 [ 919.586417][T25127] ? fsnotify+0x1332/0x13f0 [ 919.590891][T25127] ? loop_remove+0xa0/0xa0 [ 919.595276][T25127] do_vfs_ioctl+0x744/0x1730 [ 919.599834][T25127] ? selinux_file_ioctl+0x723/0x970 [ 919.605003][T25127] ? ioctl_preallocate+0x250/0x250 [ 919.610084][T25127] ? __fget+0x40c/0x4a0 [ 919.614207][T25127] ? fget_many+0x20/0x20 [ 919.618420][T25127] ? check_preemption_disabled+0x154/0x330 [ 919.624194][T25127] ? debug_smp_processor_id+0x20/0x20 [ 919.629538][T25127] ? security_file_ioctl+0x9d/0xb0 [ 919.634619][T25127] __x64_sys_ioctl+0xd4/0x110 [ 919.639265][T25127] do_syscall_64+0xcb/0x1c0 [ 919.643740][T25127] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 919.651406][T25127] ------------[ cut here ]------------ [ 919.656868][T25127] WARNING: CPU: 0 PID: 25127 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 919.665937][T25127] Modules linked in: [ 919.669806][T25127] CPU: 0 PID: 25127 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 919.681391][T25127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 919.691425][T25127] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 919.697217][T25127] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 919.716793][T25127] RSP: 0018:ffff8881e221fa00 EFLAGS: 00010246 [ 919.722827][T25127] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 919.730769][T25127] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 919.738713][T25127] RBP: ffff8881e221fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 919.746654][T25127] R10: ffffffff84800000 R11: 1ffff1103c443e00 R12: ffff8881cf78d000 [ 919.754596][T25127] R13: dffffc0000000000 R14: ffff8881cf78d070 R15: 1ffff11039ef1a9d [ 919.762546][T25127] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 919.771442][T25127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 919.777996][T25127] CR2: 0000000000000000 CR3: 00000001d0b48000 CR4: 00000000003406f0 [ 919.785940][T25127] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 919.793882][T25127] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 919.801819][T25127] Call Trace: [ 919.805085][T25127] ? device_add_disk+0x30/0x30 [ 919.809815][T25127] ? vsprintf+0x30/0x30 [ 919.813940][T25127] ? device_initialize+0x1c7/0x3d0 [ 919.819020][T25127] ? __alloc_disk_node+0x326/0x380 [ 919.824099][T25127] loop_add+0x554/0x710 [ 919.828227][T25127] loop_control_ioctl+0x564/0x740 [ 919.833224][T25127] ? loop_remove+0xa0/0xa0 [ 919.837610][T25127] ? __lru_cache_add+0x1bf/0x210 [ 919.842536][T25127] ? memset+0x1f/0x40 [ 919.846510][T25127] ? fsnotify+0x1332/0x13f0 [ 919.850999][T25127] ? loop_remove+0xa0/0xa0 [ 919.855389][T25127] do_vfs_ioctl+0x744/0x1730 [ 919.859949][T25127] ? selinux_file_ioctl+0x723/0x970 [ 919.865114][T25127] ? ioctl_preallocate+0x250/0x250 [ 919.870192][T25127] ? __fget+0x40c/0x4a0 [ 919.874316][T25127] ? fget_many+0x20/0x20 [ 919.878534][T25127] ? check_preemption_disabled+0x154/0x330 [ 919.884309][T25127] ? debug_smp_processor_id+0x20/0x20 [ 919.889648][T25127] ? security_file_ioctl+0x9d/0xb0 [ 919.894727][T25127] __x64_sys_ioctl+0xd4/0x110 [ 919.899376][T25127] do_syscall_64+0xcb/0x1c0 17:08:18 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 52) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:18 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1f, 0x7, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp_prespec={0x44, 0x1c, 0x63, 0x3, 0x1, [{@remote, 0xffffffe1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@rand_addr=0x64010102, 0x6}]}]}}}}}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x421d}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4080}, 0x40000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f00000002c0)={'tunl0\x00', r4, 0x40, 0x80, 0x1f, 0x7, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp_prespec={0x44, 0x1c, 0x63, 0x3, 0x1, [{@remote, 0xffffffe1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@rand_addr=0x64010102, 0x6}]}]}}}}}) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x421d}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4080}, 0x40000000) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) (async) 17:08:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x3, 0x80000000, 0x3e66, 0xa16}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) 17:08:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1}, 0x4) 17:08:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xa000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:18 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x4000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x3, 0x80000000, 0x3e66, 0xa16}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x3, 0x80000000, 0x3e66, 0xa16}, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) (async) 17:08:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x9, 0x9fba, 0x31, 0x7ff}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) r2 = accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14, 0x0) recvfrom$packet(r2, &(0x7f0000000180)=""/78, 0x4e, 0x2000, 0x0, 0x0) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_VDPA_GET_DEVICE_ID(r3, 0x8004af70, &(0x7f0000000200)) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14, 0x80000) 17:08:18 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x70000, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x1, r1}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x9, 0x9fba, 0x31, 0x7ff}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) r2 = accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14, 0x0) recvfrom$packet(r2, &(0x7f0000000180)=""/78, 0x4e, 0x2000, 0x0, 0x0) (async) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$VHOST_VDPA_GET_DEVICE_ID(r3, 0x8004af70, &(0x7f0000000200)) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14, 0x80000) [ 919.903851][T25127] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 919.909713][T25127] ---[ end trace 03bf7d324617ae2c ]--- [ 919.974267][T25159] FAULT_INJECTION: forcing a failure. [ 919.974267][T25159] name failslab, interval 1, probability 0, space 0, times 0 [ 919.987452][T25159] CPU: 1 PID: 25159 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 919.999067][T25159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 920.009108][T25159] Call Trace: [ 920.012393][T25159] dump_stack+0x1d8/0x241 [ 920.016733][T25159] ? panic+0x73e/0x73e 17:08:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x40000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:18 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x5000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 920.020800][T25159] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 920.026599][T25159] should_fail+0x709/0x870 [ 920.031008][T25159] ? setup_fault_attr+0x3d0/0x3d0 [ 920.036033][T25159] ? __kernfs_new_node+0xdb/0x6d0 [ 920.041050][T25159] should_failslab+0x5/0x20 [ 920.045543][T25159] kmem_cache_alloc+0x24/0x210 [ 920.050281][T25159] __kernfs_new_node+0xdb/0x6d0 [ 920.055103][T25159] ? mutex_lock+0xa6/0x110 [ 920.059490][T25159] ? kernfs_new_node+0x160/0x160 [ 920.064397][T25159] kernfs_new_node+0x95/0x160 [ 920.069043][T25159] kernfs_create_link+0x9c/0x1f0 [ 920.074735][T25159] sysfs_do_create_link_sd+0x85/0x100 [ 920.080078][T25159] device_add_class_symlinks+0x211/0x2a0 [ 920.085682][T25159] device_add+0x4e4/0xbc0 [ 920.089985][T25159] device_create_vargs+0x1b8/0x210 [ 920.095071][T25159] device_create+0xea/0x130 [ 920.099557][T25159] ? device_create_vargs+0x210/0x210 [ 920.104816][T25159] bdi_register_va+0x89/0x5e0 [ 920.109467][T25159] bdi_register+0xd1/0x120 [ 920.113867][T25159] ? __device_add_disk+0x539/0x1200 [ 920.119041][T25159] ? bdi_register_va+0x5e0/0x5e0 [ 920.123970][T25159] ? percpu_ref_resurrect+0x113/0x190 [ 920.129419][T25159] bdi_register_owner+0x56/0xf0 [ 920.134246][T25159] __device_add_disk+0x5b8/0x1200 [ 920.139251][T25159] ? device_add_disk+0x30/0x30 [ 920.143990][T25159] ? vsprintf+0x30/0x30 [ 920.148121][T25159] ? device_initialize+0x1c7/0x3d0 [ 920.153204][T25159] ? __alloc_disk_node+0x326/0x380 [ 920.158291][T25159] loop_add+0x554/0x710 [ 920.162421][T25159] loop_control_ioctl+0x564/0x740 [ 920.167423][T25159] ? loop_remove+0xa0/0xa0 [ 920.171810][T25159] ? __lru_cache_add+0x1bf/0x210 [ 920.176723][T25159] ? memset+0x1f/0x40 [ 920.180685][T25159] ? fsnotify+0x1332/0x13f0 [ 920.185159][T25159] ? loop_remove+0xa0/0xa0 [ 920.189550][T25159] do_vfs_ioctl+0x744/0x1730 [ 920.194114][T25159] ? selinux_file_ioctl+0x723/0x970 [ 920.199284][T25159] ? ioctl_preallocate+0x250/0x250 [ 920.204367][T25159] ? __fget+0x40c/0x4a0 [ 920.208500][T25159] ? fget_many+0x20/0x20 [ 920.212724][T25159] ? check_preemption_disabled+0x154/0x330 [ 920.218532][T25159] ? debug_smp_processor_id+0x20/0x20 [ 920.223881][T25159] ? security_file_ioctl+0x9d/0xb0 [ 920.228975][T25159] __x64_sys_ioctl+0xd4/0x110 [ 920.233634][T25159] do_syscall_64+0xcb/0x1c0 [ 920.238113][T25159] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 920.249849][T25159] ------------[ cut here ]------------ [ 920.255327][T25159] WARNING: CPU: 0 PID: 25159 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 920.264397][T25159] Modules linked in: [ 920.268268][T25159] CPU: 0 PID: 25159 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 920.279856][T25159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 920.290001][T25159] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 920.295778][T25159] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 920.315386][T25159] RSP: 0018:ffff8881e8897a00 EFLAGS: 00010246 [ 920.321424][T25159] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 920.329369][T25159] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 920.337311][T25159] RBP: ffff8881e8897b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 920.345251][T25159] R10: ffffffff84800000 R11: 1ffff1103d112e00 R12: ffff8881cfccd000 [ 920.353371][T25159] R13: dffffc0000000000 R14: ffff8881cfccd070 R15: 1ffff11039f99a9d [ 920.361322][T25159] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 920.370224][T25159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 920.376777][T25159] CR2: 0000000000000000 CR3: 00000001e9892000 CR4: 00000000003406f0 [ 920.384729][T25159] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 920.392673][T25159] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 920.400612][T25159] Call Trace: [ 920.403882][T25159] ? device_add_disk+0x30/0x30 [ 920.408615][T25159] ? vsprintf+0x30/0x30 [ 920.412770][T25159] ? device_initialize+0x1c7/0x3d0 [ 920.417852][T25159] ? __alloc_disk_node+0x326/0x380 [ 920.422942][T25159] loop_add+0x554/0x710 [ 920.427156][T25159] loop_control_ioctl+0x564/0x740 [ 920.432150][T25159] ? loop_remove+0xa0/0xa0 [ 920.436540][T25159] ? __lru_cache_add+0x1bf/0x210 [ 920.441448][T25159] ? memset+0x1f/0x40 [ 920.445402][T25159] ? fsnotify+0x1332/0x13f0 [ 920.449874][T25159] ? loop_remove+0xa0/0xa0 [ 920.454260][T25159] do_vfs_ioctl+0x744/0x1730 [ 920.458820][T25159] ? selinux_file_ioctl+0x723/0x970 [ 920.463987][T25159] ? ioctl_preallocate+0x250/0x250 [ 920.469068][T25159] ? __fget+0x40c/0x4a0 17:08:19 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 53) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x9, 0x9fba, 0x31, 0x7ff}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) r2 = accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14, 0x0) recvfrom$packet(r2, &(0x7f0000000180)=""/78, 0x4e, 0x2000, 0x0, 0x0) (async) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_VDPA_GET_DEVICE_ID(r3, 0x8004af70, &(0x7f0000000200)) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14, 0x80000) 17:08:19 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x70000, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x1, r1}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:19 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x3, 0x80000000, 0x3e66, 0xa16}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) 17:08:19 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x6000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x5e230000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:19 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x8000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 920.473201][T25159] ? fget_many+0x20/0x20 [ 920.477418][T25159] ? check_preemption_disabled+0x154/0x330 [ 920.483196][T25159] ? debug_smp_processor_id+0x20/0x20 [ 920.488537][T25159] ? security_file_ioctl+0x9d/0xb0 [ 920.493621][T25159] __x64_sys_ioctl+0xd4/0x110 [ 920.498267][T25159] do_syscall_64+0xcb/0x1c0 [ 920.502771][T25159] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 920.508634][T25159] ---[ end trace 03bf7d324617ae2d ]--- 17:08:19 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x70000, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x1, r1}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x70000, 0x0) (async) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x1, r1}) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x9effffff, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) getsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000040)=""/176, &(0x7f0000000100)=0xb0) 17:08:19 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = gettid() getpgid(r2) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, 0x0, 0x0, 0x70bd25, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0x80}, 0x1, 0x0, 0x0, 0x84}, 0x4020) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x0) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x7a5, 0x3c2d0d54, 0x8, 0x7}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) getsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000040)=""/176, &(0x7f0000000100)=0xb0) [ 920.586308][T25218] FAULT_INJECTION: forcing a failure. [ 920.586308][T25218] name failslab, interval 1, probability 0, space 0, times 0 [ 920.601131][T25218] CPU: 1 PID: 25218 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 920.612765][T25218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 920.622802][T25218] Call Trace: [ 920.626074][T25218] dump_stack+0x1d8/0x241 [ 920.630467][T25218] ? panic+0x73e/0x73e [ 920.634531][T25218] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 920.640329][T25218] ? mutex_lock+0xa6/0x110 [ 920.644722][T25218] should_fail+0x709/0x870 [ 920.649122][T25218] ? kstrdup_const+0x51/0x90 [ 920.653686][T25218] ? setup_fault_attr+0x3d0/0x3d0 [ 920.658699][T25218] ? mutex_lock+0xa6/0x110 [ 920.663095][T25218] ? mutex_trylock+0xa0/0xa0 [ 920.667670][T25218] ? __kernfs_new_node+0xdb/0x6d0 [ 920.672683][T25218] should_failslab+0x5/0x20 [ 920.677170][T25218] kmem_cache_alloc+0x24/0x210 [ 920.681913][T25218] __kernfs_new_node+0xdb/0x6d0 [ 920.686745][T25218] ? idr_alloc_cyclic+0x36e/0x5e0 [ 920.691744][T25218] ? kernfs_new_node+0x160/0x160 [ 920.696661][T25218] ? selinux_path_notify+0x6c0/0x6c0 [ 920.701921][T25218] ? idr_alloc+0x2f0/0x2f0 [ 920.706310][T25218] ? _raw_spin_lock+0xa3/0x1b0 [ 920.711043][T25218] kernfs_new_node+0x95/0x160 [ 920.715788][T25218] __kernfs_create_file+0x45/0x260 [ 920.720868][T25218] sysfs_add_file_mode_ns+0x292/0x340 [ 920.726209][T25218] internal_create_group+0x55e/0xf50 [ 920.731464][T25218] ? mutex_unlock+0x19/0x40 [ 920.735936][T25218] ? sysfs_create_group+0x20/0x20 [ 920.740930][T25218] sysfs_create_groups+0x5d/0x130 [ 920.745926][T25218] device_add_attrs+0x87/0x370 [ 920.750660][T25218] device_add+0x505/0xbc0 [ 920.754960][T25218] device_create_vargs+0x1b8/0x210 [ 920.760091][T25218] device_create+0xea/0x130 [ 920.764566][T25218] ? device_create_vargs+0x210/0x210 [ 920.769856][T25218] bdi_register_va+0x89/0x5e0 [ 920.774597][T25218] bdi_register+0xd1/0x120 [ 920.778987][T25218] ? __device_add_disk+0x539/0x1200 [ 920.784156][T25218] ? bdi_register_va+0x5e0/0x5e0 [ 920.789063][T25218] ? percpu_ref_resurrect+0x113/0x190 [ 920.794408][T25218] bdi_register_owner+0x56/0xf0 [ 920.799231][T25218] __device_add_disk+0x5b8/0x1200 [ 920.804241][T25218] ? device_add_disk+0x30/0x30 [ 920.808991][T25218] ? vsprintf+0x30/0x30 [ 920.813123][T25218] ? device_initialize+0x1c7/0x3d0 [ 920.818210][T25218] ? __alloc_disk_node+0x326/0x380 [ 920.823293][T25218] loop_add+0x554/0x710 [ 920.827511][T25218] loop_control_ioctl+0x564/0x740 [ 920.832512][T25218] ? loop_remove+0xa0/0xa0 [ 920.836899][T25218] ? __lru_cache_add+0x1bf/0x210 [ 920.841806][T25218] ? memset+0x1f/0x40 [ 920.845759][T25218] ? fsnotify+0x1332/0x13f0 [ 920.850319][T25218] ? loop_remove+0xa0/0xa0 [ 920.854708][T25218] do_vfs_ioctl+0x744/0x1730 [ 920.859275][T25218] ? selinux_file_ioctl+0x723/0x970 [ 920.864445][T25218] ? ioctl_preallocate+0x250/0x250 [ 920.869527][T25218] ? __fget+0x40c/0x4a0 [ 920.873652][T25218] ? fget_many+0x20/0x20 [ 920.877871][T25218] ? check_preemption_disabled+0x154/0x330 [ 920.883735][T25218] ? debug_smp_processor_id+0x20/0x20 [ 920.889078][T25218] ? security_file_ioctl+0x9d/0xb0 [ 920.894159][T25218] __x64_sys_ioctl+0xd4/0x110 [ 920.898808][T25218] do_syscall_64+0xcb/0x1c0 [ 920.903283][T25218] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 920.910307][T25218] ------------[ cut here ]------------ [ 920.915774][T25218] WARNING: CPU: 1 PID: 25218 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 920.924847][T25218] Modules linked in: [ 920.928722][T25218] CPU: 1 PID: 25218 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 920.940310][T25218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 920.950344][T25218] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 920.956119][T25218] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 920.975695][T25218] RSP: 0018:ffff8881ec817a00 EFLAGS: 00010246 [ 920.981747][T25218] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 920.989689][T25218] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 920.997636][T25218] RBP: ffff8881ec817b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 921.005581][T25218] R10: ffffffff84800000 R11: 1ffff1103d902e00 R12: ffff8881d0031000 [ 921.013524][T25218] R13: dffffc0000000000 R14: ffff8881d0031070 R15: 1ffff1103a00629d [ 921.021467][T25218] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 921.030366][T25218] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 921.036922][T25218] CR2: 0000555556198728 CR3: 00000001eb330000 CR4: 00000000003406e0 [ 921.044867][T25218] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 921.052808][T25218] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 921.060750][T25218] Call Trace: [ 921.064017][T25218] ? device_add_disk+0x30/0x30 [ 921.068749][T25218] ? vsprintf+0x30/0x30 [ 921.072875][T25218] ? device_initialize+0x1c7/0x3d0 [ 921.078131][T25218] ? __alloc_disk_node+0x326/0x380 [ 921.083228][T25218] loop_add+0x554/0x710 [ 921.087356][T25218] loop_control_ioctl+0x564/0x740 [ 921.092355][T25218] ? loop_remove+0xa0/0xa0 [ 921.096744][T25218] ? __lru_cache_add+0x1bf/0x210 [ 921.101652][T25218] ? memset+0x1f/0x40 [ 921.105610][T25218] ? fsnotify+0x1332/0x13f0 [ 921.110085][T25218] ? loop_remove+0xa0/0xa0 [ 921.114472][T25218] do_vfs_ioctl+0x744/0x1730 [ 921.119034][T25218] ? selinux_file_ioctl+0x723/0x970 [ 921.124201][T25218] ? ioctl_preallocate+0x250/0x250 [ 921.129282][T25218] ? __fget+0x40c/0x4a0 [ 921.133410][T25218] ? fget_many+0x20/0x20 17:08:19 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 54) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) (async, rerun: 64) r1 = socket$packet(0x11, 0x2, 0x300) (rerun: 64) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) getsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000040)=""/176, &(0x7f0000000100)=0xb0) 17:08:19 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x9000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:19 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req3={0x1, 0x5, 0x6, 0x2, 0x3, 0xf3d0, 0x8}, 0x1c) 17:08:19 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 64) r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) r2 = gettid() getpgid(r2) (async) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, 0x0, 0x0, 0x70bd25, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0x80}, 0x1, 0x0, 0x0, 0x84}, 0x4020) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) (async) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async, rerun: 64) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x0) (rerun: 64) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x7a5, 0x3c2d0d54, 0x8, 0x7}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xeaffffff, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:19 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xa000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 921.137630][T25218] ? check_preemption_disabled+0x154/0x330 [ 921.143405][T25218] ? debug_smp_processor_id+0x20/0x20 [ 921.148747][T25218] ? security_file_ioctl+0x9d/0xb0 [ 921.153829][T25218] __x64_sys_ioctl+0xd4/0x110 [ 921.158479][T25218] do_syscall_64+0xcb/0x1c0 [ 921.162958][T25218] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 921.168820][T25218] ---[ end trace 03bf7d324617ae2e ]--- 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:19 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async, rerun: 32) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req3={0x1, 0x5, 0x6, 0x2, 0x3, 0xf3d0, 0x8}, 0x1c) (rerun: 32) 17:08:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xefffffff, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 921.249415][T25249] FAULT_INJECTION: forcing a failure. [ 921.249415][T25249] name failslab, interval 1, probability 0, space 0, times 0 [ 921.272881][T25249] CPU: 1 PID: 25249 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 921.284531][T25249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 921.294580][T25249] Call Trace: [ 921.297850][T25249] dump_stack+0x1d8/0x241 [ 921.302154][T25249] ? panic+0x73e/0x73e [ 921.306192][T25249] ? mutex_unlock+0x19/0x40 [ 921.310664][T25249] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 921.316471][T25249] ? selinux_kernfs_init_security+0x155/0x760 [ 921.322515][T25249] ? idr_alloc_cyclic+0x36e/0x5e0 [ 921.327510][T25249] should_fail+0x709/0x870 [ 921.331992][T25249] ? setup_fault_attr+0x3d0/0x3d0 [ 921.336992][T25249] ? _raw_spin_lock+0xa3/0x1b0 [ 921.341736][T25249] ? __kernfs_new_node+0xdb/0x6d0 [ 921.346730][T25249] should_failslab+0x5/0x20 [ 921.351212][T25249] kmem_cache_alloc+0x24/0x210 [ 921.355947][T25249] __kernfs_new_node+0xdb/0x6d0 [ 921.360770][T25249] ? mutex_lock+0xa6/0x110 [ 921.365166][T25249] ? kernfs_new_node+0x160/0x160 [ 921.370079][T25249] kernfs_new_node+0x95/0x160 [ 921.374731][T25249] __kernfs_create_file+0x45/0x260 [ 921.380507][T25249] sysfs_add_file_mode_ns+0x292/0x340 [ 921.385862][T25249] internal_create_group+0x55e/0xf50 [ 921.391206][T25249] ? mutex_unlock+0x19/0x40 [ 921.395697][T25249] ? sysfs_create_group+0x20/0x20 [ 921.400688][T25249] sysfs_create_groups+0x5d/0x130 [ 921.405693][T25249] device_add_attrs+0x87/0x370 [ 921.410430][T25249] device_add+0x505/0xbc0 [ 921.414732][T25249] device_create_vargs+0x1b8/0x210 [ 921.419821][T25249] device_create+0xea/0x130 [ 921.424295][T25249] ? device_create_vargs+0x210/0x210 [ 921.429555][T25249] bdi_register_va+0x89/0x5e0 [ 921.434203][T25249] bdi_register+0xd1/0x120 [ 921.438593][T25249] ? __device_add_disk+0x539/0x1200 [ 921.443763][T25249] ? bdi_register_va+0x5e0/0x5e0 [ 921.448703][T25249] ? percpu_ref_resurrect+0x113/0x190 [ 921.454047][T25249] bdi_register_owner+0x56/0xf0 [ 921.458872][T25249] __device_add_disk+0x5b8/0x1200 [ 921.463868][T25249] ? device_add_disk+0x30/0x30 [ 921.468599][T25249] ? vsprintf+0x30/0x30 [ 921.472728][T25249] ? device_initialize+0x1c7/0x3d0 [ 921.477813][T25249] ? __alloc_disk_node+0x326/0x380 [ 921.482895][T25249] loop_add+0x554/0x710 [ 921.487024][T25249] loop_control_ioctl+0x564/0x740 [ 921.492018][T25249] ? loop_remove+0xa0/0xa0 [ 921.496407][T25249] ? __lru_cache_add+0x1bf/0x210 [ 921.501313][T25249] ? memset+0x1f/0x40 [ 921.505268][T25249] ? fsnotify+0x1332/0x13f0 [ 921.509740][T25249] ? loop_remove+0xa0/0xa0 [ 921.514140][T25249] do_vfs_ioctl+0x744/0x1730 [ 921.518808][T25249] ? selinux_file_ioctl+0x723/0x970 [ 921.523985][T25249] ? ioctl_preallocate+0x250/0x250 [ 921.529069][T25249] ? __fget+0x40c/0x4a0 [ 921.533199][T25249] ? fget_many+0x20/0x20 [ 921.537412][T25249] ? check_preemption_disabled+0x154/0x330 [ 921.543187][T25249] ? debug_smp_processor_id+0x20/0x20 [ 921.548532][T25249] ? security_file_ioctl+0x9d/0xb0 [ 921.553613][T25249] __x64_sys_ioctl+0xd4/0x110 [ 921.558263][T25249] do_syscall_64+0xcb/0x1c0 [ 921.562738][T25249] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 921.570974][T25249] ------------[ cut here ]------------ [ 921.576443][T25249] WARNING: CPU: 1 PID: 25249 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 921.585516][T25249] Modules linked in: [ 921.589389][T25249] CPU: 1 PID: 25249 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 921.600994][T25249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 921.611044][T25249] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 921.616821][T25249] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 921.636397][T25249] RSP: 0018:ffff8881e221fa00 EFLAGS: 00010246 [ 921.642432][T25249] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 921.650375][T25249] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 921.658319][T25249] RBP: ffff8881e221fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 921.666261][T25249] R10: ffffffff84800000 R11: 1ffff1103c443e00 R12: ffff8881d07c5000 [ 921.674207][T25249] R13: dffffc0000000000 R14: ffff8881d07c5070 R15: 1ffff1103a0f8a9d [ 921.682150][T25249] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 921.691046][T25249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 921.697683][T25249] CR2: 00007f98da1c4718 CR3: 00000001e0b31000 CR4: 00000000003406e0 [ 921.705636][T25249] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 921.713588][T25249] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 921.721537][T25249] Call Trace: [ 921.724812][T25249] ? device_add_disk+0x30/0x30 [ 921.729551][T25249] ? vsprintf+0x30/0x30 [ 921.733678][T25249] ? device_initialize+0x1c7/0x3d0 [ 921.738761][T25249] ? __alloc_disk_node+0x326/0x380 [ 921.743841][T25249] loop_add+0x554/0x710 [ 921.747972][T25249] loop_control_ioctl+0x564/0x740 [ 921.752966][T25249] ? loop_remove+0xa0/0xa0 [ 921.757357][T25249] ? __lru_cache_add+0x1bf/0x210 [ 921.762269][T25249] ? memset+0x1f/0x40 [ 921.766222][T25249] ? fsnotify+0x1332/0x13f0 [ 921.770694][T25249] ? loop_remove+0xa0/0xa0 [ 921.775081][T25249] do_vfs_ioctl+0x744/0x1730 [ 921.779643][T25249] ? selinux_file_ioctl+0x723/0x970 [ 921.784901][T25249] ? ioctl_preallocate+0x250/0x250 [ 921.789985][T25249] ? __fget+0x40c/0x4a0 [ 921.794113][T25249] ? fget_many+0x20/0x20 17:08:20 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 55) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:20 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100)) r4 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r5, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, r5, 0x1, 0x7f, 0x6, @remote}, 0x14) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:20 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r2 = gettid() getpgid(r2) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, 0x0, 0x0, 0x70bd25, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0x80}, 0x1, 0x0, 0x0, 0x84}, 0x4020) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x0) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x7a5, 0x3c2d0d54, 0x8, 0x7}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) gettid() (async) getpgid(r2) (async) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, 0x0, 0x0, 0x70bd25, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0x80}, 0x1, 0x0, 0x0, 0x84}, 0x4020) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) (async) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14, 0x0) (async) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x7a5, 0x3c2d0d54, 0x8, 0x7}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xf0ffffff, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:20 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req3={0x1, 0x5, 0x6, 0x2, 0x3, 0xf3d0, 0x8}, 0x1c) 17:08:20 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xb000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:20 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100)) r4 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r5, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, r5, 0x1, 0x7f, 0x6, @remote}, 0x14) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x3, 0x300) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100)) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r5, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, r5, 0x1, 0x7f, 0x6, @remote}, 0x14) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 921.798331][T25249] ? check_preemption_disabled+0x154/0x330 [ 921.804117][T25249] ? debug_smp_processor_id+0x20/0x20 [ 921.809472][T25249] ? security_file_ioctl+0x9d/0xb0 [ 921.814565][T25249] __x64_sys_ioctl+0xd4/0x110 [ 921.819220][T25249] do_syscall_64+0xcb/0x1c0 [ 921.823726][T25249] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 921.829762][T25249] ---[ end trace 03bf7d324617ae2f ]--- 17:08:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xfeffffff, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:20 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x10000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:20 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:20 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x7fffffff, 0x3, 0x4, 0x4, 0x1f, 0x400, 0x3ff}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:20 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x3, 0x300) (async) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100)) (async) r4 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r5, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf5, r5, 0x1, 0x7f, 0x6, @remote}, 0x14) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 921.915731][T25284] FAULT_INJECTION: forcing a failure. [ 921.915731][T25284] name failslab, interval 1, probability 0, space 0, times 0 [ 921.930448][T25284] CPU: 1 PID: 25284 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 921.942082][T25284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 921.952117][T25284] Call Trace: [ 921.955386][T25284] dump_stack+0x1d8/0x241 [ 921.959696][T25284] ? panic+0x73e/0x73e [ 921.963743][T25284] ? mutex_unlock+0x19/0x40 [ 921.968227][T25284] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 921.974005][T25284] ? selinux_kernfs_init_security+0x155/0x760 [ 921.980042][T25284] ? idr_alloc_cyclic+0x36e/0x5e0 [ 921.985040][T25284] should_fail+0x709/0x870 [ 921.989429][T25284] ? setup_fault_attr+0x3d0/0x3d0 [ 921.994424][T25284] ? _raw_spin_lock+0xa3/0x1b0 [ 921.999159][T25284] ? __kernfs_new_node+0xdb/0x6d0 [ 922.004238][T25284] should_failslab+0x5/0x20 [ 922.008713][T25284] kmem_cache_alloc+0x24/0x210 [ 922.013449][T25284] __kernfs_new_node+0xdb/0x6d0 [ 922.018271][T25284] ? mutex_lock+0xa6/0x110 [ 922.022655][T25284] ? kernfs_new_node+0x160/0x160 [ 922.027567][T25284] kernfs_new_node+0x95/0x160 [ 922.032213][T25284] __kernfs_create_file+0x45/0x260 [ 922.037319][T25284] sysfs_add_file_mode_ns+0x292/0x340 [ 922.042660][T25284] internal_create_group+0x55e/0xf50 [ 922.047919][T25284] ? mutex_unlock+0x19/0x40 [ 922.052396][T25284] ? sysfs_create_group+0x20/0x20 [ 922.057391][T25284] sysfs_create_groups+0x5d/0x130 [ 922.062394][T25284] device_add_attrs+0x87/0x370 [ 922.067131][T25284] device_add+0x505/0xbc0 [ 922.071434][T25284] device_create_vargs+0x1b8/0x210 [ 922.076516][T25284] device_create+0xea/0x130 [ 922.080991][T25284] ? device_create_vargs+0x210/0x210 [ 922.086249][T25284] bdi_register_va+0x89/0x5e0 [ 922.090906][T25284] bdi_register+0xd1/0x120 [ 922.095307][T25284] ? __device_add_disk+0x539/0x1200 [ 922.100475][T25284] ? bdi_register_va+0x5e0/0x5e0 [ 922.105385][T25284] ? percpu_ref_resurrect+0x113/0x190 [ 922.110731][T25284] bdi_register_owner+0x56/0xf0 [ 922.115643][T25284] __device_add_disk+0x5b8/0x1200 [ 922.120640][T25284] ? device_add_disk+0x30/0x30 [ 922.125373][T25284] ? vsprintf+0x30/0x30 [ 922.129503][T25284] ? device_initialize+0x1c7/0x3d0 [ 922.134583][T25284] ? __alloc_disk_node+0x326/0x380 [ 922.139663][T25284] loop_add+0x554/0x710 [ 922.143792][T25284] loop_control_ioctl+0x564/0x740 [ 922.148792][T25284] ? loop_remove+0xa0/0xa0 [ 922.153178][T25284] ? __lru_cache_add+0x1bf/0x210 [ 922.158087][T25284] ? memset+0x1f/0x40 [ 922.162040][T25284] ? fsnotify+0x1332/0x13f0 [ 922.166514][T25284] ? loop_remove+0xa0/0xa0 [ 922.170906][T25284] do_vfs_ioctl+0x744/0x1730 [ 922.175472][T25284] ? selinux_file_ioctl+0x723/0x970 [ 922.180685][T25284] ? ioctl_preallocate+0x250/0x250 [ 922.185769][T25284] ? __fget+0x40c/0x4a0 [ 922.189898][T25284] ? fget_many+0x20/0x20 [ 922.194115][T25284] ? check_preemption_disabled+0x154/0x330 [ 922.199902][T25284] ? debug_smp_processor_id+0x20/0x20 [ 922.205246][T25284] ? security_file_ioctl+0x9d/0xb0 [ 922.210335][T25284] __x64_sys_ioctl+0xd4/0x110 [ 922.214986][T25284] do_syscall_64+0xcb/0x1c0 [ 922.219464][T25284] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 922.228552][T25284] ------------[ cut here ]------------ [ 922.234115][T25284] WARNING: CPU: 1 PID: 25284 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 922.243185][T25284] Modules linked in: [ 922.247056][T25284] CPU: 1 PID: 25284 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 922.258730][T25284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.268852][T25284] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 922.274629][T25284] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 922.294203][T25284] RSP: 0018:ffff8881e2077a00 EFLAGS: 00010246 [ 922.300241][T25284] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 922.308274][T25284] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 922.316305][T25284] RBP: ffff8881e2077b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 922.324248][T25284] R10: ffffffff84800000 R11: 1ffff1103c40ee00 R12: ffff8881d137f000 [ 922.332190][T25284] R13: dffffc0000000000 R14: ffff8881d137f070 R15: 1ffff1103a26fe9d [ 922.340136][T25284] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 922.349033][T25284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 922.355588][T25284] CR2: 0000555555cc8728 CR3: 00000001e20f6000 CR4: 00000000003406e0 [ 922.363548][T25284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 922.371494][T25284] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 922.379443][T25284] Call Trace: [ 922.382709][T25284] ? device_add_disk+0x30/0x30 [ 922.387706][T25284] ? vsprintf+0x30/0x30 [ 922.391833][T25284] ? device_initialize+0x1c7/0x3d0 [ 922.396932][T25284] ? __alloc_disk_node+0x326/0x380 [ 922.402100][T25284] loop_add+0x554/0x710 [ 922.406228][T25284] loop_control_ioctl+0x564/0x740 [ 922.411226][T25284] ? loop_remove+0xa0/0xa0 [ 922.415618][T25284] ? __lru_cache_add+0x1bf/0x210 [ 922.420528][T25284] ? memset+0x1f/0x40 [ 922.424479][T25284] ? fsnotify+0x1332/0x13f0 [ 922.429023][T25284] ? loop_remove+0xa0/0xa0 [ 922.433411][T25284] do_vfs_ioctl+0x744/0x1730 [ 922.437974][T25284] ? selinux_file_ioctl+0x723/0x970 [ 922.443144][T25284] ? ioctl_preallocate+0x250/0x250 [ 922.448233][T25284] ? __fget+0x40c/0x4a0 [ 922.452371][T25284] ? fget_many+0x20/0x20 [ 922.456591][T25284] ? check_preemption_disabled+0x154/0x330 [ 922.462394][T25284] ? debug_smp_processor_id+0x20/0x20 17:08:21 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 56) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:21 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x11000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xffffff7f, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) 17:08:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x7fffffff, 0x3, 0x4, 0x4, 0x1f, 0x400, 0x3ff}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:21 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x12000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x7fffffff, 0x3, 0x4, 0x4, 0x1f, 0x400, 0x3ff}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x7fffffff, 0x3, 0x4, 0x4, 0x1f, 0x400, 0x3ff}, 0x1c) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) 17:08:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xffffff9e, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) [ 922.467742][T25284] ? security_file_ioctl+0x9d/0xb0 [ 922.473345][T25284] __x64_sys_ioctl+0xd4/0x110 [ 922.477994][T25284] do_syscall_64+0xcb/0x1c0 [ 922.482471][T25284] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 922.488339][T25284] ---[ end trace 03bf7d324617ae30 ]--- [ 922.581500][T25347] FAULT_INJECTION: forcing a failure. [ 922.581500][T25347] name failslab, interval 1, probability 0, space 0, times 0 [ 922.597160][T25347] CPU: 1 PID: 25347 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 922.608793][T25347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.618834][T25347] Call Trace: [ 922.622125][T25347] dump_stack+0x1d8/0x241 [ 922.626445][T25347] ? panic+0x73e/0x73e [ 922.630490][T25347] ? mutex_unlock+0x19/0x40 [ 922.634973][T25347] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 922.640751][T25347] ? selinux_kernfs_init_security+0x155/0x760 [ 922.646788][T25347] ? idr_alloc_cyclic+0x36e/0x5e0 [ 922.651781][T25347] should_fail+0x709/0x870 [ 922.656172][T25347] ? setup_fault_attr+0x3d0/0x3d0 [ 922.661168][T25347] ? _raw_spin_lock+0xa3/0x1b0 [ 922.665906][T25347] ? __kernfs_new_node+0xdb/0x6d0 [ 922.670899][T25347] should_failslab+0x5/0x20 [ 922.675382][T25347] kmem_cache_alloc+0x24/0x210 [ 922.680127][T25347] __kernfs_new_node+0xdb/0x6d0 [ 922.684952][T25347] ? mutex_lock+0xa6/0x110 [ 922.689339][T25347] ? kernfs_new_node+0x160/0x160 [ 922.694250][T25347] kernfs_new_node+0x95/0x160 [ 922.698902][T25347] __kernfs_create_file+0x45/0x260 [ 922.703983][T25347] sysfs_add_file_mode_ns+0x292/0x340 [ 922.709329][T25347] internal_create_group+0x55e/0xf50 [ 922.714589][T25347] ? mutex_unlock+0x19/0x40 [ 922.719063][T25347] ? sysfs_create_group+0x20/0x20 [ 922.724069][T25347] sysfs_create_groups+0x5d/0x130 [ 922.729076][T25347] device_add_attrs+0x87/0x370 [ 922.733821][T25347] device_add+0x505/0xbc0 [ 922.738127][T25347] device_create_vargs+0x1b8/0x210 [ 922.743213][T25347] device_create+0xea/0x130 [ 922.747703][T25347] ? device_create_vargs+0x210/0x210 [ 922.752972][T25347] bdi_register_va+0x89/0x5e0 [ 922.757620][T25347] bdi_register+0xd1/0x120 [ 922.762008][T25347] ? __device_add_disk+0x539/0x1200 [ 922.767178][T25347] ? bdi_register_va+0x5e0/0x5e0 [ 922.772095][T25347] ? percpu_ref_resurrect+0x113/0x190 [ 922.777459][T25347] bdi_register_owner+0x56/0xf0 [ 922.782289][T25347] __device_add_disk+0x5b8/0x1200 [ 922.787288][T25347] ? device_add_disk+0x30/0x30 [ 922.792023][T25347] ? vsprintf+0x30/0x30 [ 922.796152][T25347] ? device_initialize+0x1c7/0x3d0 [ 922.801235][T25347] ? __alloc_disk_node+0x326/0x380 [ 922.806319][T25347] loop_add+0x554/0x710 [ 922.810447][T25347] loop_control_ioctl+0x564/0x740 [ 922.815449][T25347] ? loop_remove+0xa0/0xa0 [ 922.819837][T25347] ? __lru_cache_add+0x1bf/0x210 [ 922.824748][T25347] ? memset+0x1f/0x40 [ 922.828705][T25347] ? fsnotify+0x1332/0x13f0 [ 922.833182][T25347] ? loop_remove+0xa0/0xa0 [ 922.837569][T25347] do_vfs_ioctl+0x744/0x1730 [ 922.842159][T25347] ? selinux_file_ioctl+0x723/0x970 [ 922.847421][T25347] ? ioctl_preallocate+0x250/0x250 [ 922.852511][T25347] ? __fget+0x40c/0x4a0 [ 922.856639][T25347] ? fget_many+0x20/0x20 [ 922.860856][T25347] ? check_preemption_disabled+0x154/0x330 [ 922.866630][T25347] ? debug_smp_processor_id+0x20/0x20 [ 922.871971][T25347] ? security_file_ioctl+0x9d/0xb0 [ 922.877057][T25347] __x64_sys_ioctl+0xd4/0x110 [ 922.881708][T25347] do_syscall_64+0xcb/0x1c0 [ 922.886184][T25347] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 922.894796][T25347] ------------[ cut here ]------------ [ 922.900278][T25347] WARNING: CPU: 1 PID: 25347 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 922.909450][T25347] Modules linked in: [ 922.913327][T25347] CPU: 1 PID: 25347 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 922.924918][T25347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.934955][T25347] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 922.940733][T25347] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 922.960310][T25347] RSP: 0018:ffff8881de167a00 EFLAGS: 00010246 [ 922.966350][T25347] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 922.974296][T25347] RDX: ffffc90000d4a000 RSI: 000000000003ffff RDI: 0000000000040000 [ 922.982243][T25347] RBP: ffff8881de167b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 922.990185][T25347] R10: ffffffff84800000 R11: 1ffff1103bc2ce00 R12: ffff8881ea015000 [ 922.998138][T25347] R13: dffffc0000000000 R14: ffff8881ea015070 R15: 1ffff1103d402a9d [ 923.006086][T25347] FS: 00007f98da1c4700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 923.014985][T25347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 923.021541][T25347] CR2: 00007f36640c6718 CR3: 00000001e20f6000 CR4: 00000000003406e0 [ 923.029490][T25347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 923.037432][T25347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 923.045378][T25347] Call Trace: [ 923.048646][T25347] ? device_add_disk+0x30/0x30 [ 923.053380][T25347] ? vsprintf+0x30/0x30 [ 923.057507][T25347] ? device_initialize+0x1c7/0x3d0 [ 923.062591][T25347] ? __alloc_disk_node+0x326/0x380 [ 923.067675][T25347] loop_add+0x554/0x710 [ 923.071804][T25347] loop_control_ioctl+0x564/0x740 [ 923.076798][T25347] ? loop_remove+0xa0/0xa0 [ 923.081313][T25347] ? __lru_cache_add+0x1bf/0x210 [ 923.086221][T25347] ? memset+0x1f/0x40 [ 923.090175][T25347] ? fsnotify+0x1332/0x13f0 [ 923.094651][T25347] ? loop_remove+0xa0/0xa0 [ 923.099037][T25347] do_vfs_ioctl+0x744/0x1730 [ 923.103600][T25347] ? selinux_file_ioctl+0x723/0x970 [ 923.108768][T25347] ? ioctl_preallocate+0x250/0x250 [ 923.113850][T25347] ? __fget+0x40c/0x4a0 [ 923.117978][T25347] ? fget_many+0x20/0x20 [ 923.122297][T25347] ? check_preemption_disabled+0x154/0x330 [ 923.128074][T25347] ? debug_smp_processor_id+0x20/0x20 17:08:21 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 57) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x1, 0x5, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x420001) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000080)=0x9, 0x8) 17:08:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xffffffea, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:21 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x13000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x56) r2 = socket$packet(0x11, 0x3, 0x300) connect$packet(r2, &(0x7f00000000c0)={0x11, 0x1a, 0x0, 0x1, 0x88, 0x6, @link_local}, 0x14) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = getuid() sendmsg$nl_xfrm(r3, &(0x7f0000001500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000014c0)={&(0x7f0000000380)=@polexpire={0x111c, 0x1b, 0x10, 0x70bd28, 0x21, {{{@in=@loopback, @in6=@local, 0x4e21, 0x0, 0x4e23, 0xfffb, 0x2, 0xa0, 0x2dba9cfd060a7318, 0x2f, r4, r5}, {0x8, 0x200, 0xf780000000, 0x6, 0x1, 0x100, 0x9, 0x9}, {0x5, 0x8, 0x7, 0x1ff}, 0x8, 0x6e6bbd, 0x0, 0x1, 0x2}, 0x40}, [@algo_crypt={0x1048, 0x2, {{'pcbc(fcrypt-generic)\x00'}, 0x8000, "65722d8e8c5d0739378dfc0bb07dbcd67ac654401349ef887e8f7f20b988c32230a06c7eb78ea2cf1a851b0d4556fc9bd1d4c1386327aa18238a8e4ec326517b3c3a1d0b14b2f073e8bf9aee50caabbd1631f9fb154e82dde9357e3fcd9d84925ee4c95c802f42ba3965a815387787dbc5f21e925420d31af7ca02e40edb12916038bfffa2696454ec169663ba9e3ea4e2220a904d6a97f200659af28cec3d2805e750ea17c73f1a2c7d16a4b1492f9a68f31f0352f74a83ed81b5a498a66ed585c7ed44a401c800c90e92276276de53ac1a35eb56ef30501d260fdf1cbe83501429d6d4f1c983f8776282fc77c04ddf2b8d1cc96a7d6cafa7592955d75a435864edf68a117deb35d562905fb79082077d4152a02eaba4c6c23e1dd3c883b14d63262052e5e4d09bfd281e6ff85ac3e8e3385110133d0b0b170cdd6740fa7872fbcd0908a486cec7759e082193ee7c87fdcca5c1ce00021669835a79ae1db1525784236a119265db990edf7fbdfb6e233b8bd8730104c069dc7c390ffe0a51edae87f90e84da8227d3268bba5f53b153e4eda9aa6c0485ebf60a8ca9603baeef90547b778a791954bb522142beb04bf6a3ee14e5dd360b37684c79b4f99d939189c4f067b1a33de8c078fd7008c5cdbf7bc9742c40655f04fd5decfbbd93c13a016c7ae71b9c19a75103e0b047ccf779e03a7515bf39ead839ec43d61e544074fb9ef7fb70427f01d63304c673c841b47600c139d79262e6ba3dd4b8f63df7f0b628ba26c428b33cde24ec12d267e69560203166dcd11a930f593a09ddae862c32588334c6f7a102b16d327810bd8d1624683aaa4b0fffcd3becb23a019a1be2fa2b5b311ed63939a3668f0bf66af32c19acc437b4011ae46b192f9908811e9fc3a80a8f01a3d3daeef8897e66faa622c170c05d362ef2a5b261744ee0b1cfed8e01f8be5c5c786eaa91f8dd730bf9c521894f91c50d5703893991eee04242a9da6c4a94141ff1459c1162b12b81785983a757458885bd34b2c35d0b4c1b562df73ac81695a5b94b1b93c0a699fc37a35d0bfdc851b38e190decf66c9d85f5fd6031258ddcff5417554f90f4204eeea9671ba249f3bac56c828bd89c6ce19dc67c6344653aa0922cf44c64362ed591a30beb131016f578d162ee0409d155b7fabe37f5222f5fc991f59255b1c92b8db2ba4f22edb133a7485cdac20ad25315f2031bf24c283744d52fcc4b69cb83a198234dcb89ddc39cfb78c039578fa8b857523afea91c859d170c8a8827f4cb6902d715b81ecc0cafebe6cc5fc978de6da1efcb7865e304f66844ba83073d5d39ccba33c3c7be5e72e1f1050aa6fa245e514944f461232be9f01269b84fea4e667e34b2e04c99d489cec1d52160bc7d6e27e17db6db1f0aad905b3e7dbd5efd6f3b1ba1e4351b1b90b056a83d21e148ecc8f8d98388426b074a6c2e2eb41de87b98eb741602c4e836bc63cf038a91b4df786d578353ed30a386e580fce06139a0188ff09085ca9aa48f89e14722caef0f931085d32fac2f9dcad4439f4cd5c9ce9835344cb55c1937027d396974050a9f8951b14a922f31357d7c60a035d213088cf3c454c9de8a1dfe12038442a7c27458c1dd7390b191ff7b2065d20bbf753d187884a0db7a3618ac70469366d67af89c5b5a497f166d0f60581944708606f5920a2a75c474e2d23154f7f484a2583f33f71565e19ef798164881100111ee5178fe0e7ca8623e0f55094102c0d008ee29263f42e1f06caf77c64a54875b62a03097a1daed0912b05ff2cf8d5e6f2debfd3d135f419194893b414e85b12ddb0d0d51486a4995996f9183fd1c0ef76091560536092b22b52dd2cec5812f0c0a0e6320c49d0bd9ab655549438b49fcb76798525706262a84e5bf234a87e11f01936d9f0d4e25e23b49aab6cab03cd1cac62fca5ac228b4b0308d510e2d89c2f4b307a4f3fb3e4df59eb70954fc0d176fda84ef382a8f6971b6124b773ab21738667f44d4ee89852a63626a246ea4607770fc4f6da7d03a44c80e3ec6f85c91642db2eb7d48fbb2bdb66b3b1a2317c49cf8f8adfc779efbb8b701fe9f60c00844f16380c39f42a43bf311d681d9a0a9c946a3b2fdb8982dff561cdf9269f68c3a0bc53edf5d0fee9f5795442614cd66c90490fb0f06bef1ff7af41976d7cabca8faa63000db1e9f04767b414bf57fd68c2c575245a98e747f8981fa3c4d065d5ddec609e582a200ab83efa8ef253eac7a31efe0d7a0bc16863cc093c700ea466bf38239378d2241bb343c67606c69290bca8b4722969090ea85b5d9e47ecd244d63b2a4e15c8611ea6d945d5599be3da26d205e2847e86ef07c843806355d46b787697580bdf4290e0040f3939a04a227cb760517049bb923f437a50971436d2f0fa5309c2204e971474647a83afe6631ed7f64360f772ce73b32cbdc50f52acc28ebbc02c6562819b7ca0582e207837d9cb341f45351d4a4b71376a98d9816e6e1be2852d833cf45acc76272f8407185d66620885e737dfd00afae88969ad35b5b0eba71d37aa0c331ceec0efb7923fcdbf2bb95e27916381abefc524c066e27042a66cfee0ccd84d493c3fcfd1d0f4b8705054bc7720faf22493afc7781a14cabc890bac4a9cec6e62f9021266f183268309699781eb6cbf6758aed11994537191bd3b26c2c29ff7b09b3f5f3762eb5a368e8ae0c7e3b3ebc3c59df84a5c84b058ee5fb342093d446c5c7c34f3115ae50dac17ba6e8790fce238a7b74ba0635946b84533ce6d702cdaa025545420e345eda00f2c5d6b41aff99547431fdf21a3892725f745c6dcb9f4586c8e9676504511824e69230c7df2b03423f35f940e9fde087307ed87b38072138e44dee0f86e2312bd02212789753eb8d5bcf8aa49e37c2e36884113133693bcad29f5a37cc54090b320fcf3358c52f6e4ccf04bd155f5cb55bd887b40949f140d5f2f6cfb5cbb7271f671b0c23a0b3252df389581b11c5e5625bb5126645676f4ecade4aa6dca6d89778b6a948bbffa567ebe21812d8993071b718232c4638c1806ce826718f6c617d40e0abb381764500fc51d30d7cad4e6b510d29bf2e652c7f1d301ffa3be56585b84aa7cf95da8dc8ad969c09308a124e9ee8a3ad4b3683f6e59ec5d0c1db8d1be4cdd05db8a68f8123699071e603bb5c78d6c122af5ceeed336f9f603b97baba48e34ce94fd74cbb262f1fed6ec698e1dbbb3ec71f1f96dc44d8200c6002f78bcb37fc6f6fac2aa928bb1d1f2c13cd4ed40c84bfdd9b93c85936bc921d9bf8f3e0b1f96d6535171bc8ca275fb8110bd18938e8eb23cbb2505452815ac8a05108acad2b6b1dc09acd6e08ddb173f30a00523661b8ea03261e6d640e2f82314e44d6d8b21216f4f006e99e39a5b49718ac11197adb17a70ea1e10edff305942f12eace513eea428a0e87db0f2b9cf63b4f8a0e6580474472421e0c9d5a1281f915dd60bd4c086861a300bf7dcac2cca02a2f87108dfe25fbb338c5c90539c6238a6d54b39a23d62395902ad6dfec958df9470ecd4c666c9c82f7511f33dacfb1c8dbb4147e5f093b7393fcbaa5ee2193eedbdcb792af179b9ced3cde6fc82f423fc954cb0ceba99a0b964a0db577e5563472a33ac91a72026fec36ef7cf92c05922489278359320fc4c54c50f42490fb6d504d7c99b3ecfd00822dcf7977dcf89e01501714ee650be849953c7f3a50d1cfe128e5328c56a4e8bb7d8fbfe29fc42d12caceb5a4785ef5a9110346f1659ad255070b1b4de1c69061206a8eaec0ca277b45713f0a85f3dda59e243e50baef07999fd79b2f2a187c045690dae2c415a36b963206346d7166cc7728ae20f8e454caefc702b378b62c814a655a719b6318e0d9d0cb8da48ce69650d8a19f6a38dba39080f9d2e457907eb79c654b4d13cedaf3c24fc2ac6d99d4ca5e9be1283a02d5057343e38b8859a4b3f6f58a54a64b3982ab4c6c3cdf493289450ef9da7ee0276d0217436fa080a95c1ace9105003a024301f370a9f325d97ca7d67fb5897e68e5acd7e0471f433465ac8b8cdf4a44519c36cc71ffa82430a21a3d3f10bed35a4018363385414fc06aa29d8132dc9d06dd9855dfb700cca3d89dbbd3b0ed983a978aab503740b72b65a321e2ea597a834f75715165fc8e5a8880239fba9153606430940bbdd6482f27f8ecdfa1c39cb5c50bf55bc9f78685e10804ceecc467d9cc4f1c095a8bdecadaa6aae06e3cba2c7d01def6a37f9fcabbf01af28a4775325ab4e7729b456df57544dd36ce7d23a9f4cf6b3c5cf2de6b8de2395b879d9ddd4073099335ee8ba57125711dda3d176292527cab452f8919217eb9c12a7fd6d34910aa7168ef170efc8f7fd51d65eb35db0725ee660531ab7f3c06641fff4848d08f675f0c2ceb77f9b081a5307d65337d630be01cbab23fee0a9bac1fce2520082fe5e30c9b95600e12e36d82508828254d03e0ce90d899ce201983d8674e4041a7b2c7e226ed03935597e8d9431121611ae3dd60fc05037c5ac8b1de58a9c700e9285d4e667fbc2a01f700975893a477781ffa16a61fdd6ca6333cb070a5c49af8984cffb2b30414a1eba39219d732a781f394674f35f0cd2198107b4192c238994fbfbd33e0c0354a9fdabcb2c3bba39abe6d6678eb0c19b4949825d616c28190fe9655d9f735fc68c4fe702a09340f46a776059bba02ce204569012e0807299506f56171b0d47e7cef54254360afa3149d4ffe4e8668e79e2ee90ef8087cb6d5da0a45f683e848e5875477eeda3b0a1f5113cca500b6d59591a9df32536aa7c0479668765e6536e495f0536b07a8cc559c22c255ce1fa61d0cbdeb6378f52b3d9072814e3a35b49db11f831369914134175cbb08006aaa6ad44d7157acf7cd39fb2bfda3306bb008e6a8fc22a946fecc5a2806739721d7674108be6bb2d3bcaeaba53c66678a7f092865184d77825cf0d84f4ccc558ca2d0749c902b536ebc53d22bd51f7b9a94ee048269f5c5e137a9eab5bc4b8e694058e95a6c0f1227eb38a57c43aea813050693365bc18bdcce77ebc88edb5ed93e0037b1c2d804d5842c500202e46695a97800b4a5bc5b8509088caa74013b6cc4986e799c9b75ba638a8738956c44fcacc5d4fd6631a2fd4b211236fc246210cb81400ff214cb1aaf14b38702584b71db47b26ce7f795e6bd246c8cc5f28f80e4f0a6c06f2a3e50b877c70412da64cbae25f32922d69853fd502bf678b3faba71bb01d11fcc5b3a20a9942488a77ff91a2b0f05cad68b295bd81917e5b0e31f754bb505762242b276e4af67c49bd3a533bad4c4584793d820c08e7a36140035aa998c01cc678eb82a0eb8ba763acfe9e139b84ddfa24cb5899f303227da23f7f45da0e2db13bdc5cb6007391b3b08b86b385980b3ffb389a00b32bc23638c14b9384244a7008526d466c3eb7a41e0727a29a3caca9a0aac5777c0b85137d434b741887cf6387e941f59c749de55c170b663722a2c5f56195522f7edb180795db0415dfad37df4238d4ab76710f4595e799080b139fb49db61578ab822bc5b199120b0b49bf0febf7bc319cdfd76c60dfcd345cc04cfd9e16555c6c65398424c69dd0e01222b534e29d75a71edfb9c429ff91079bff908665972bd60ca895d558eacd5ef381e4132eaa36f828d441619030b3b09717eca0e07130772bd92ba79c33f77c028d03cbf15b13310c97049b4d35bb9101436f9cfed416a74c376a47a53b58629a58b9a1aee84cb2ed65845d300db059c04"}}, @policy_type={0xa}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}]}, 0x111c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48810) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0xd, 0x0, 0x0) r7 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r8 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'tunl0\x00', r9, 0x40, 0x80, 0x8000, 0xa, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ssrr={0x89, 0x7, 0x68, [@broadcast]}]}}}}}) setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000100)={r9, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) socket$packet(0x11, 0x3, 0x300) 17:08:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f00000000c0)={0x6, 0x10bb}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x1, 0x5, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x420001) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000080)=0x9, 0x8) [ 923.133417][T25347] ? security_file_ioctl+0x9d/0xb0 [ 923.138499][T25347] __x64_sys_ioctl+0xd4/0x110 [ 923.143148][T25347] do_syscall_64+0xcb/0x1c0 [ 923.147626][T25347] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 923.153491][T25347] ---[ end trace 03bf7d324617ae31 ]--- 17:08:21 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x14000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f00000000c0)={0x6, 0x10bb}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f00000000c0)={0x6, 0x10bb}) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) (async) 17:08:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x56) (async) r2 = socket$packet(0x11, 0x3, 0x300) connect$packet(r2, &(0x7f00000000c0)={0x11, 0x1a, 0x0, 0x1, 0x88, 0x6, @link_local}, 0x14) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = getuid() sendmsg$nl_xfrm(r3, &(0x7f0000001500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000014c0)={&(0x7f0000000380)=@polexpire={0x111c, 0x1b, 0x10, 0x70bd28, 0x21, {{{@in=@loopback, @in6=@local, 0x4e21, 0x0, 0x4e23, 0xfffb, 0x2, 0xa0, 0x2dba9cfd060a7318, 0x2f, r4, r5}, {0x8, 0x200, 0xf780000000, 0x6, 0x1, 0x100, 0x9, 0x9}, {0x5, 0x8, 0x7, 0x1ff}, 0x8, 0x6e6bbd, 0x0, 0x1, 0x2}, 0x40}, [@algo_crypt={0x1048, 0x2, {{'pcbc(fcrypt-generic)\x00'}, 0x8000, "65722d8e8c5d0739378dfc0bb07dbcd67ac654401349ef887e8f7f20b988c32230a06c7eb78ea2cf1a851b0d4556fc9bd1d4c1386327aa18238a8e4ec326517b3c3a1d0b14b2f073e8bf9aee50caabbd1631f9fb154e82dde9357e3fcd9d84925ee4c95c802f42ba3965a815387787dbc5f21e925420d31af7ca02e40edb12916038bfffa2696454ec169663ba9e3ea4e2220a904d6a97f200659af28cec3d2805e750ea17c73f1a2c7d16a4b1492f9a68f31f0352f74a83ed81b5a498a66ed585c7ed44a401c800c90e92276276de53ac1a35eb56ef30501d260fdf1cbe83501429d6d4f1c983f8776282fc77c04ddf2b8d1cc96a7d6cafa7592955d75a435864edf68a117deb35d562905fb79082077d4152a02eaba4c6c23e1dd3c883b14d63262052e5e4d09bfd281e6ff85ac3e8e3385110133d0b0b170cdd6740fa7872fbcd0908a486cec7759e082193ee7c87fdcca5c1ce00021669835a79ae1db1525784236a119265db990edf7fbdfb6e233b8bd8730104c069dc7c390ffe0a51edae87f90e84da8227d3268bba5f53b153e4eda9aa6c0485ebf60a8ca9603baeef90547b778a791954bb522142beb04bf6a3ee14e5dd360b37684c79b4f99d939189c4f067b1a33de8c078fd7008c5cdbf7bc9742c40655f04fd5decfbbd93c13a016c7ae71b9c19a75103e0b047ccf779e03a7515bf39ead839ec43d61e544074fb9ef7fb70427f01d63304c673c841b47600c139d79262e6ba3dd4b8f63df7f0b628ba26c428b33cde24ec12d267e69560203166dcd11a930f593a09ddae862c32588334c6f7a102b16d327810bd8d1624683aaa4b0fffcd3becb23a019a1be2fa2b5b311ed63939a3668f0bf66af32c19acc437b4011ae46b192f9908811e9fc3a80a8f01a3d3daeef8897e66faa622c170c05d362ef2a5b261744ee0b1cfed8e01f8be5c5c786eaa91f8dd730bf9c521894f91c50d5703893991eee04242a9da6c4a94141ff1459c1162b12b81785983a757458885bd34b2c35d0b4c1b562df73ac81695a5b94b1b93c0a699fc37a35d0bfdc851b38e190decf66c9d85f5fd6031258ddcff5417554f90f4204eeea9671ba249f3bac56c828bd89c6ce19dc67c6344653aa0922cf44c64362ed591a30beb131016f578d162ee0409d155b7fabe37f5222f5fc991f59255b1c92b8db2ba4f22edb133a7485cdac20ad25315f2031bf24c283744d52fcc4b69cb83a198234dcb89ddc39cfb78c039578fa8b857523afea91c859d170c8a8827f4cb6902d715b81ecc0cafebe6cc5fc978de6da1efcb7865e304f66844ba83073d5d39ccba33c3c7be5e72e1f1050aa6fa245e514944f461232be9f01269b84fea4e667e34b2e04c99d489cec1d52160bc7d6e27e17db6db1f0aad905b3e7dbd5efd6f3b1ba1e4351b1b90b056a83d21e148ecc8f8d98388426b074a6c2e2eb41de87b98eb741602c4e836bc63cf038a91b4df786d578353ed30a386e580fce06139a0188ff09085ca9aa48f89e14722caef0f931085d32fac2f9dcad4439f4cd5c9ce9835344cb55c1937027d396974050a9f8951b14a922f31357d7c60a035d213088cf3c454c9de8a1dfe12038442a7c27458c1dd7390b191ff7b2065d20bbf753d187884a0db7a3618ac70469366d67af89c5b5a497f166d0f60581944708606f5920a2a75c474e2d23154f7f484a2583f33f71565e19ef798164881100111ee5178fe0e7ca8623e0f55094102c0d008ee29263f42e1f06caf77c64a54875b62a03097a1daed0912b05ff2cf8d5e6f2debfd3d135f419194893b414e85b12ddb0d0d51486a4995996f9183fd1c0ef76091560536092b22b52dd2cec5812f0c0a0e6320c49d0bd9ab655549438b49fcb76798525706262a84e5bf234a87e11f01936d9f0d4e25e23b49aab6cab03cd1cac62fca5ac228b4b0308d510e2d89c2f4b307a4f3fb3e4df59eb70954fc0d176fda84ef382a8f6971b6124b773ab21738667f44d4ee89852a63626a246ea4607770fc4f6da7d03a44c80e3ec6f85c91642db2eb7d48fbb2bdb66b3b1a2317c49cf8f8adfc779efbb8b701fe9f60c00844f16380c39f42a43bf311d681d9a0a9c946a3b2fdb8982dff561cdf9269f68c3a0bc53edf5d0fee9f5795442614cd66c90490fb0f06bef1ff7af41976d7cabca8faa63000db1e9f04767b414bf57fd68c2c575245a98e747f8981fa3c4d065d5ddec609e582a200ab83efa8ef253eac7a31efe0d7a0bc16863cc093c700ea466bf38239378d2241bb343c67606c69290bca8b4722969090ea85b5d9e47ecd244d63b2a4e15c8611ea6d945d5599be3da26d205e2847e86ef07c843806355d46b787697580bdf4290e0040f3939a04a227cb760517049bb923f437a50971436d2f0fa5309c2204e971474647a83afe6631ed7f64360f772ce73b32cbdc50f52acc28ebbc02c6562819b7ca0582e207837d9cb341f45351d4a4b71376a98d9816e6e1be2852d833cf45acc76272f8407185d66620885e737dfd00afae88969ad35b5b0eba71d37aa0c331ceec0efb7923fcdbf2bb95e27916381abefc524c066e27042a66cfee0ccd84d493c3fcfd1d0f4b8705054bc7720faf22493afc7781a14cabc890bac4a9cec6e62f9021266f183268309699781eb6cbf6758aed11994537191bd3b26c2c29ff7b09b3f5f3762eb5a368e8ae0c7e3b3ebc3c59df84a5c84b058ee5fb342093d446c5c7c34f3115ae50dac17ba6e8790fce238a7b74ba0635946b84533ce6d702cdaa025545420e345eda00f2c5d6b41aff99547431fdf21a3892725f745c6dcb9f4586c8e9676504511824e69230c7df2b03423f35f940e9fde087307ed87b38072138e44dee0f86e2312bd02212789753eb8d5bcf8aa49e37c2e36884113133693bcad29f5a37cc54090b320fcf3358c52f6e4ccf04bd155f5cb55bd887b40949f140d5f2f6cfb5cbb7271f671b0c23a0b3252df389581b11c5e5625bb5126645676f4ecade4aa6dca6d89778b6a948bbffa567ebe21812d8993071b718232c4638c1806ce826718f6c617d40e0abb381764500fc51d30d7cad4e6b510d29bf2e652c7f1d301ffa3be56585b84aa7cf95da8dc8ad969c09308a124e9ee8a3ad4b3683f6e59ec5d0c1db8d1be4cdd05db8a68f8123699071e603bb5c78d6c122af5ceeed336f9f603b97baba48e34ce94fd74cbb262f1fed6ec698e1dbbb3ec71f1f96dc44d8200c6002f78bcb37fc6f6fac2aa928bb1d1f2c13cd4ed40c84bfdd9b93c85936bc921d9bf8f3e0b1f96d6535171bc8ca275fb8110bd18938e8eb23cbb2505452815ac8a05108acad2b6b1dc09acd6e08ddb173f30a00523661b8ea03261e6d640e2f82314e44d6d8b21216f4f006e99e39a5b49718ac11197adb17a70ea1e10edff305942f12eace513eea428a0e87db0f2b9cf63b4f8a0e6580474472421e0c9d5a1281f915dd60bd4c086861a300bf7dcac2cca02a2f87108dfe25fbb338c5c90539c6238a6d54b39a23d62395902ad6dfec958df9470ecd4c666c9c82f7511f33dacfb1c8dbb4147e5f093b7393fcbaa5ee2193eedbdcb792af179b9ced3cde6fc82f423fc954cb0ceba99a0b964a0db577e5563472a33ac91a72026fec36ef7cf92c05922489278359320fc4c54c50f42490fb6d504d7c99b3ecfd00822dcf7977dcf89e01501714ee650be849953c7f3a50d1cfe128e5328c56a4e8bb7d8fbfe29fc42d12caceb5a4785ef5a9110346f1659ad255070b1b4de1c69061206a8eaec0ca277b45713f0a85f3dda59e243e50baef07999fd79b2f2a187c045690dae2c415a36b963206346d7166cc7728ae20f8e454caefc702b378b62c814a655a719b6318e0d9d0cb8da48ce69650d8a19f6a38dba39080f9d2e457907eb79c654b4d13cedaf3c24fc2ac6d99d4ca5e9be1283a02d5057343e38b8859a4b3f6f58a54a64b3982ab4c6c3cdf493289450ef9da7ee0276d0217436fa080a95c1ace9105003a024301f370a9f325d97ca7d67fb5897e68e5acd7e0471f433465ac8b8cdf4a44519c36cc71ffa82430a21a3d3f10bed35a4018363385414fc06aa29d8132dc9d06dd9855dfb700cca3d89dbbd3b0ed983a978aab503740b72b65a321e2ea597a834f75715165fc8e5a8880239fba9153606430940bbdd6482f27f8ecdfa1c39cb5c50bf55bc9f78685e10804ceecc467d9cc4f1c095a8bdecadaa6aae06e3cba2c7d01def6a37f9fcabbf01af28a4775325ab4e7729b456df57544dd36ce7d23a9f4cf6b3c5cf2de6b8de2395b879d9ddd4073099335ee8ba57125711dda3d176292527cab452f8919217eb9c12a7fd6d34910aa7168ef170efc8f7fd51d65eb35db0725ee660531ab7f3c06641fff4848d08f675f0c2ceb77f9b081a5307d65337d630be01cbab23fee0a9bac1fce2520082fe5e30c9b95600e12e36d82508828254d03e0ce90d899ce201983d8674e4041a7b2c7e226ed03935597e8d9431121611ae3dd60fc05037c5ac8b1de58a9c700e9285d4e667fbc2a01f700975893a477781ffa16a61fdd6ca6333cb070a5c49af8984cffb2b30414a1eba39219d732a781f394674f35f0cd2198107b4192c238994fbfbd33e0c0354a9fdabcb2c3bba39abe6d6678eb0c19b4949825d616c28190fe9655d9f735fc68c4fe702a09340f46a776059bba02ce204569012e0807299506f56171b0d47e7cef54254360afa3149d4ffe4e8668e79e2ee90ef8087cb6d5da0a45f683e848e5875477eeda3b0a1f5113cca500b6d59591a9df32536aa7c0479668765e6536e495f0536b07a8cc559c22c255ce1fa61d0cbdeb6378f52b3d9072814e3a35b49db11f831369914134175cbb08006aaa6ad44d7157acf7cd39fb2bfda3306bb008e6a8fc22a946fecc5a2806739721d7674108be6bb2d3bcaeaba53c66678a7f092865184d77825cf0d84f4ccc558ca2d0749c902b536ebc53d22bd51f7b9a94ee048269f5c5e137a9eab5bc4b8e694058e95a6c0f1227eb38a57c43aea813050693365bc18bdcce77ebc88edb5ed93e0037b1c2d804d5842c500202e46695a97800b4a5bc5b8509088caa74013b6cc4986e799c9b75ba638a8738956c44fcacc5d4fd6631a2fd4b211236fc246210cb81400ff214cb1aaf14b38702584b71db47b26ce7f795e6bd246c8cc5f28f80e4f0a6c06f2a3e50b877c70412da64cbae25f32922d69853fd502bf678b3faba71bb01d11fcc5b3a20a9942488a77ff91a2b0f05cad68b295bd81917e5b0e31f754bb505762242b276e4af67c49bd3a533bad4c4584793d820c08e7a36140035aa998c01cc678eb82a0eb8ba763acfe9e139b84ddfa24cb5899f303227da23f7f45da0e2db13bdc5cb6007391b3b08b86b385980b3ffb389a00b32bc23638c14b9384244a7008526d466c3eb7a41e0727a29a3caca9a0aac5777c0b85137d434b741887cf6387e941f59c749de55c170b663722a2c5f56195522f7edb180795db0415dfad37df4238d4ab76710f4595e799080b139fb49db61578ab822bc5b199120b0b49bf0febf7bc319cdfd76c60dfcd345cc04cfd9e16555c6c65398424c69dd0e01222b534e29d75a71edfb9c429ff91079bff908665972bd60ca895d558eacd5ef381e4132eaa36f828d441619030b3b09717eca0e07130772bd92ba79c33f77c028d03cbf15b13310c97049b4d35bb9101436f9cfed416a74c376a47a53b58629a58b9a1aee84cb2ed65845d300db059c04"}}, @policy_type={0xa}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}]}, 0x111c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48810) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0xd, 0x0, 0x0) r7 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r8 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'tunl0\x00', r9, 0x40, 0x80, 0x8000, 0xa, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ssrr={0x89, 0x7, 0x68, [@broadcast]}]}}}}}) (async) setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000100)={r9, 0x1, 0x6, @broadcast}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) (async) socket$packet(0x11, 0x3, 0x300) 17:08:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) connect$packet(r0, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x1, 0x5, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x420001) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000080)=0x9, 0x8) 17:08:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xffffffef, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 923.235547][T25373] FAULT_INJECTION: forcing a failure. [ 923.235547][T25373] name failslab, interval 1, probability 0, space 0, times 0 [ 923.248512][T25373] CPU: 0 PID: 25373 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 923.260122][T25373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 923.270156][T25373] Call Trace: [ 923.273425][T25373] dump_stack+0x1d8/0x241 [ 923.277726][T25373] ? panic+0x73e/0x73e [ 923.281765][T25373] ? idr_alloc_cyclic+0x36e/0x5e0 [ 923.286767][T25373] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 923.292548][T25373] ? selinux_path_notify+0x6c0/0x6c0 [ 923.297805][T25373] should_fail+0x709/0x870 [ 923.302194][T25373] ? setup_fault_attr+0x3d0/0x3d0 [ 923.307189][T25373] ? security_kernfs_init_security+0x9a/0xb0 [ 923.313137][T25373] ? __kernfs_new_node+0xdb/0x6d0 [ 923.318130][T25373] should_failslab+0x5/0x20 [ 923.322606][T25373] kmem_cache_alloc+0x24/0x210 [ 923.327352][T25373] __kernfs_new_node+0xdb/0x6d0 [ 923.332186][T25373] ? kernfs_new_node+0x160/0x160 [ 923.337096][T25373] ? kernfs_activate+0x3fc/0x420 [ 923.342004][T25373] ? mutex_unlock+0x19/0x40 [ 923.346478][T25373] ? kernfs_add_one+0x4a3/0x5c0 [ 923.351299][T25373] kernfs_create_dir_ns+0x90/0x220 [ 923.356381][T25373] internal_create_group+0x29d/0xf50 [ 923.361638][T25373] ? sysfs_create_group+0x20/0x20 [ 923.366632][T25373] ? device_create_file+0xe8/0x1b0 [ 923.371712][T25373] ? bus_add_device+0x92/0x3f0 [ 923.376449][T25373] dpm_sysfs_add+0x59/0x260 [ 923.380927][T25373] device_add+0x547/0xbc0 [ 923.385227][T25373] device_create_vargs+0x1b8/0x210 [ 923.390310][T25373] device_create+0xea/0x130 [ 923.394784][T25373] ? device_create_vargs+0x210/0x210 [ 923.400042][T25373] bdi_register_va+0x89/0x5e0 [ 923.404690][T25373] bdi_register+0xd1/0x120 [ 923.409078][T25373] ? __device_add_disk+0x539/0x1200 [ 923.414247][T25373] ? bdi_register_va+0x5e0/0x5e0 [ 923.419157][T25373] ? percpu_ref_resurrect+0x113/0x190 [ 923.424499][T25373] bdi_register_owner+0x56/0xf0 [ 923.429322][T25373] __device_add_disk+0x5b8/0x1200 [ 923.434320][T25373] ? device_add_disk+0x30/0x30 [ 923.439316][T25373] ? vsprintf+0x30/0x30 [ 923.443443][T25373] ? device_initialize+0x1c7/0x3d0 [ 923.448535][T25373] ? __alloc_disk_node+0x326/0x380 [ 923.453618][T25373] loop_add+0x554/0x710 [ 923.457747][T25373] loop_control_ioctl+0x564/0x740 [ 923.462742][T25373] ? loop_remove+0xa0/0xa0 [ 923.467128][T25373] ? __lru_cache_add+0x1bf/0x210 [ 923.472035][T25373] ? memset+0x1f/0x40 [ 923.476334][T25373] ? fsnotify+0x1332/0x13f0 [ 923.480811][T25373] ? loop_remove+0xa0/0xa0 [ 923.485206][T25373] do_vfs_ioctl+0x744/0x1730 [ 923.489767][T25373] ? selinux_file_ioctl+0x723/0x970 [ 923.494933][T25373] ? ioctl_preallocate+0x250/0x250 [ 923.500018][T25373] ? __fget+0x40c/0x4a0 [ 923.504145][T25373] ? fget_many+0x20/0x20 [ 923.508358][T25373] ? check_preemption_disabled+0x154/0x330 [ 923.514134][T25373] ? debug_smp_processor_id+0x20/0x20 [ 923.519476][T25373] ? security_file_ioctl+0x9d/0xb0 [ 923.524560][T25373] __x64_sys_ioctl+0xd4/0x110 [ 923.529212][T25373] do_syscall_64+0xcb/0x1c0 [ 923.533689][T25373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 923.540547][T25373] ------------[ cut here ]------------ [ 923.546008][T25373] WARNING: CPU: 0 PID: 25373 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 923.555084][T25373] Modules linked in: [ 923.558964][T25373] CPU: 0 PID: 25373 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 923.570598][T25373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 923.580638][T25373] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 923.586415][T25373] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 923.606075][T25373] RSP: 0018:ffff8881cdd57a00 EFLAGS: 00010246 [ 923.612112][T25373] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 923.620056][T25373] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 923.627997][T25373] RBP: ffff8881cdd57b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 923.635941][T25373] R10: ffffffff84800000 R11: 1ffff11039baae00 R12: ffff8881f3aeb000 [ 923.643883][T25373] R13: dffffc0000000000 R14: ffff8881f3aeb070 R15: 1ffff1103e75d69d [ 923.651835][T25373] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 923.660736][T25373] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 923.667378][T25373] CR2: 00007f98da1e4ff8 CR3: 00000001ea8ba000 CR4: 00000000003406f0 [ 923.675323][T25373] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 923.683279][T25373] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 923.691230][T25373] Call Trace: [ 923.694504][T25373] ? device_add_disk+0x30/0x30 [ 923.699243][T25373] ? vsprintf+0x30/0x30 [ 923.703372][T25373] ? device_initialize+0x1c7/0x3d0 [ 923.708454][T25373] ? __alloc_disk_node+0x326/0x380 [ 923.713536][T25373] loop_add+0x554/0x710 [ 923.717674][T25373] loop_control_ioctl+0x564/0x740 [ 923.722669][T25373] ? loop_remove+0xa0/0xa0 [ 923.727054][T25373] ? __lru_cache_add+0x1bf/0x210 [ 923.731962][T25373] ? memset+0x1f/0x40 [ 923.735915][T25373] ? fsnotify+0x1332/0x13f0 [ 923.740386][T25373] ? loop_remove+0xa0/0xa0 [ 923.744778][T25373] do_vfs_ioctl+0x744/0x1730 [ 923.749344][T25373] ? selinux_file_ioctl+0x723/0x970 [ 923.754515][T25373] ? ioctl_preallocate+0x250/0x250 [ 923.759595][T25373] ? __fget+0x40c/0x4a0 [ 923.763720][T25373] ? fget_many+0x20/0x20 [ 923.767932][T25373] ? check_preemption_disabled+0x154/0x330 [ 923.773713][T25373] ? debug_smp_processor_id+0x20/0x20 [ 923.779059][T25373] ? security_file_ioctl+0x9d/0xb0 17:08:22 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 58) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:22 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x40000000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:22 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x281) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000, 0x6, 0x0, 0x1, 0x13, 0xebbffe76887d529e, "45c8e40eabe66d90ae004d752efab286df790c944399782a967e5fe928d0779b41b5c123a431ecdbf925cb234c45f2d2fbd87239a45d2ff55773f720ba80f613", "838be87fa4f4df70248dc5aabda815316f56cf8de6abfdd1d07de273900976c28c3e1c63debe618f296cbaf74ca1e56c8a9120f28c84dd0c80d8907f56100c7a", "7be1f92bd5711d21fbef8cb7842d0bedb2d8546039919a2cd9f64d274537ef01", [0x4, 0x4]}) 17:08:22 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x56) r2 = socket$packet(0x11, 0x3, 0x300) connect$packet(r2, &(0x7f00000000c0)={0x11, 0x1a, 0x0, 0x1, 0x88, 0x6, @link_local}, 0x14) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = getuid() sendmsg$nl_xfrm(r3, &(0x7f0000001500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000014c0)={&(0x7f0000000380)=@polexpire={0x111c, 0x1b, 0x10, 0x70bd28, 0x21, {{{@in=@loopback, @in6=@local, 0x4e21, 0x0, 0x4e23, 0xfffb, 0x2, 0xa0, 0x2dba9cfd060a7318, 0x2f, r4, r5}, {0x8, 0x200, 0xf780000000, 0x6, 0x1, 0x100, 0x9, 0x9}, {0x5, 0x8, 0x7, 0x1ff}, 0x8, 0x6e6bbd, 0x0, 0x1, 0x2}, 0x40}, [@algo_crypt={0x1048, 0x2, {{'pcbc(fcrypt-generic)\x00'}, 0x8000, "65722d8e8c5d0739378dfc0bb07dbcd67ac654401349ef887e8f7f20b988c32230a06c7eb78ea2cf1a851b0d4556fc9bd1d4c1386327aa18238a8e4ec326517b3c3a1d0b14b2f073e8bf9aee50caabbd1631f9fb154e82dde9357e3fcd9d84925ee4c95c802f42ba3965a815387787dbc5f21e925420d31af7ca02e40edb12916038bfffa2696454ec169663ba9e3ea4e2220a904d6a97f200659af28cec3d2805e750ea17c73f1a2c7d16a4b1492f9a68f31f0352f74a83ed81b5a498a66ed585c7ed44a401c800c90e92276276de53ac1a35eb56ef30501d260fdf1cbe83501429d6d4f1c983f8776282fc77c04ddf2b8d1cc96a7d6cafa7592955d75a435864edf68a117deb35d562905fb79082077d4152a02eaba4c6c23e1dd3c883b14d63262052e5e4d09bfd281e6ff85ac3e8e3385110133d0b0b170cdd6740fa7872fbcd0908a486cec7759e082193ee7c87fdcca5c1ce00021669835a79ae1db1525784236a119265db990edf7fbdfb6e233b8bd8730104c069dc7c390ffe0a51edae87f90e84da8227d3268bba5f53b153e4eda9aa6c0485ebf60a8ca9603baeef90547b778a791954bb522142beb04bf6a3ee14e5dd360b37684c79b4f99d939189c4f067b1a33de8c078fd7008c5cdbf7bc9742c40655f04fd5decfbbd93c13a016c7ae71b9c19a75103e0b047ccf779e03a7515bf39ead839ec43d61e544074fb9ef7fb70427f01d63304c673c841b47600c139d79262e6ba3dd4b8f63df7f0b628ba26c428b33cde24ec12d267e69560203166dcd11a930f593a09ddae862c32588334c6f7a102b16d327810bd8d1624683aaa4b0fffcd3becb23a019a1be2fa2b5b311ed63939a3668f0bf66af32c19acc437b4011ae46b192f9908811e9fc3a80a8f01a3d3daeef8897e66faa622c170c05d362ef2a5b261744ee0b1cfed8e01f8be5c5c786eaa91f8dd730bf9c521894f91c50d5703893991eee04242a9da6c4a94141ff1459c1162b12b81785983a757458885bd34b2c35d0b4c1b562df73ac81695a5b94b1b93c0a699fc37a35d0bfdc851b38e190decf66c9d85f5fd6031258ddcff5417554f90f4204eeea9671ba249f3bac56c828bd89c6ce19dc67c6344653aa0922cf44c64362ed591a30beb131016f578d162ee0409d155b7fabe37f5222f5fc991f59255b1c92b8db2ba4f22edb133a7485cdac20ad25315f2031bf24c283744d52fcc4b69cb83a198234dcb89ddc39cfb78c039578fa8b857523afea91c859d170c8a8827f4cb6902d715b81ecc0cafebe6cc5fc978de6da1efcb7865e304f66844ba83073d5d39ccba33c3c7be5e72e1f1050aa6fa245e514944f461232be9f01269b84fea4e667e34b2e04c99d489cec1d52160bc7d6e27e17db6db1f0aad905b3e7dbd5efd6f3b1ba1e4351b1b90b056a83d21e148ecc8f8d98388426b074a6c2e2eb41de87b98eb741602c4e836bc63cf038a91b4df786d578353ed30a386e580fce06139a0188ff09085ca9aa48f89e14722caef0f931085d32fac2f9dcad4439f4cd5c9ce9835344cb55c1937027d396974050a9f8951b14a922f31357d7c60a035d213088cf3c454c9de8a1dfe12038442a7c27458c1dd7390b191ff7b2065d20bbf753d187884a0db7a3618ac70469366d67af89c5b5a497f166d0f60581944708606f5920a2a75c474e2d23154f7f484a2583f33f71565e19ef798164881100111ee5178fe0e7ca8623e0f55094102c0d008ee29263f42e1f06caf77c64a54875b62a03097a1daed0912b05ff2cf8d5e6f2debfd3d135f419194893b414e85b12ddb0d0d51486a4995996f9183fd1c0ef76091560536092b22b52dd2cec5812f0c0a0e6320c49d0bd9ab655549438b49fcb76798525706262a84e5bf234a87e11f01936d9f0d4e25e23b49aab6cab03cd1cac62fca5ac228b4b0308d510e2d89c2f4b307a4f3fb3e4df59eb70954fc0d176fda84ef382a8f6971b6124b773ab21738667f44d4ee89852a63626a246ea4607770fc4f6da7d03a44c80e3ec6f85c91642db2eb7d48fbb2bdb66b3b1a2317c49cf8f8adfc779efbb8b701fe9f60c00844f16380c39f42a43bf311d681d9a0a9c946a3b2fdb8982dff561cdf9269f68c3a0bc53edf5d0fee9f5795442614cd66c90490fb0f06bef1ff7af41976d7cabca8faa63000db1e9f04767b414bf57fd68c2c575245a98e747f8981fa3c4d065d5ddec609e582a200ab83efa8ef253eac7a31efe0d7a0bc16863cc093c700ea466bf38239378d2241bb343c67606c69290bca8b4722969090ea85b5d9e47ecd244d63b2a4e15c8611ea6d945d5599be3da26d205e2847e86ef07c843806355d46b787697580bdf4290e0040f3939a04a227cb760517049bb923f437a50971436d2f0fa5309c2204e971474647a83afe6631ed7f64360f772ce73b32cbdc50f52acc28ebbc02c6562819b7ca0582e207837d9cb341f45351d4a4b71376a98d9816e6e1be2852d833cf45acc76272f8407185d66620885e737dfd00afae88969ad35b5b0eba71d37aa0c331ceec0efb7923fcdbf2bb95e27916381abefc524c066e27042a66cfee0ccd84d493c3fcfd1d0f4b8705054bc7720faf22493afc7781a14cabc890bac4a9cec6e62f9021266f183268309699781eb6cbf6758aed11994537191bd3b26c2c29ff7b09b3f5f3762eb5a368e8ae0c7e3b3ebc3c59df84a5c84b058ee5fb342093d446c5c7c34f3115ae50dac17ba6e8790fce238a7b74ba0635946b84533ce6d702cdaa025545420e345eda00f2c5d6b41aff99547431fdf21a3892725f745c6dcb9f4586c8e9676504511824e69230c7df2b03423f35f940e9fde087307ed87b38072138e44dee0f86e2312bd02212789753eb8d5bcf8aa49e37c2e36884113133693bcad29f5a37cc54090b320fcf3358c52f6e4ccf04bd155f5cb55bd887b40949f140d5f2f6cfb5cbb7271f671b0c23a0b3252df389581b11c5e5625bb5126645676f4ecade4aa6dca6d89778b6a948bbffa567ebe21812d8993071b718232c4638c1806ce826718f6c617d40e0abb381764500fc51d30d7cad4e6b510d29bf2e652c7f1d301ffa3be56585b84aa7cf95da8dc8ad969c09308a124e9ee8a3ad4b3683f6e59ec5d0c1db8d1be4cdd05db8a68f8123699071e603bb5c78d6c122af5ceeed336f9f603b97baba48e34ce94fd74cbb262f1fed6ec698e1dbbb3ec71f1f96dc44d8200c6002f78bcb37fc6f6fac2aa928bb1d1f2c13cd4ed40c84bfdd9b93c85936bc921d9bf8f3e0b1f96d6535171bc8ca275fb8110bd18938e8eb23cbb2505452815ac8a05108acad2b6b1dc09acd6e08ddb173f30a00523661b8ea03261e6d640e2f82314e44d6d8b21216f4f006e99e39a5b49718ac11197adb17a70ea1e10edff305942f12eace513eea428a0e87db0f2b9cf63b4f8a0e6580474472421e0c9d5a1281f915dd60bd4c086861a300bf7dcac2cca02a2f87108dfe25fbb338c5c90539c6238a6d54b39a23d62395902ad6dfec958df9470ecd4c666c9c82f7511f33dacfb1c8dbb4147e5f093b7393fcbaa5ee2193eedbdcb792af179b9ced3cde6fc82f423fc954cb0ceba99a0b964a0db577e5563472a33ac91a72026fec36ef7cf92c05922489278359320fc4c54c50f42490fb6d504d7c99b3ecfd00822dcf7977dcf89e01501714ee650be849953c7f3a50d1cfe128e5328c56a4e8bb7d8fbfe29fc42d12caceb5a4785ef5a9110346f1659ad255070b1b4de1c69061206a8eaec0ca277b45713f0a85f3dda59e243e50baef07999fd79b2f2a187c045690dae2c415a36b963206346d7166cc7728ae20f8e454caefc702b378b62c814a655a719b6318e0d9d0cb8da48ce69650d8a19f6a38dba39080f9d2e457907eb79c654b4d13cedaf3c24fc2ac6d99d4ca5e9be1283a02d5057343e38b8859a4b3f6f58a54a64b3982ab4c6c3cdf493289450ef9da7ee0276d0217436fa080a95c1ace9105003a024301f370a9f325d97ca7d67fb5897e68e5acd7e0471f433465ac8b8cdf4a44519c36cc71ffa82430a21a3d3f10bed35a4018363385414fc06aa29d8132dc9d06dd9855dfb700cca3d89dbbd3b0ed983a978aab503740b72b65a321e2ea597a834f75715165fc8e5a8880239fba9153606430940bbdd6482f27f8ecdfa1c39cb5c50bf55bc9f78685e10804ceecc467d9cc4f1c095a8bdecadaa6aae06e3cba2c7d01def6a37f9fcabbf01af28a4775325ab4e7729b456df57544dd36ce7d23a9f4cf6b3c5cf2de6b8de2395b879d9ddd4073099335ee8ba57125711dda3d176292527cab452f8919217eb9c12a7fd6d34910aa7168ef170efc8f7fd51d65eb35db0725ee660531ab7f3c06641fff4848d08f675f0c2ceb77f9b081a5307d65337d630be01cbab23fee0a9bac1fce2520082fe5e30c9b95600e12e36d82508828254d03e0ce90d899ce201983d8674e4041a7b2c7e226ed03935597e8d9431121611ae3dd60fc05037c5ac8b1de58a9c700e9285d4e667fbc2a01f700975893a477781ffa16a61fdd6ca6333cb070a5c49af8984cffb2b30414a1eba39219d732a781f394674f35f0cd2198107b4192c238994fbfbd33e0c0354a9fdabcb2c3bba39abe6d6678eb0c19b4949825d616c28190fe9655d9f735fc68c4fe702a09340f46a776059bba02ce204569012e0807299506f56171b0d47e7cef54254360afa3149d4ffe4e8668e79e2ee90ef8087cb6d5da0a45f683e848e5875477eeda3b0a1f5113cca500b6d59591a9df32536aa7c0479668765e6536e495f0536b07a8cc559c22c255ce1fa61d0cbdeb6378f52b3d9072814e3a35b49db11f831369914134175cbb08006aaa6ad44d7157acf7cd39fb2bfda3306bb008e6a8fc22a946fecc5a2806739721d7674108be6bb2d3bcaeaba53c66678a7f092865184d77825cf0d84f4ccc558ca2d0749c902b536ebc53d22bd51f7b9a94ee048269f5c5e137a9eab5bc4b8e694058e95a6c0f1227eb38a57c43aea813050693365bc18bdcce77ebc88edb5ed93e0037b1c2d804d5842c500202e46695a97800b4a5bc5b8509088caa74013b6cc4986e799c9b75ba638a8738956c44fcacc5d4fd6631a2fd4b211236fc246210cb81400ff214cb1aaf14b38702584b71db47b26ce7f795e6bd246c8cc5f28f80e4f0a6c06f2a3e50b877c70412da64cbae25f32922d69853fd502bf678b3faba71bb01d11fcc5b3a20a9942488a77ff91a2b0f05cad68b295bd81917e5b0e31f754bb505762242b276e4af67c49bd3a533bad4c4584793d820c08e7a36140035aa998c01cc678eb82a0eb8ba763acfe9e139b84ddfa24cb5899f303227da23f7f45da0e2db13bdc5cb6007391b3b08b86b385980b3ffb389a00b32bc23638c14b9384244a7008526d466c3eb7a41e0727a29a3caca9a0aac5777c0b85137d434b741887cf6387e941f59c749de55c170b663722a2c5f56195522f7edb180795db0415dfad37df4238d4ab76710f4595e799080b139fb49db61578ab822bc5b199120b0b49bf0febf7bc319cdfd76c60dfcd345cc04cfd9e16555c6c65398424c69dd0e01222b534e29d75a71edfb9c429ff91079bff908665972bd60ca895d558eacd5ef381e4132eaa36f828d441619030b3b09717eca0e07130772bd92ba79c33f77c028d03cbf15b13310c97049b4d35bb9101436f9cfed416a74c376a47a53b58629a58b9a1aee84cb2ed65845d300db059c04"}}, @policy_type={0xa}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}]}, 0x111c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48810) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0xd, 0x0, 0x0) r7 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r8 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'tunl0\x00', r9, 0x40, 0x80, 0x8000, 0xa, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ssrr={0x89, 0x7, 0x68, [@broadcast]}]}}}}}) setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000100)={r9, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x56) (async) socket$packet(0x11, 0x3, 0x300) (async) connect$packet(r2, &(0x7f00000000c0)={0x11, 0x1a, 0x0, 0x1, 0x88, 0x6, @link_local}, 0x14) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r1, 0x58, &(0x7f00000002c0)}, 0x10) (async) getuid() (async) sendmsg$nl_xfrm(r3, &(0x7f0000001500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000014c0)={&(0x7f0000000380)=@polexpire={0x111c, 0x1b, 0x10, 0x70bd28, 0x21, {{{@in=@loopback, @in6=@local, 0x4e21, 0x0, 0x4e23, 0xfffb, 0x2, 0xa0, 0x2dba9cfd060a7318, 0x2f, r4, r5}, {0x8, 0x200, 0xf780000000, 0x6, 0x1, 0x100, 0x9, 0x9}, {0x5, 0x8, 0x7, 0x1ff}, 0x8, 0x6e6bbd, 0x0, 0x1, 0x2}, 0x40}, [@algo_crypt={0x1048, 0x2, {{'pcbc(fcrypt-generic)\x00'}, 0x8000, "65722d8e8c5d0739378dfc0bb07dbcd67ac654401349ef887e8f7f20b988c32230a06c7eb78ea2cf1a851b0d4556fc9bd1d4c1386327aa18238a8e4ec326517b3c3a1d0b14b2f073e8bf9aee50caabbd1631f9fb154e82dde9357e3fcd9d84925ee4c95c802f42ba3965a815387787dbc5f21e925420d31af7ca02e40edb12916038bfffa2696454ec169663ba9e3ea4e2220a904d6a97f200659af28cec3d2805e750ea17c73f1a2c7d16a4b1492f9a68f31f0352f74a83ed81b5a498a66ed585c7ed44a401c800c90e92276276de53ac1a35eb56ef30501d260fdf1cbe83501429d6d4f1c983f8776282fc77c04ddf2b8d1cc96a7d6cafa7592955d75a435864edf68a117deb35d562905fb79082077d4152a02eaba4c6c23e1dd3c883b14d63262052e5e4d09bfd281e6ff85ac3e8e3385110133d0b0b170cdd6740fa7872fbcd0908a486cec7759e082193ee7c87fdcca5c1ce00021669835a79ae1db1525784236a119265db990edf7fbdfb6e233b8bd8730104c069dc7c390ffe0a51edae87f90e84da8227d3268bba5f53b153e4eda9aa6c0485ebf60a8ca9603baeef90547b778a791954bb522142beb04bf6a3ee14e5dd360b37684c79b4f99d939189c4f067b1a33de8c078fd7008c5cdbf7bc9742c40655f04fd5decfbbd93c13a016c7ae71b9c19a75103e0b047ccf779e03a7515bf39ead839ec43d61e544074fb9ef7fb70427f01d63304c673c841b47600c139d79262e6ba3dd4b8f63df7f0b628ba26c428b33cde24ec12d267e69560203166dcd11a930f593a09ddae862c32588334c6f7a102b16d327810bd8d1624683aaa4b0fffcd3becb23a019a1be2fa2b5b311ed63939a3668f0bf66af32c19acc437b4011ae46b192f9908811e9fc3a80a8f01a3d3daeef8897e66faa622c170c05d362ef2a5b261744ee0b1cfed8e01f8be5c5c786eaa91f8dd730bf9c521894f91c50d5703893991eee04242a9da6c4a94141ff1459c1162b12b81785983a757458885bd34b2c35d0b4c1b562df73ac81695a5b94b1b93c0a699fc37a35d0bfdc851b38e190decf66c9d85f5fd6031258ddcff5417554f90f4204eeea9671ba249f3bac56c828bd89c6ce19dc67c6344653aa0922cf44c64362ed591a30beb131016f578d162ee0409d155b7fabe37f5222f5fc991f59255b1c92b8db2ba4f22edb133a7485cdac20ad25315f2031bf24c283744d52fcc4b69cb83a198234dcb89ddc39cfb78c039578fa8b857523afea91c859d170c8a8827f4cb6902d715b81ecc0cafebe6cc5fc978de6da1efcb7865e304f66844ba83073d5d39ccba33c3c7be5e72e1f1050aa6fa245e514944f461232be9f01269b84fea4e667e34b2e04c99d489cec1d52160bc7d6e27e17db6db1f0aad905b3e7dbd5efd6f3b1ba1e4351b1b90b056a83d21e148ecc8f8d98388426b074a6c2e2eb41de87b98eb741602c4e836bc63cf038a91b4df786d578353ed30a386e580fce06139a0188ff09085ca9aa48f89e14722caef0f931085d32fac2f9dcad4439f4cd5c9ce9835344cb55c1937027d396974050a9f8951b14a922f31357d7c60a035d213088cf3c454c9de8a1dfe12038442a7c27458c1dd7390b191ff7b2065d20bbf753d187884a0db7a3618ac70469366d67af89c5b5a497f166d0f60581944708606f5920a2a75c474e2d23154f7f484a2583f33f71565e19ef798164881100111ee5178fe0e7ca8623e0f55094102c0d008ee29263f42e1f06caf77c64a54875b62a03097a1daed0912b05ff2cf8d5e6f2debfd3d135f419194893b414e85b12ddb0d0d51486a4995996f9183fd1c0ef76091560536092b22b52dd2cec5812f0c0a0e6320c49d0bd9ab655549438b49fcb76798525706262a84e5bf234a87e11f01936d9f0d4e25e23b49aab6cab03cd1cac62fca5ac228b4b0308d510e2d89c2f4b307a4f3fb3e4df59eb70954fc0d176fda84ef382a8f6971b6124b773ab21738667f44d4ee89852a63626a246ea4607770fc4f6da7d03a44c80e3ec6f85c91642db2eb7d48fbb2bdb66b3b1a2317c49cf8f8adfc779efbb8b701fe9f60c00844f16380c39f42a43bf311d681d9a0a9c946a3b2fdb8982dff561cdf9269f68c3a0bc53edf5d0fee9f5795442614cd66c90490fb0f06bef1ff7af41976d7cabca8faa63000db1e9f04767b414bf57fd68c2c575245a98e747f8981fa3c4d065d5ddec609e582a200ab83efa8ef253eac7a31efe0d7a0bc16863cc093c700ea466bf38239378d2241bb343c67606c69290bca8b4722969090ea85b5d9e47ecd244d63b2a4e15c8611ea6d945d5599be3da26d205e2847e86ef07c843806355d46b787697580bdf4290e0040f3939a04a227cb760517049bb923f437a50971436d2f0fa5309c2204e971474647a83afe6631ed7f64360f772ce73b32cbdc50f52acc28ebbc02c6562819b7ca0582e207837d9cb341f45351d4a4b71376a98d9816e6e1be2852d833cf45acc76272f8407185d66620885e737dfd00afae88969ad35b5b0eba71d37aa0c331ceec0efb7923fcdbf2bb95e27916381abefc524c066e27042a66cfee0ccd84d493c3fcfd1d0f4b8705054bc7720faf22493afc7781a14cabc890bac4a9cec6e62f9021266f183268309699781eb6cbf6758aed11994537191bd3b26c2c29ff7b09b3f5f3762eb5a368e8ae0c7e3b3ebc3c59df84a5c84b058ee5fb342093d446c5c7c34f3115ae50dac17ba6e8790fce238a7b74ba0635946b84533ce6d702cdaa025545420e345eda00f2c5d6b41aff99547431fdf21a3892725f745c6dcb9f4586c8e9676504511824e69230c7df2b03423f35f940e9fde087307ed87b38072138e44dee0f86e2312bd02212789753eb8d5bcf8aa49e37c2e36884113133693bcad29f5a37cc54090b320fcf3358c52f6e4ccf04bd155f5cb55bd887b40949f140d5f2f6cfb5cbb7271f671b0c23a0b3252df389581b11c5e5625bb5126645676f4ecade4aa6dca6d89778b6a948bbffa567ebe21812d8993071b718232c4638c1806ce826718f6c617d40e0abb381764500fc51d30d7cad4e6b510d29bf2e652c7f1d301ffa3be56585b84aa7cf95da8dc8ad969c09308a124e9ee8a3ad4b3683f6e59ec5d0c1db8d1be4cdd05db8a68f8123699071e603bb5c78d6c122af5ceeed336f9f603b97baba48e34ce94fd74cbb262f1fed6ec698e1dbbb3ec71f1f96dc44d8200c6002f78bcb37fc6f6fac2aa928bb1d1f2c13cd4ed40c84bfdd9b93c85936bc921d9bf8f3e0b1f96d6535171bc8ca275fb8110bd18938e8eb23cbb2505452815ac8a05108acad2b6b1dc09acd6e08ddb173f30a00523661b8ea03261e6d640e2f82314e44d6d8b21216f4f006e99e39a5b49718ac11197adb17a70ea1e10edff305942f12eace513eea428a0e87db0f2b9cf63b4f8a0e6580474472421e0c9d5a1281f915dd60bd4c086861a300bf7dcac2cca02a2f87108dfe25fbb338c5c90539c6238a6d54b39a23d62395902ad6dfec958df9470ecd4c666c9c82f7511f33dacfb1c8dbb4147e5f093b7393fcbaa5ee2193eedbdcb792af179b9ced3cde6fc82f423fc954cb0ceba99a0b964a0db577e5563472a33ac91a72026fec36ef7cf92c05922489278359320fc4c54c50f42490fb6d504d7c99b3ecfd00822dcf7977dcf89e01501714ee650be849953c7f3a50d1cfe128e5328c56a4e8bb7d8fbfe29fc42d12caceb5a4785ef5a9110346f1659ad255070b1b4de1c69061206a8eaec0ca277b45713f0a85f3dda59e243e50baef07999fd79b2f2a187c045690dae2c415a36b963206346d7166cc7728ae20f8e454caefc702b378b62c814a655a719b6318e0d9d0cb8da48ce69650d8a19f6a38dba39080f9d2e457907eb79c654b4d13cedaf3c24fc2ac6d99d4ca5e9be1283a02d5057343e38b8859a4b3f6f58a54a64b3982ab4c6c3cdf493289450ef9da7ee0276d0217436fa080a95c1ace9105003a024301f370a9f325d97ca7d67fb5897e68e5acd7e0471f433465ac8b8cdf4a44519c36cc71ffa82430a21a3d3f10bed35a4018363385414fc06aa29d8132dc9d06dd9855dfb700cca3d89dbbd3b0ed983a978aab503740b72b65a321e2ea597a834f75715165fc8e5a8880239fba9153606430940bbdd6482f27f8ecdfa1c39cb5c50bf55bc9f78685e10804ceecc467d9cc4f1c095a8bdecadaa6aae06e3cba2c7d01def6a37f9fcabbf01af28a4775325ab4e7729b456df57544dd36ce7d23a9f4cf6b3c5cf2de6b8de2395b879d9ddd4073099335ee8ba57125711dda3d176292527cab452f8919217eb9c12a7fd6d34910aa7168ef170efc8f7fd51d65eb35db0725ee660531ab7f3c06641fff4848d08f675f0c2ceb77f9b081a5307d65337d630be01cbab23fee0a9bac1fce2520082fe5e30c9b95600e12e36d82508828254d03e0ce90d899ce201983d8674e4041a7b2c7e226ed03935597e8d9431121611ae3dd60fc05037c5ac8b1de58a9c700e9285d4e667fbc2a01f700975893a477781ffa16a61fdd6ca6333cb070a5c49af8984cffb2b30414a1eba39219d732a781f394674f35f0cd2198107b4192c238994fbfbd33e0c0354a9fdabcb2c3bba39abe6d6678eb0c19b4949825d616c28190fe9655d9f735fc68c4fe702a09340f46a776059bba02ce204569012e0807299506f56171b0d47e7cef54254360afa3149d4ffe4e8668e79e2ee90ef8087cb6d5da0a45f683e848e5875477eeda3b0a1f5113cca500b6d59591a9df32536aa7c0479668765e6536e495f0536b07a8cc559c22c255ce1fa61d0cbdeb6378f52b3d9072814e3a35b49db11f831369914134175cbb08006aaa6ad44d7157acf7cd39fb2bfda3306bb008e6a8fc22a946fecc5a2806739721d7674108be6bb2d3bcaeaba53c66678a7f092865184d77825cf0d84f4ccc558ca2d0749c902b536ebc53d22bd51f7b9a94ee048269f5c5e137a9eab5bc4b8e694058e95a6c0f1227eb38a57c43aea813050693365bc18bdcce77ebc88edb5ed93e0037b1c2d804d5842c500202e46695a97800b4a5bc5b8509088caa74013b6cc4986e799c9b75ba638a8738956c44fcacc5d4fd6631a2fd4b211236fc246210cb81400ff214cb1aaf14b38702584b71db47b26ce7f795e6bd246c8cc5f28f80e4f0a6c06f2a3e50b877c70412da64cbae25f32922d69853fd502bf678b3faba71bb01d11fcc5b3a20a9942488a77ff91a2b0f05cad68b295bd81917e5b0e31f754bb505762242b276e4af67c49bd3a533bad4c4584793d820c08e7a36140035aa998c01cc678eb82a0eb8ba763acfe9e139b84ddfa24cb5899f303227da23f7f45da0e2db13bdc5cb6007391b3b08b86b385980b3ffb389a00b32bc23638c14b9384244a7008526d466c3eb7a41e0727a29a3caca9a0aac5777c0b85137d434b741887cf6387e941f59c749de55c170b663722a2c5f56195522f7edb180795db0415dfad37df4238d4ab76710f4595e799080b139fb49db61578ab822bc5b199120b0b49bf0febf7bc319cdfd76c60dfcd345cc04cfd9e16555c6c65398424c69dd0e01222b534e29d75a71edfb9c429ff91079bff908665972bd60ca895d558eacd5ef381e4132eaa36f828d441619030b3b09717eca0e07130772bd92ba79c33f77c028d03cbf15b13310c97049b4d35bb9101436f9cfed416a74c376a47a53b58629a58b9a1aee84cb2ed65845d300db059c04"}}, @policy_type={0xa}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x4}]}, 0x111c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48810) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r6, 0x107, 0xd, 0x0, 0x0) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'tunl0\x00', r9, 0x40, 0x80, 0x8000, 0xa, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ssrr={0x89, 0x7, 0x68, [@broadcast]}]}}}}}) (async) setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000100)={r9, 0x1, 0x6, @broadcast}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) (async) socket$packet(0x11, 0x3, 0x300) (async) 17:08:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xfffffff0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:22 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f00000000c0)={0x6, 0x10bb}) (async, rerun: 64) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) (rerun: 64) 17:08:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0xfffffffe, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:22 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x79220000, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:22 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x6, 0x3, 0x7f, 0xff3c, 0x0, 0x8, 0x9}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) [ 923.784141][T25373] __x64_sys_ioctl+0xd4/0x110 [ 923.788789][T25373] do_syscall_64+0xcb/0x1c0 [ 923.793266][T25373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 923.799130][T25373] ---[ end trace 03bf7d324617ae32 ]--- 17:08:22 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x9effffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:22 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @multicast1}, &(0x7f0000000180)=0xc) recvfrom$packet(r0, &(0x7f0000000080)=""/166, 0xa6, 0x32143, &(0x7f00000001c0)={0x11, 0x1b, r1, 0x1, 0x7, 0x6, @remote}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 923.845594][T25399] FAULT_INJECTION: forcing a failure. [ 923.845594][T25399] name failslab, interval 1, probability 0, space 0, times 0 [ 923.858632][T25399] CPU: 1 PID: 25399 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 923.870257][T25399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 923.880302][T25399] Call Trace: [ 923.883574][T25399] dump_stack+0x1d8/0x241 [ 923.887877][T25399] ? panic+0x73e/0x73e [ 923.891917][T25399] ? idr_alloc_cyclic+0x36e/0x5e0 [ 923.896909][T25399] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 923.902688][T25399] ? selinux_path_notify+0x6c0/0x6c0 [ 923.907943][T25399] should_fail+0x709/0x870 [ 923.912340][T25399] ? setup_fault_attr+0x3d0/0x3d0 [ 923.917337][T25399] ? security_kernfs_init_security+0x9a/0xb0 [ 923.923287][T25399] ? __kernfs_new_node+0xdb/0x6d0 [ 923.928279][T25399] should_failslab+0x5/0x20 [ 923.932782][T25399] kmem_cache_alloc+0x24/0x210 [ 923.937519][T25399] __kernfs_new_node+0xdb/0x6d0 [ 923.942341][T25399] ? kernfs_new_node+0x160/0x160 [ 923.947257][T25399] ? kernfs_activate+0x3fc/0x420 [ 923.952179][T25399] ? mutex_unlock+0x19/0x40 [ 923.956650][T25399] ? kernfs_add_one+0x4a3/0x5c0 [ 923.961471][T25399] kernfs_create_dir_ns+0x90/0x220 [ 923.966553][T25399] internal_create_group+0x29d/0xf50 [ 923.971808][T25399] ? sysfs_create_group+0x20/0x20 [ 923.976803][T25399] ? device_create_file+0xe8/0x1b0 [ 923.981882][T25399] ? bus_add_device+0x92/0x3f0 [ 923.986616][T25399] dpm_sysfs_add+0x59/0x260 [ 923.991091][T25399] device_add+0x547/0xbc0 [ 923.995397][T25399] device_create_vargs+0x1b8/0x210 [ 924.000478][T25399] device_create+0xea/0x130 [ 924.004954][T25399] ? device_create_vargs+0x210/0x210 [ 924.010213][T25399] bdi_register_va+0x89/0x5e0 [ 924.014859][T25399] bdi_register+0xd1/0x120 [ 924.019247][T25399] ? __device_add_disk+0x539/0x1200 [ 924.024419][T25399] ? bdi_register_va+0x5e0/0x5e0 [ 924.029349][T25399] ? percpu_ref_resurrect+0x113/0x190 [ 924.034782][T25399] bdi_register_owner+0x56/0xf0 [ 924.039605][T25399] __device_add_disk+0x5b8/0x1200 [ 924.044600][T25399] ? device_add_disk+0x30/0x30 [ 924.049331][T25399] ? vsprintf+0x30/0x30 [ 924.053458][T25399] ? device_initialize+0x1c7/0x3d0 [ 924.058537][T25399] ? __alloc_disk_node+0x326/0x380 [ 924.063620][T25399] loop_add+0x554/0x710 [ 924.067748][T25399] loop_control_ioctl+0x564/0x740 [ 924.072745][T25399] ? loop_remove+0xa0/0xa0 [ 924.077142][T25399] ? __lru_cache_add+0x1bf/0x210 [ 924.082055][T25399] ? memset+0x1f/0x40 [ 924.086036][T25399] ? fsnotify+0x1332/0x13f0 [ 924.090508][T25399] ? loop_remove+0xa0/0xa0 [ 924.094894][T25399] do_vfs_ioctl+0x744/0x1730 [ 924.099457][T25399] ? selinux_file_ioctl+0x723/0x970 [ 924.104624][T25399] ? ioctl_preallocate+0x250/0x250 [ 924.109708][T25399] ? __fget+0x40c/0x4a0 [ 924.113833][T25399] ? fget_many+0x20/0x20 [ 924.118046][T25399] ? check_preemption_disabled+0x154/0x330 [ 924.123821][T25399] ? debug_smp_processor_id+0x20/0x20 [ 924.129165][T25399] ? security_file_ioctl+0x9d/0xb0 [ 924.134246][T25399] __x64_sys_ioctl+0xd4/0x110 [ 924.138896][T25399] do_syscall_64+0xcb/0x1c0 [ 924.143373][T25399] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 924.151354][T25399] ------------[ cut here ]------------ [ 924.156829][T25399] WARNING: CPU: 1 PID: 25399 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 924.165911][T25399] Modules linked in: [ 924.169795][T25399] CPU: 1 PID: 25399 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 924.181394][T25399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 924.191431][T25399] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 924.197209][T25399] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 924.216784][T25399] RSP: 0018:ffff8881ef657a00 EFLAGS: 00010246 [ 924.222823][T25399] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 924.230769][T25399] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 924.238735][T25399] RBP: ffff8881ef657b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 924.246701][T25399] R10: ffffffff84800000 R11: 1ffff1103decae00 R12: ffff8881e59e2000 [ 924.254690][T25399] R13: dffffc0000000000 R14: ffff8881e59e2070 R15: 1ffff1103cb3c49d [ 924.262752][T25399] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 924.271923][T25399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 924.278481][T25399] CR2: 00007eff61fefbf0 CR3: 00000001e4c9c000 CR4: 00000000003406e0 [ 924.286434][T25399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 924.294391][T25399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 924.302445][T25399] Call Trace: [ 924.305722][T25399] ? device_add_disk+0x30/0x30 [ 924.310576][T25399] ? vsprintf+0x30/0x30 [ 924.314760][T25399] ? device_initialize+0x1c7/0x3d0 [ 924.319852][T25399] ? __alloc_disk_node+0x326/0x380 [ 924.324945][T25399] loop_add+0x554/0x710 [ 924.329083][T25399] loop_control_ioctl+0x564/0x740 [ 924.334077][T25399] ? loop_remove+0xa0/0xa0 [ 924.338470][T25399] ? __lru_cache_add+0x1bf/0x210 [ 924.343380][T25399] ? memset+0x1f/0x40 [ 924.347334][T25399] ? fsnotify+0x1332/0x13f0 [ 924.351811][T25399] ? loop_remove+0xa0/0xa0 [ 924.356201][T25399] do_vfs_ioctl+0x744/0x1730 [ 924.360764][T25399] ? selinux_file_ioctl+0x723/0x970 [ 924.365933][T25399] ? ioctl_preallocate+0x250/0x250 [ 924.371014][T25399] ? __fget+0x40c/0x4a0 [ 924.375540][T25399] ? fget_many+0x20/0x20 [ 924.379765][T25399] ? check_preemption_disabled+0x154/0x330 [ 924.385552][T25399] ? debug_smp_processor_id+0x20/0x20 [ 924.390983][T25399] ? security_file_ioctl+0x9d/0xb0 17:08:23 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 59) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x281) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000, 0x6, 0x0, 0x1, 0x13, 0xebbffe76887d529e, "45c8e40eabe66d90ae004d752efab286df790c944399782a967e5fe928d0779b41b5c123a431ecdbf925cb234c45f2d2fbd87239a45d2ff55773f720ba80f613", "838be87fa4f4df70248dc5aabda815316f56cf8de6abfdd1d07de273900976c28c3e1c63debe618f296cbaf74ca1e56c8a9120f28c84dd0c80d8907f56100c7a", "7be1f92bd5711d21fbef8cb7842d0bedb2d8546039919a2cd9f64d274537ef01", [0x4, 0x4]}) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x281) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) (async) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000, 0x6, 0x0, 0x1, 0x13, 0xebbffe76887d529e, "45c8e40eabe66d90ae004d752efab286df790c944399782a967e5fe928d0779b41b5c123a431ecdbf925cb234c45f2d2fbd87239a45d2ff55773f720ba80f613", "838be87fa4f4df70248dc5aabda815316f56cf8de6abfdd1d07de273900976c28c3e1c63debe618f296cbaf74ca1e56c8a9120f28c84dd0c80d8907f56100c7a", "7be1f92bd5711d21fbef8cb7842d0bedb2d8546039919a2cd9f64d274537ef01", [0x4, 0x4]}) (async) 17:08:23 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x6, 0x3, 0x7f, 0xff3c, 0x0, 0x8, 0x9}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xeaffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:23 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @multicast1}, &(0x7f0000000180)=0xc) recvfrom$packet(r0, &(0x7f0000000080)=""/166, 0xa6, 0x32143, &(0x7f00000001c0)={0x11, 0x1b, r1, 0x1, 0x7, 0x6, @remote}, 0x14) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (rerun: 32) 17:08:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x2}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 924.396073][T25399] __x64_sys_ioctl+0xd4/0x110 [ 924.400727][T25399] do_syscall_64+0xcb/0x1c0 [ 924.405206][T25399] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 924.411076][T25399] ---[ end trace 03bf7d324617ae33 ]--- 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xefffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x281) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) r3 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000, 0x6, 0x0, 0x1, 0x13, 0xebbffe76887d529e, "45c8e40eabe66d90ae004d752efab286df790c944399782a967e5fe928d0779b41b5c123a431ecdbf925cb234c45f2d2fbd87239a45d2ff55773f720ba80f613", "838be87fa4f4df70248dc5aabda815316f56cf8de6abfdd1d07de273900976c28c3e1c63debe618f296cbaf74ca1e56c8a9120f28c84dd0c80d8907f56100c7a", "7be1f92bd5711d21fbef8cb7842d0bedb2d8546039919a2cd9f64d274537ef01", [0x4, 0x4]}) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x281) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) (async) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000, 0x6, 0x0, 0x1, 0x13, 0xebbffe76887d529e, "45c8e40eabe66d90ae004d752efab286df790c944399782a967e5fe928d0779b41b5c123a431ecdbf925cb234c45f2d2fbd87239a45d2ff55773f720ba80f613", "838be87fa4f4df70248dc5aabda815316f56cf8de6abfdd1d07de273900976c28c3e1c63debe618f296cbaf74ca1e56c8a9120f28c84dd0c80d8907f56100c7a", "7be1f92bd5711d21fbef8cb7842d0bedb2d8546039919a2cd9f64d274537ef01", [0x4, 0x4]}) (async) 17:08:23 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x6, 0x3, 0x7f, 0xff3c, 0x0, 0x8, 0x9}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xf0ffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:23 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @multicast1}, &(0x7f0000000180)=0xc) recvfrom$packet(r0, &(0x7f0000000080)=""/166, 0xa6, 0x32143, &(0x7f00000001c0)={0x11, 0x1b, r1, 0x1, 0x7, 0x6, @remote}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @multicast1}, &(0x7f0000000180)=0xc) (async) recvfrom$packet(r0, &(0x7f0000000080)=""/166, 0xa6, 0x32143, &(0x7f00000001c0)={0x11, 0x1b, r1, 0x1, 0x7, 0x6, @remote}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) [ 924.475313][T25445] FAULT_INJECTION: forcing a failure. [ 924.475313][T25445] name failslab, interval 1, probability 0, space 0, times 0 [ 924.494888][T25445] CPU: 1 PID: 25445 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 924.506520][T25445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 924.516551][T25445] Call Trace: [ 924.519816][T25445] dump_stack+0x1d8/0x241 [ 924.524116][T25445] ? panic+0x73e/0x73e [ 924.528163][T25445] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 924.533951][T25445] ? idr_get_free+0x6a3/0x840 [ 924.538609][T25445] ? mutex_unlock+0x19/0x40 [ 924.543085][T25445] should_fail+0x709/0x870 [ 924.547476][T25445] ? setup_fault_attr+0x3d0/0x3d0 [ 924.552475][T25445] ? idr_alloc+0x2f0/0x2f0 [ 924.556877][T25445] ? __kernfs_new_node+0xdb/0x6d0 [ 924.561874][T25445] should_failslab+0x5/0x20 [ 924.566368][T25445] kmem_cache_alloc+0x24/0x210 [ 924.571116][T25445] __kernfs_new_node+0xdb/0x6d0 [ 924.575941][T25445] ? kernfs_new_node+0x160/0x160 [ 924.580869][T25445] ? mutex_lock+0xa6/0x110 [ 924.585257][T25445] ? mutex_trylock+0xa0/0xa0 [ 924.589824][T25445] ? kernfs_activate+0x3fc/0x420 [ 924.594743][T25445] kernfs_new_node+0x95/0x160 [ 924.599412][T25445] __kernfs_create_file+0x45/0x260 [ 924.604506][T25445] sysfs_add_file_mode_ns+0x292/0x340 [ 924.609864][T25445] sysfs_merge_group+0x207/0x460 [ 924.614781][T25445] ? sysfs_remove_groups+0xb0/0xb0 [ 924.619886][T25445] ? device_create_file+0xe8/0x1b0 [ 924.624971][T25445] ? bus_add_device+0x92/0x3f0 [ 924.629726][T25445] dpm_sysfs_add+0xc0/0x260 [ 924.634221][T25445] device_add+0x547/0xbc0 [ 924.638528][T25445] device_create_vargs+0x1b8/0x210 [ 924.643614][T25445] device_create+0xea/0x130 [ 924.648092][T25445] ? device_create_vargs+0x210/0x210 [ 924.653351][T25445] bdi_register_va+0x89/0x5e0 [ 924.658008][T25445] bdi_register+0xd1/0x120 [ 924.662401][T25445] ? __device_add_disk+0x539/0x1200 [ 924.667573][T25445] ? bdi_register_va+0x5e0/0x5e0 [ 924.672505][T25445] ? percpu_ref_resurrect+0x113/0x190 [ 924.677866][T25445] bdi_register_owner+0x56/0xf0 [ 924.682703][T25445] __device_add_disk+0x5b8/0x1200 [ 924.687826][T25445] ? device_add_disk+0x30/0x30 [ 924.692569][T25445] ? vsprintf+0x30/0x30 [ 924.696709][T25445] ? device_initialize+0x1c7/0x3d0 [ 924.701794][T25445] ? __alloc_disk_node+0x326/0x380 [ 924.706969][T25445] loop_add+0x554/0x710 [ 924.711100][T25445] loop_control_ioctl+0x564/0x740 [ 924.716099][T25445] ? loop_remove+0xa0/0xa0 [ 924.720500][T25445] ? __lru_cache_add+0x1bf/0x210 [ 924.725415][T25445] ? memset+0x1f/0x40 [ 924.729366][T25445] ? fsnotify+0x1332/0x13f0 [ 924.733841][T25445] ? loop_remove+0xa0/0xa0 [ 924.738233][T25445] do_vfs_ioctl+0x744/0x1730 [ 924.742795][T25445] ? selinux_file_ioctl+0x723/0x970 [ 924.747964][T25445] ? ioctl_preallocate+0x250/0x250 [ 924.753051][T25445] ? __fget+0x40c/0x4a0 [ 924.757181][T25445] ? fget_many+0x20/0x20 [ 924.761400][T25445] ? check_preemption_disabled+0x154/0x330 [ 924.767227][T25445] ? debug_smp_processor_id+0x20/0x20 17:08:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x3}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 924.772575][T25445] ? security_file_ioctl+0x9d/0xb0 [ 924.777661][T25445] __x64_sys_ioctl+0xd4/0x110 [ 924.782318][T25445] do_syscall_64+0xcb/0x1c0 [ 924.786799][T25445] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 924.795947][T25445] ------------[ cut here ]------------ [ 924.801414][T25445] WARNING: CPU: 1 PID: 25445 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 924.810495][T25445] Modules linked in: [ 924.814367][T25445] CPU: 1 PID: 25445 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 924.825954][T25445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 924.835997][T25445] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 924.841776][T25445] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 924.861358][T25445] RSP: 0018:ffff8881c4b0fa00 EFLAGS: 00010246 [ 924.867399][T25445] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 924.875343][T25445] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 924.883285][T25445] RBP: ffff8881c4b0fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 924.891226][T25445] R10: ffffffff84800000 R11: 1ffff11038961e00 R12: ffff8881cf731000 [ 924.899170][T25445] R13: dffffc0000000000 R14: ffff8881cf731070 R15: 1ffff11039ee629d [ 924.907152][T25445] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 924.916051][T25445] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 924.922604][T25445] CR2: 000055555591e728 CR3: 00000001e2754000 CR4: 00000000003406e0 [ 924.930548][T25445] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 924.938498][T25445] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 924.946459][T25445] Call Trace: [ 924.949725][T25445] ? device_add_disk+0x30/0x30 [ 924.954460][T25445] ? vsprintf+0x30/0x30 [ 924.958588][T25445] ? device_initialize+0x1c7/0x3d0 [ 924.963667][T25445] ? __alloc_disk_node+0x326/0x380 [ 924.968748][T25445] loop_add+0x554/0x710 [ 924.972876][T25445] loop_control_ioctl+0x564/0x740 [ 924.977870][T25445] ? loop_remove+0xa0/0xa0 [ 924.982262][T25445] ? __lru_cache_add+0x1bf/0x210 [ 924.987171][T25445] ? memset+0x1f/0x40 [ 924.991144][T25445] ? fsnotify+0x1332/0x13f0 [ 924.995618][T25445] ? loop_remove+0xa0/0xa0 [ 925.000010][T25445] do_vfs_ioctl+0x744/0x1730 [ 925.004576][T25445] ? selinux_file_ioctl+0x723/0x970 [ 925.009744][T25445] ? ioctl_preallocate+0x250/0x250 [ 925.014825][T25445] ? __fget+0x40c/0x4a0 [ 925.018949][T25445] ? fget_many+0x20/0x20 17:08:23 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 60) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:23 executing program 4: sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x128, 0x2, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_TUPLE={0x44, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @NFCTH_TUPLE={0x68, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @remote}}}]}, @NFCTH_STATUS={0x8}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x40, 0x2, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}]}, 0x128}, 0x1, 0x0, 0x0, 0x8084}, 0x24044040) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r1 = syz_genetlink_get_family_id$batadv(0x0, r0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r1, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20048000) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000280)=""/217, &(0x7f0000000380)=0xd9) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x8}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xfeffffff, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xffffff7f, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 925.023172][T25445] ? check_preemption_disabled+0x154/0x330 [ 925.028952][T25445] ? debug_smp_processor_id+0x20/0x20 [ 925.034302][T25445] ? security_file_ioctl+0x9d/0xb0 [ 925.039389][T25445] __x64_sys_ioctl+0xd4/0x110 [ 925.044041][T25445] do_syscall_64+0xcb/0x1c0 [ 925.048518][T25445] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 925.054379][T25445] ---[ end trace 03bf7d324617ae34 ]--- 17:08:23 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) 17:08:23 executing program 4: sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x128, 0x2, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_TUPLE={0x44, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @NFCTH_TUPLE={0x68, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @remote}}}]}, @NFCTH_STATUS={0x8}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x40, 0x2, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}]}, 0x128}, 0x1, 0x0, 0x0, 0x8084}, 0x24044040) (async, rerun: 64) r0 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) r1 = syz_genetlink_get_family_id$batadv(0x0, r0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r1, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20048000) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000280)=""/217, &(0x7f0000000380)=0xd9) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0xa}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:23 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xffffff9e, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) socket$bt_rfcomm(0x1f, 0x3, 0x3) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 925.129458][T25492] FAULT_INJECTION: forcing a failure. [ 925.129458][T25492] name failslab, interval 1, probability 0, space 0, times 0 [ 925.149044][T25492] CPU: 0 PID: 25492 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 925.160685][T25492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 925.170817][T25492] Call Trace: [ 925.174345][T25492] dump_stack+0x1d8/0x241 [ 925.178648][T25492] ? panic+0x73e/0x73e [ 925.182696][T25492] ? mutex_unlock+0x19/0x40 [ 925.187173][T25492] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 925.192953][T25492] ? selinux_kernfs_init_security+0x155/0x760 [ 925.198990][T25492] ? idr_alloc_cyclic+0x36e/0x5e0 [ 925.203986][T25492] should_fail+0x709/0x870 [ 925.208373][T25492] ? setup_fault_attr+0x3d0/0x3d0 [ 925.213366][T25492] ? _raw_spin_lock+0xa3/0x1b0 [ 925.218100][T25492] ? __kernfs_new_node+0xdb/0x6d0 [ 925.223095][T25492] should_failslab+0x5/0x20 [ 925.227612][T25492] kmem_cache_alloc+0x24/0x210 [ 925.232350][T25492] __kernfs_new_node+0xdb/0x6d0 [ 925.237259][T25492] ? mutex_lock+0xa6/0x110 [ 925.241650][T25492] ? kernfs_new_node+0x160/0x160 [ 925.246556][T25492] ? mutex_lock+0xa6/0x110 [ 925.250947][T25492] ? mutex_trylock+0xa0/0xa0 [ 925.255512][T25492] kernfs_new_node+0x95/0x160 [ 925.260165][T25492] __kernfs_create_file+0x45/0x260 [ 925.265256][T25492] sysfs_add_file_mode_ns+0x292/0x340 [ 925.270610][T25492] sysfs_merge_group+0x207/0x460 [ 925.275520][T25492] ? sysfs_remove_groups+0xb0/0xb0 [ 925.280602][T25492] ? device_create_file+0xe8/0x1b0 [ 925.285689][T25492] ? bus_add_device+0x92/0x3f0 [ 925.290424][T25492] dpm_sysfs_add+0xc0/0x260 [ 925.294898][T25492] device_add+0x547/0xbc0 [ 925.299200][T25492] device_create_vargs+0x1b8/0x210 [ 925.304283][T25492] device_create+0xea/0x130 [ 925.308759][T25492] ? device_create_vargs+0x210/0x210 [ 925.314017][T25492] bdi_register_va+0x89/0x5e0 [ 925.318665][T25492] bdi_register+0xd1/0x120 [ 925.323056][T25492] ? __device_add_disk+0x539/0x1200 [ 925.328222][T25492] ? bdi_register_va+0x5e0/0x5e0 [ 925.333132][T25492] ? percpu_ref_resurrect+0x113/0x190 [ 925.338474][T25492] bdi_register_owner+0x56/0xf0 [ 925.343297][T25492] __device_add_disk+0x5b8/0x1200 [ 925.348292][T25492] ? device_add_disk+0x30/0x30 [ 925.353028][T25492] ? vsprintf+0x30/0x30 [ 925.357309][T25492] ? device_initialize+0x1c7/0x3d0 [ 925.362394][T25492] ? __alloc_disk_node+0x326/0x380 [ 925.367478][T25492] loop_add+0x554/0x710 [ 925.372649][T25492] loop_control_ioctl+0x564/0x740 [ 925.377644][T25492] ? loop_remove+0xa0/0xa0 [ 925.382030][T25492] ? __lru_cache_add+0x1bf/0x210 [ 925.386938][T25492] ? memset+0x1f/0x40 [ 925.390890][T25492] ? fsnotify+0x1332/0x13f0 [ 925.395362][T25492] ? loop_remove+0xa0/0xa0 [ 925.399767][T25492] do_vfs_ioctl+0x744/0x1730 [ 925.404333][T25492] ? selinux_file_ioctl+0x723/0x970 [ 925.409506][T25492] ? ioctl_preallocate+0x250/0x250 [ 925.414590][T25492] ? __fget+0x40c/0x4a0 [ 925.418716][T25492] ? fget_many+0x20/0x20 [ 925.422931][T25492] ? check_preemption_disabled+0x154/0x330 [ 925.428715][T25492] ? debug_smp_processor_id+0x20/0x20 [ 925.434055][T25492] ? security_file_ioctl+0x9d/0xb0 [ 925.439135][T25492] __x64_sys_ioctl+0xd4/0x110 [ 925.443780][T25492] do_syscall_64+0xcb/0x1c0 [ 925.448261][T25492] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 925.458347][T25492] ------------[ cut here ]------------ [ 925.463827][T25492] WARNING: CPU: 0 PID: 25492 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 925.472942][T25492] Modules linked in: [ 925.476818][T25492] CPU: 0 PID: 25492 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 925.488440][T25492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 925.498481][T25492] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 925.504258][T25492] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 925.523833][T25492] RSP: 0018:ffff8881e2007a00 EFLAGS: 00010246 [ 925.529869][T25492] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 925.537830][T25492] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 925.545773][T25492] RBP: ffff8881e2007b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 925.553753][T25492] R10: ffffffff84800000 R11: 1ffff1103c400e00 R12: ffff8881e163d000 [ 925.561695][T25492] R13: dffffc0000000000 R14: ffff8881e163d070 R15: 1ffff1103c2c7a9d [ 925.569644][T25492] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 925.578548][T25492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 925.585111][T25492] CR2: 00007f98da1c4718 CR3: 00000001e35a7000 CR4: 00000000003406f0 [ 925.593073][T25492] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 925.601020][T25492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 925.608961][T25492] Call Trace: [ 925.612230][T25492] ? device_add_disk+0x30/0x30 [ 925.616962][T25492] ? vsprintf+0x30/0x30 [ 925.621089][T25492] ? device_initialize+0x1c7/0x3d0 [ 925.626168][T25492] ? __alloc_disk_node+0x326/0x380 [ 925.631250][T25492] loop_add+0x554/0x710 [ 925.635377][T25492] loop_control_ioctl+0x564/0x740 [ 925.640369][T25492] ? loop_remove+0xa0/0xa0 [ 925.644754][T25492] ? __lru_cache_add+0x1bf/0x210 [ 925.649660][T25492] ? memset+0x1f/0x40 [ 925.653610][T25492] ? fsnotify+0x1332/0x13f0 [ 925.658085][T25492] ? loop_remove+0xa0/0xa0 [ 925.662470][T25492] do_vfs_ioctl+0x744/0x1730 [ 925.667145][T25492] ? selinux_file_ioctl+0x723/0x970 [ 925.672313][T25492] ? ioctl_preallocate+0x250/0x250 [ 925.677398][T25492] ? __fget+0x40c/0x4a0 17:08:24 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 61) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:24 executing program 4: sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x128, 0x2, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_TUPLE={0x44, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @NFCTH_TUPLE={0x68, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @remote}}}]}, @NFCTH_STATUS={0x8}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x40, 0x2, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}]}, 0x128}, 0x1, 0x0, 0x0, 0x8084}, 0x24044040) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r1 = syz_genetlink_get_family_id$batadv(0x0, r0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r1, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20048000) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000280)=""/217, &(0x7f0000000380)=0xd9) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x128, 0x2, 0x9, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_TUPLE={0x44, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @NFCTH_TUPLE={0x68, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @remote}}}]}, @NFCTH_STATUS={0x8}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x40, 0x2, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}]}, 0x128}, 0x1, 0x0, 0x0, 0x8084}, 0x24044040) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) syz_genetlink_get_family_id$batadv(0x0, r0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r1, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20048000) (async) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000280)=""/217, &(0x7f0000000380)=0xd9) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:24 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) 17:08:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:24 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000040)=""/69, &(0x7f00000000c0)=0x45) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) 17:08:24 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xffffffea, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:24 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000040)=""/69, &(0x7f00000000c0)=0x45) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000040)=""/69, &(0x7f00000000c0)=0x45) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) (async) 17:08:24 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1}, 0x4) (async) [ 925.681523][T25492] ? fget_many+0x20/0x20 [ 925.685735][T25492] ? check_preemption_disabled+0x154/0x330 [ 925.691512][T25492] ? debug_smp_processor_id+0x20/0x20 [ 925.696854][T25492] ? security_file_ioctl+0x9d/0xb0 [ 925.701936][T25492] __x64_sys_ioctl+0xd4/0x110 [ 925.706586][T25492] do_syscall_64+0xcb/0x1c0 [ 925.711061][T25492] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 925.716923][T25492] ---[ end trace 03bf7d324617ae35 ]--- 17:08:24 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xffffffef, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:24 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:24 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000040)=""/69, &(0x7f00000000c0)=0x45) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) [ 925.783360][T25524] FAULT_INJECTION: forcing a failure. [ 925.783360][T25524] name failslab, interval 1, probability 0, space 0, times 0 [ 925.798862][T25524] CPU: 0 PID: 25524 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 925.810481][T25524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 925.820514][T25524] Call Trace: [ 925.823785][T25524] dump_stack+0x1d8/0x241 [ 925.828085][T25524] ? panic+0x73e/0x73e [ 925.832124][T25524] ? mutex_unlock+0x19/0x40 [ 925.836595][T25524] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 925.842374][T25524] ? selinux_kernfs_init_security+0x155/0x760 [ 925.848408][T25524] ? idr_alloc_cyclic+0x36e/0x5e0 [ 925.853411][T25524] should_fail+0x709/0x870 [ 925.857814][T25524] ? setup_fault_attr+0x3d0/0x3d0 [ 925.862807][T25524] ? _raw_spin_lock+0xa3/0x1b0 [ 925.867639][T25524] ? __kernfs_new_node+0xdb/0x6d0 [ 925.872636][T25524] should_failslab+0x5/0x20 [ 925.877107][T25524] kmem_cache_alloc+0x24/0x210 [ 925.881847][T25524] __kernfs_new_node+0xdb/0x6d0 [ 925.886667][T25524] ? mutex_lock+0xa6/0x110 [ 925.891097][T25524] ? kernfs_new_node+0x160/0x160 [ 925.896008][T25524] ? mutex_lock+0xa6/0x110 [ 925.900402][T25524] ? mutex_trylock+0xa0/0xa0 [ 925.904961][T25524] kernfs_new_node+0x95/0x160 [ 925.909607][T25524] __kernfs_create_file+0x45/0x260 [ 925.914687][T25524] sysfs_add_file_mode_ns+0x292/0x340 [ 925.920034][T25524] sysfs_merge_group+0x207/0x460 [ 925.924945][T25524] ? sysfs_remove_groups+0xb0/0xb0 [ 925.930024][T25524] ? device_create_file+0xe8/0x1b0 [ 925.935104][T25524] ? bus_add_device+0x92/0x3f0 [ 925.939838][T25524] dpm_sysfs_add+0xc0/0x260 [ 925.944313][T25524] device_add+0x547/0xbc0 [ 925.948613][T25524] device_create_vargs+0x1b8/0x210 [ 925.953692][T25524] device_create+0xea/0x130 [ 925.958167][T25524] ? device_create_vargs+0x210/0x210 [ 925.963425][T25524] bdi_register_va+0x89/0x5e0 [ 925.968077][T25524] bdi_register+0xd1/0x120 [ 925.972465][T25524] ? __device_add_disk+0x539/0x1200 [ 925.977632][T25524] ? bdi_register_va+0x5e0/0x5e0 [ 925.982541][T25524] ? percpu_ref_resurrect+0x113/0x190 [ 925.987880][T25524] bdi_register_owner+0x56/0xf0 [ 925.992700][T25524] __device_add_disk+0x5b8/0x1200 [ 925.997696][T25524] ? device_add_disk+0x30/0x30 [ 926.002426][T25524] ? vsprintf+0x30/0x30 [ 926.006551][T25524] ? device_initialize+0x1c7/0x3d0 [ 926.011630][T25524] ? __alloc_disk_node+0x326/0x380 [ 926.016745][T25524] loop_add+0x554/0x710 [ 926.020874][T25524] loop_control_ioctl+0x564/0x740 [ 926.025870][T25524] ? loop_remove+0xa0/0xa0 [ 926.030256][T25524] ? __lru_cache_add+0x1bf/0x210 [ 926.035177][T25524] ? memset+0x1f/0x40 [ 926.039129][T25524] ? fsnotify+0x1332/0x13f0 [ 926.043600][T25524] ? loop_remove+0xa0/0xa0 [ 926.047987][T25524] do_vfs_ioctl+0x744/0x1730 [ 926.052548][T25524] ? selinux_file_ioctl+0x723/0x970 [ 926.057714][T25524] ? ioctl_preallocate+0x250/0x250 [ 926.062837][T25524] ? __fget+0x40c/0x4a0 [ 926.066961][T25524] ? fget_many+0x20/0x20 [ 926.071184][T25524] ? check_preemption_disabled+0x154/0x330 [ 926.076988][T25524] ? debug_smp_processor_id+0x20/0x20 [ 926.082330][T25524] ? security_file_ioctl+0x9d/0xb0 [ 926.087414][T25524] __x64_sys_ioctl+0xd4/0x110 [ 926.092081][T25524] do_syscall_64+0xcb/0x1c0 [ 926.096591][T25524] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 926.107993][T25524] ------------[ cut here ]------------ [ 926.113476][T25524] WARNING: CPU: 0 PID: 25524 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 926.122560][T25524] Modules linked in: [ 926.126434][T25524] CPU: 0 PID: 25524 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 926.138021][T25524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 926.148058][T25524] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 926.153834][T25524] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 926.173408][T25524] RSP: 0018:ffff8881ec9b7a00 EFLAGS: 00010246 [ 926.179451][T25524] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 926.187396][T25524] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 926.195342][T25524] RBP: ffff8881ec9b7b40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 926.203288][T25524] R10: ffffffff84800000 R11: 1ffff1103d936e00 R12: ffff8881d0e23000 [ 926.211231][T25524] R13: dffffc0000000000 R14: ffff8881d0e23070 R15: 1ffff1103a1c469d [ 926.219183][T25524] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 926.228090][T25524] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 926.234650][T25524] CR2: 00007f4757a99988 CR3: 00000001e35a7000 CR4: 00000000003406f0 [ 926.242602][T25524] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 926.250651][T25524] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 926.258590][T25524] Call Trace: [ 926.261858][T25524] ? device_add_disk+0x30/0x30 [ 926.266595][T25524] ? vsprintf+0x30/0x30 [ 926.270723][T25524] ? device_initialize+0x1c7/0x3d0 [ 926.276065][T25524] ? __alloc_disk_node+0x326/0x380 [ 926.281145][T25524] loop_add+0x554/0x710 [ 926.285275][T25524] loop_control_ioctl+0x564/0x740 [ 926.290269][T25524] ? loop_remove+0xa0/0xa0 [ 926.294656][T25524] ? __lru_cache_add+0x1bf/0x210 [ 926.299566][T25524] ? memset+0x1f/0x40 [ 926.303519][T25524] ? fsnotify+0x1332/0x13f0 [ 926.307991][T25524] ? loop_remove+0xa0/0xa0 [ 926.312377][T25524] do_vfs_ioctl+0x744/0x1730 [ 926.316939][T25524] ? selinux_file_ioctl+0x723/0x970 [ 926.322106][T25524] ? ioctl_preallocate+0x250/0x250 [ 926.327188][T25524] ? __fget+0x40c/0x4a0 [ 926.331343][T25524] ? fget_many+0x20/0x20 17:08:25 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 62) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x64}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:25 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xfffffff0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:25 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) recvfrom$packet(r0, &(0x7f0000000080)=""/170, 0xaa, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40612}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1a4, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0xa0}, 0x8040) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="00000001cfc944c938e5f7288d34abdfac54e0fde1f269807bd38c09d15becdeaf684cc5e995b6332643a02ea5f5db0bdd3c60679766df21750a359b60c2a262d0ab7f645d889d6d01551418d57b5442f3bb14d919f3814854f71a40ab48b017f5a86d4a551546828bbc91ef3871cf7aa0af255813a2d936c0585626ea812d0b36563cde21f98ac5a3b973a15208876ff6a8df8070ef", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250e0000000500380000000000080031000400000008003b0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40085}, 0xc0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) recvfrom$packet(r2, &(0x7f0000000500)=""/245, 0xf5, 0x0, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x1, 0xe2, 0x6, @broadcast}, 0x14) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) 17:08:25 executing program 0: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x580a0220}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x4, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) r1 = socket$packet(0x11, 0x2, 0x300) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xc0000042}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) r3 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x7, 0x42000) ioctl$BLKROGET(r3, 0x125e, &(0x7f0000000480)) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r4, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xa626}]}, 0x58}, 0x1, 0x0, 0x0, 0x20}, 0x840) 17:08:25 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:25 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0xfffffffe, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:25 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:25 executing program 0: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x580a0220}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x4, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) (async) r1 = socket$packet(0x11, 0x2, 0x300) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xc0000042}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) r3 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x7, 0x42000) ioctl$BLKROGET(r3, 0x125e, &(0x7f0000000480)) (async) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r4, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xa626}]}, 0x58}, 0x1, 0x0, 0x0, 0x20}, 0x840) 17:08:25 executing program 0: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x580a0220}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x4, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) (async) r1 = socket$packet(0x11, 0x2, 0x300) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xc0000042}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) r3 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x7, 0x42000) ioctl$BLKROGET(r3, 0x125e, &(0x7f0000000480)) (async) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r4, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xa626}]}, 0x58}, 0x1, 0x0, 0x0, 0x20}, 0x840) [ 926.335554][T25524] ? check_preemption_disabled+0x154/0x330 [ 926.341342][T25524] ? debug_smp_processor_id+0x20/0x20 [ 926.346683][T25524] ? security_file_ioctl+0x9d/0xb0 [ 926.351763][T25524] __x64_sys_ioctl+0xd4/0x110 [ 926.356409][T25524] do_syscall_64+0xcb/0x1c0 [ 926.360884][T25524] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 926.366743][T25524] ---[ end trace 03bf7d324617ae36 ]--- 17:08:25 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x141) connect$packet(r0, &(0x7f0000000080)={0x11, 0x11, 0x0, 0x1, 0xca, 0x6, @random="479f7215d07c"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000500)=ANY=[@ANYBLOB='tunl0\x00'/16, @ANYRES32=0x0, @ANYBLOB="000880000000800200000067450400d40068000069049078ac1414bb0a01010144245f13ac1414aa00000000e000000110000000ac141429000000057f00007ab69a9133da39af0a010101ffffffff0a010101640101018307677f000001831719e0000001ac1414aaac1414200a010102640101024404a703440cc793ac1414aa80000000864e00000001060d0b0a7920395cba441d4a4b060d130af0340be6cabc1a59db010a4b17f0f6292ee45b0112af77d0e4797c4d34f1c7bb7d60a532b4050a983dd95a42f5dd4e0508825624f78256830b4622afb5590990261e0000"]}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) r2 = socket$inet(0x2, 0x3, 0x3) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="74756e6c3000000000010000000000007ce0c6fbd86bae88aa5bebfd42e9fd37cd3c15bf4e788dcc01467c9cf23dacdfd1b82bd4ca811a20540b340e5f7cc57e7bac30ebc447a052ef7ee3bdba26b023ae1ee21ec1bf5d46e967256d6f3fe9cd230442fb0dbaab14839bfc", @ANYRES32=r4, @ANYBLOB="0040008000000004000000074604001820680000082f9078ffffffffac14142b94040100"]}) r5 = accept4$packet(r3, 0x0, &(0x7f00000002c0), 0x80000) connect$packet(r5, &(0x7f0000000300)={0x11, 0x1a, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000001c0)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) [ 926.436279][T25568] FAULT_INJECTION: forcing a failure. [ 926.436279][T25568] name failslab, interval 1, probability 0, space 0, times 0 [ 926.450367][T25568] CPU: 1 PID: 25568 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 926.462006][T25568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 926.462018][T25568] Call Trace: [ 926.475335][T25568] dump_stack+0x1d8/0x241 [ 926.479636][T25568] ? panic+0x73e/0x73e [ 926.483694][T25568] ? mutex_unlock+0x19/0x40 [ 926.488180][T25568] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 926.493959][T25568] ? selinux_kernfs_init_security+0x155/0x760 [ 926.500005][T25568] ? idr_alloc_cyclic+0x36e/0x5e0 [ 926.505006][T25568] should_fail+0x709/0x870 [ 926.509559][T25568] ? setup_fault_attr+0x3d0/0x3d0 [ 926.514568][T25568] ? _raw_spin_lock+0xa3/0x1b0 [ 926.519306][T25568] ? __kernfs_new_node+0xdb/0x6d0 [ 926.524303][T25568] should_failslab+0x5/0x20 [ 926.528780][T25568] kmem_cache_alloc+0x24/0x210 [ 926.533521][T25568] __kernfs_new_node+0xdb/0x6d0 [ 926.538342][T25568] ? mutex_lock+0xa6/0x110 [ 926.542729][T25568] ? kernfs_new_node+0x160/0x160 [ 926.547635][T25568] ? mutex_lock+0xa6/0x110 [ 926.552027][T25568] kernfs_new_node+0x95/0x160 [ 926.556683][T25568] __kernfs_create_file+0x45/0x260 [ 926.561888][T25568] sysfs_add_file_mode_ns+0x292/0x340 [ 926.567243][T25568] sysfs_merge_group+0x207/0x460 [ 926.572164][T25568] ? sysfs_remove_groups+0xb0/0xb0 [ 926.577266][T25568] ? device_create_file+0xe8/0x1b0 [ 926.582349][T25568] ? bus_add_device+0x92/0x3f0 [ 926.587085][T25568] dpm_sysfs_add+0xc0/0x260 [ 926.591559][T25568] device_add+0x547/0xbc0 [ 926.595862][T25568] device_create_vargs+0x1b8/0x210 [ 926.600945][T25568] device_create+0xea/0x130 [ 926.605419][T25568] ? device_create_vargs+0x210/0x210 [ 926.610685][T25568] bdi_register_va+0x89/0x5e0 [ 926.615340][T25568] bdi_register+0xd1/0x120 [ 926.619730][T25568] ? __device_add_disk+0x539/0x1200 [ 926.624898][T25568] ? bdi_register_va+0x5e0/0x5e0 [ 926.629810][T25568] ? percpu_ref_resurrect+0x113/0x190 [ 926.635153][T25568] bdi_register_owner+0x56/0xf0 [ 926.639979][T25568] __device_add_disk+0x5b8/0x1200 [ 926.644975][T25568] ? device_add_disk+0x30/0x30 [ 926.649721][T25568] ? vsprintf+0x30/0x30 [ 926.653849][T25568] ? device_initialize+0x1c7/0x3d0 [ 926.658931][T25568] ? __alloc_disk_node+0x326/0x380 [ 926.664011][T25568] loop_add+0x554/0x710 [ 926.668137][T25568] loop_control_ioctl+0x564/0x740 [ 926.673136][T25568] ? loop_remove+0xa0/0xa0 [ 926.677521][T25568] ? __lru_cache_add+0x1bf/0x210 [ 926.682426][T25568] ? memset+0x1f/0x40 [ 926.686378][T25568] ? fsnotify+0x1332/0x13f0 [ 926.690880][T25568] ? loop_remove+0xa0/0xa0 [ 926.695271][T25568] do_vfs_ioctl+0x744/0x1730 [ 926.699837][T25568] ? selinux_file_ioctl+0x723/0x970 [ 926.705010][T25568] ? ioctl_preallocate+0x250/0x250 [ 926.710099][T25568] ? __fget+0x40c/0x4a0 [ 926.714235][T25568] ? fget_many+0x20/0x20 [ 926.718454][T25568] ? check_preemption_disabled+0x154/0x330 [ 926.724233][T25568] ? debug_smp_processor_id+0x20/0x20 [ 926.729584][T25568] ? security_file_ioctl+0x9d/0xb0 [ 926.734673][T25568] __x64_sys_ioctl+0xd4/0x110 [ 926.739325][T25568] do_syscall_64+0xcb/0x1c0 [ 926.743801][T25568] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 926.750862][T25568] ------------[ cut here ]------------ [ 926.756337][T25568] WARNING: CPU: 1 PID: 25568 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 926.765418][T25568] Modules linked in: [ 926.769308][T25568] CPU: 1 PID: 25568 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 926.780903][T25568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 926.790941][T25568] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 926.796716][T25568] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 926.816292][T25568] RSP: 0018:ffff8881e927fa00 EFLAGS: 00010246 [ 926.822332][T25568] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 926.830276][T25568] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 926.838218][T25568] RBP: ffff8881e927fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 926.846180][T25568] R10: ffffffff84800000 R11: 1ffff1103d24fe00 R12: ffff8881e6aa1000 [ 926.854123][T25568] R13: dffffc0000000000 R14: ffff8881e6aa1070 R15: 1ffff1103cd5429d [ 926.862070][T25568] FS: 00007f98da1e5700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 926.870973][T25568] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 926.877794][T25568] CR2: 00007f98da1c4718 CR3: 00000001d1bee000 CR4: 00000000003406e0 [ 926.885738][T25568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 926.893688][T25568] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 926.901631][T25568] Call Trace: [ 926.904908][T25568] ? device_add_disk+0x30/0x30 [ 926.909645][T25568] ? vsprintf+0x30/0x30 [ 926.913771][T25568] ? device_initialize+0x1c7/0x3d0 [ 926.918851][T25568] ? __alloc_disk_node+0x326/0x380 [ 926.923933][T25568] loop_add+0x554/0x710 [ 926.928060][T25568] loop_control_ioctl+0x564/0x740 [ 926.933057][T25568] ? loop_remove+0xa0/0xa0 [ 926.937445][T25568] ? __lru_cache_add+0x1bf/0x210 [ 926.942350][T25568] ? memset+0x1f/0x40 [ 926.946300][T25568] ? fsnotify+0x1332/0x13f0 [ 926.950779][T25568] ? loop_remove+0xa0/0xa0 [ 926.955175][T25568] do_vfs_ioctl+0x744/0x1730 [ 926.959738][T25568] ? selinux_file_ioctl+0x723/0x970 [ 926.964904][T25568] ? ioctl_preallocate+0x250/0x250 [ 926.969987][T25568] ? __fget+0x40c/0x4a0 [ 926.974112][T25568] ? fget_many+0x20/0x20 [ 926.978322][T25568] ? check_preemption_disabled+0x154/0x330 17:08:25 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 63) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:25 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:25 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x2000}, 0x4) 17:08:25 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x141) connect$packet(r0, &(0x7f0000000080)={0x11, 0x11, 0x0, 0x1, 0xca, 0x6, @random="479f7215d07c"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000500)=ANY=[@ANYBLOB='tunl0\x00'/16, @ANYRES32=0x0, @ANYBLOB="000880000000800200000067450400d40068000069049078ac1414bb0a01010144245f13ac1414aa00000000e000000110000000ac141429000000057f00007ab69a9133da39af0a010101ffffffff0a010101640101018307677f000001831719e0000001ac1414aaac1414200a010102640101024404a703440cc793ac1414aa80000000864e00000001060d0b0a7920395cba441d4a4b060d130af0340be6cabc1a59db010a4b17f0f6292ee45b0112af77d0e4797c4d34f1c7bb7d60a532b4050a983dd95a42f5dd4e0508825624f78256830b4622afb5590990261e0000"]}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) r2 = socket$inet(0x2, 0x3, 0x3) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="74756e6c3000000000010000000000007ce0c6fbd86bae88aa5bebfd42e9fd37cd3c15bf4e788dcc01467c9cf23dacdfd1b82bd4ca811a20540b340e5f7cc57e7bac30ebc447a052ef7ee3bdba26b023ae1ee21ec1bf5d46e967256d6f3fe9cd230442fb0dbaab14839bfc", @ANYRES32=r4, @ANYBLOB="0040008000000004000000074604001820680000082f9078ffffffffac14142b94040100"]}) r5 = accept4$packet(r3, 0x0, &(0x7f00000002c0), 0x80000) connect$packet(r5, &(0x7f0000000300)={0x11, 0x1a, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000001c0)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x141) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x11, 0x0, 0x1, 0xca, 0x6, @random="479f7215d07c"}, 0x14) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000500)=ANY=[@ANYBLOB='tunl0\x00'/16, @ANYRES32=0x0, @ANYBLOB="000880000000800200000067450400d40068000069049078ac1414bb0a01010144245f13ac1414aa00000000e000000110000000ac141429000000057f00007ab69a9133da39af0a010101ffffffff0a010101640101018307677f000001831719e0000001ac1414aaac1414200a010102640101024404a703440cc793ac1414aa80000000864e00000001060d0b0a7920395cba441d4a4b060d130af0340be6cabc1a59db010a4b17f0f6292ee45b0112af77d0e4797c4d34f1c7bb7d60a532b4050a983dd95a42f5dd4e0508825624f78256830b4622afb5590990261e0000"]}) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) (async) socket$inet(0x2, 0x3, 0x3) (async) socket$packet(0x11, 0x3, 0x300) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="74756e6c3000000000010000000000007ce0c6fbd86bae88aa5bebfd42e9fd37cd3c15bf4e788dcc01467c9cf23dacdfd1b82bd4ca811a20540b340e5f7cc57e7bac30ebc447a052ef7ee3bdba26b023ae1ee21ec1bf5d46e967256d6f3fe9cd230442fb0dbaab14839bfc", @ANYRES32=r4, @ANYBLOB="0040008000000004000000074604001820680000082f9078ffffffffac14142b94040100"]}) (async) accept4$packet(r3, 0x0, &(0x7f00000002c0), 0x80000) (async) connect$packet(r5, &(0x7f0000000300)={0x11, 0x1a, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000001c0)={r4, 0x1, 0x6, @multicast}, 0x10) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) (async) 17:08:25 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) recvfrom$packet(r0, &(0x7f0000000080)=""/170, 0xaa, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40612}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1a4, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0xa0}, 0x8040) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="00000001cfc944c938e5f7288d34abdfac54e0fde1f269807bd38c09d15becdeaf684cc5e995b6332643a02ea5f5db0bdd3c60679766df21750a359b60c2a262d0ab7f645d889d6d01551418d57b5442f3bb14d919f3814854f71a40ab48b017f5a86d4a551546828bbc91ef3871cf7aa0af255813a2d936c0585626ea812d0b36563cde21f98ac5a3b973a15208876ff6a8df8070ef", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250e0000000500380000000000080031000400000008003b0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40085}, 0xc0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) recvfrom$packet(r2, &(0x7f0000000500)=""/245, 0xf5, 0x0, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x1, 0xe2, 0x6, @broadcast}, 0x14) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) recvfrom$packet(r0, &(0x7f0000000080)=""/170, 0xaa, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40612}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1a4, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0xa0}, 0x8040) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="00000001cfc944c938e5f7288d34abdfac54e0fde1f269807bd38c09d15becdeaf684cc5e995b6332643a02ea5f5db0bdd3c60679766df21750a359b60c2a262d0ab7f645d889d6d01551418d57b5442f3bb14d919f3814854f71a40ab48b017f5a86d4a551546828bbc91ef3871cf7aa0af255813a2d936c0585626ea812d0b36563cde21f98ac5a3b973a15208876ff6a8df8070ef", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250e0000000500380000000000080031000400000008003b0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40085}, 0xc0) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) recvfrom$packet(r2, &(0x7f0000000500)=""/245, 0xf5, 0x0, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x1, 0xe2, 0x6, @broadcast}, 0x14) (async) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) (async) 17:08:25 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x2000}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10) (async) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x2000}, 0x4) (async) 17:08:25 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x2, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:25 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x141) connect$packet(r0, &(0x7f0000000080)={0x11, 0x11, 0x0, 0x1, 0xca, 0x6, @random="479f7215d07c"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000500)=ANY=[@ANYBLOB='tunl0\x00'/16, @ANYRES32=0x0, @ANYBLOB="000880000000800200000067450400d40068000069049078ac1414bb0a01010144245f13ac1414aa00000000e000000110000000ac141429000000057f00007ab69a9133da39af0a010101ffffffff0a010101640101018307677f000001831719e0000001ac1414aaac1414200a010102640101024404a703440cc793ac1414aa80000000864e00000001060d0b0a7920395cba441d4a4b060d130af0340be6cabc1a59db010a4b17f0f6292ee45b0112af77d0e4797c4d34f1c7bb7d60a532b4050a983dd95a42f5dd4e0508825624f78256830b4622afb5590990261e0000"]}) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) (async) r2 = socket$inet(0x2, 0x3, 0x3) (async) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="74756e6c3000000000010000000000007ce0c6fbd86bae88aa5bebfd42e9fd37cd3c15bf4e788dcc01467c9cf23dacdfd1b82bd4ca811a20540b340e5f7cc57e7bac30ebc447a052ef7ee3bdba26b023ae1ee21ec1bf5d46e967256d6f3fe9cd230442fb0dbaab14839bfc", @ANYRES32=r4, @ANYBLOB="0040008000000004000000074604001820680000082f9078ffffffffac14142b94040100"]}) r5 = accept4$packet(r3, 0x0, &(0x7f00000002c0), 0x80000) connect$packet(r5, &(0x7f0000000300)={0x11, 0x1a, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000001c0)={r4, 0x1, 0x6, @multicast}, 0x10) (async) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) [ 926.984106][T25568] ? debug_smp_processor_id+0x20/0x20 [ 926.989450][T25568] ? security_file_ioctl+0x9d/0xb0 [ 926.994528][T25568] __x64_sys_ioctl+0xd4/0x110 [ 926.999180][T25568] do_syscall_64+0xcb/0x1c0 [ 927.003653][T25568] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 927.009517][T25568] ---[ end trace 03bf7d324617ae37 ]--- 17:08:25 executing program 0: inotify_init1(0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00004000ea6f254b0c9d26ddc9d9a89e000000d49de49c510000000f00000054c014e390b971c7f90394627ccef65a82a2efd667391f3929"], 0x14}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x84d}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x8000) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xc0, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xfffffffffffffd68, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\t\x00\x00', @ANYRES16=0x0, @ANYRES8=r3], 0x13c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r5, 0x107, 0x16, 0x0, 0x0) 17:08:25 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x3, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 927.074687][T25600] FAULT_INJECTION: forcing a failure. [ 927.074687][T25600] name failslab, interval 1, probability 0, space 0, times 0 [ 927.088008][T25600] CPU: 0 PID: 25600 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 927.099630][T25600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 927.109663][T25600] Call Trace: [ 927.112928][T25600] dump_stack+0x1d8/0x241 [ 927.117229][T25600] ? panic+0x73e/0x73e [ 927.121268][T25600] ? mutex_unlock+0x19/0x40 [ 927.125741][T25600] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 927.131515][T25600] ? selinux_kernfs_init_security+0x155/0x760 [ 927.137551][T25600] ? idr_alloc_cyclic+0x36e/0x5e0 [ 927.142545][T25600] should_fail+0x709/0x870 [ 927.146933][T25600] ? setup_fault_attr+0x3d0/0x3d0 [ 927.151928][T25600] ? _raw_spin_lock+0xa3/0x1b0 [ 927.156807][T25600] ? __kernfs_new_node+0xdb/0x6d0 [ 927.161822][T25600] should_failslab+0x5/0x20 [ 927.166298][T25600] kmem_cache_alloc+0x24/0x210 [ 927.171036][T25600] __kernfs_new_node+0xdb/0x6d0 [ 927.175862][T25600] ? mutex_lock+0xa6/0x110 [ 927.180249][T25600] ? kernfs_new_node+0x160/0x160 [ 927.185156][T25600] ? mutex_lock+0xa6/0x110 [ 927.189545][T25600] kernfs_new_node+0x95/0x160 [ 927.194192][T25600] __kernfs_create_file+0x45/0x260 [ 927.199272][T25600] sysfs_add_file_mode_ns+0x292/0x340 [ 927.204612][T25600] sysfs_merge_group+0x207/0x460 [ 927.209517][T25600] ? sysfs_remove_groups+0xb0/0xb0 [ 927.214599][T25600] ? device_create_file+0xe8/0x1b0 [ 927.219681][T25600] ? bus_add_device+0x92/0x3f0 [ 927.224423][T25600] dpm_sysfs_add+0xc0/0x260 [ 927.228903][T25600] device_add+0x547/0xbc0 [ 927.233207][T25600] device_create_vargs+0x1b8/0x210 [ 927.238288][T25600] device_create+0xea/0x130 [ 927.242763][T25600] ? device_create_vargs+0x210/0x210 [ 927.248025][T25600] bdi_register_va+0x89/0x5e0 [ 927.252671][T25600] bdi_register+0xd1/0x120 [ 927.257060][T25600] ? __device_add_disk+0x539/0x1200 [ 927.262233][T25600] ? bdi_register_va+0x5e0/0x5e0 [ 927.267146][T25600] ? percpu_ref_resurrect+0x113/0x190 [ 927.272497][T25600] bdi_register_owner+0x56/0xf0 [ 927.277320][T25600] __device_add_disk+0x5b8/0x1200 [ 927.282315][T25600] ? device_add_disk+0x30/0x30 [ 927.287048][T25600] ? vsprintf+0x30/0x30 [ 927.291176][T25600] ? device_initialize+0x1c7/0x3d0 [ 927.296256][T25600] ? __alloc_disk_node+0x326/0x380 [ 927.301333][T25600] loop_add+0x554/0x710 [ 927.305461][T25600] loop_control_ioctl+0x564/0x740 [ 927.310459][T25600] ? loop_remove+0xa0/0xa0 [ 927.314843][T25600] ? __lru_cache_add+0x1bf/0x210 [ 927.319750][T25600] ? memset+0x1f/0x40 [ 927.323700][T25600] ? fsnotify+0x1332/0x13f0 [ 927.328173][T25600] ? loop_remove+0xa0/0xa0 [ 927.332562][T25600] do_vfs_ioctl+0x744/0x1730 [ 927.337165][T25600] ? selinux_file_ioctl+0x723/0x970 [ 927.342332][T25600] ? ioctl_preallocate+0x250/0x250 [ 927.347415][T25600] ? __fget+0x40c/0x4a0 [ 927.351541][T25600] ? fget_many+0x20/0x20 [ 927.355752][T25600] ? check_preemption_disabled+0x154/0x330 [ 927.361525][T25600] ? debug_smp_processor_id+0x20/0x20 [ 927.366867][T25600] ? security_file_ioctl+0x9d/0xb0 [ 927.372371][T25600] __x64_sys_ioctl+0xd4/0x110 [ 927.377019][T25600] do_syscall_64+0xcb/0x1c0 [ 927.381491][T25600] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 927.392098][T25600] ------------[ cut here ]------------ [ 927.397567][T25600] WARNING: CPU: 0 PID: 25600 at block/genhd.c:742 __device_add_disk+0xe83/0x1200 [ 927.406637][T25600] Modules linked in: [ 927.410507][T25600] CPU: 0 PID: 25600 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 927.422094][T25600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 927.432130][T25600] RIP: 0010:__device_add_disk+0xe83/0x1200 [ 927.437906][T25600] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1 [ 927.457486][T25600] RSP: 0018:ffff8881eb54fa00 EFLAGS: 00010246 [ 927.463527][T25600] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000 [ 927.471467][T25600] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 927.479406][T25600] RBP: ffff8881eb54fb40 R08: ffffffff821f8e93 R09: 0000000000000010 [ 927.487348][T25600] R10: ffffffff84800000 R11: 1ffff1103d6a9e00 R12: ffff8881ebc66000 [ 927.495288][T25600] R13: dffffc0000000000 R14: ffff8881ebc66070 R15: 1ffff1103d78cc9d [ 927.503232][T25600] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 927.512149][T25600] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 927.518701][T25600] CR2: 00007f98da1c4718 CR3: 00000001d0b4a000 CR4: 00000000003406f0 [ 927.526644][T25600] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 927.534589][T25600] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 927.542527][T25600] Call Trace: [ 927.545791][T25600] ? device_add_disk+0x30/0x30 [ 927.550522][T25600] ? vsprintf+0x30/0x30 [ 927.554649][T25600] ? device_initialize+0x1c7/0x3d0 [ 927.559728][T25600] ? __alloc_disk_node+0x326/0x380 [ 927.564809][T25600] loop_add+0x554/0x710 [ 927.568941][T25600] loop_control_ioctl+0x564/0x740 [ 927.574198][T25600] ? loop_remove+0xa0/0xa0 [ 927.578585][T25600] ? __lru_cache_add+0x1bf/0x210 [ 927.583494][T25600] ? memset+0x1f/0x40 [ 927.587446][T25600] ? fsnotify+0x1332/0x13f0 [ 927.591951][T25600] ? loop_remove+0xa0/0xa0 [ 927.596339][T25600] do_vfs_ioctl+0x744/0x1730 [ 927.600901][T25600] ? selinux_file_ioctl+0x723/0x970 [ 927.606073][T25600] ? ioctl_preallocate+0x250/0x250 [ 927.611152][T25600] ? __fget+0x40c/0x4a0 [ 927.615279][T25600] ? fget_many+0x20/0x20 [ 927.619491][T25600] ? check_preemption_disabled+0x154/0x330 17:08:26 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 64) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:26 executing program 0: inotify_init1(0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00004000ea6f254b0c9d26ddc9d9a89e000000d49de49c510000000f00000054c014e390b971c7f90394627ccef65a82a2efd667391f3929"], 0x14}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x84d}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x8000) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xc0, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xfffffffffffffd68, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\t\x00\x00', @ANYRES16=0x0, @ANYRES8=r3], 0x13c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r5, 0x107, 0x16, 0x0, 0x0) inotify_init1(0x800) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00004000ea6f254b0c9d26ddc9d9a89e000000d49de49c510000000f00000054c014e390b971c7f90394627ccef65a82a2efd667391f3929"], 0x14}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) syz_genetlink_get_family_id$batadv(0x0, r1) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x84d}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x8000) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xc0, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xfffffffffffffd68, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\t\x00\x00', @ANYRES16=0x0, @ANYRES8=r3], 0x13c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r5, 0x107, 0x16, 0x0, 0x0) (async) 17:08:26 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) recvfrom$packet(r0, &(0x7f0000000080)=""/170, 0xaa, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40612}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1a4, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0xa0}, 0x8040) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="00000001cfc944c938e5f7288d34abdfac54e0fde1f269807bd38c09d15becdeaf684cc5e995b6332643a02ea5f5db0bdd3c60679766df21750a359b60c2a262d0ab7f645d889d6d01551418d57b5442f3bb14d919f3814854f71a40ab48b017f5a86d4a551546828bbc91ef3871cf7aa0af255813a2d936c0585626ea812d0b36563cde21f98ac5a3b973a15208876ff6a8df8070ef", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250e0000000500380000000000080031000400000008003b0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40085}, 0xc0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) recvfrom$packet(r2, &(0x7f0000000500)=""/245, 0xf5, 0x0, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x1, 0xe2, 0x6, @broadcast}, 0x14) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) recvfrom$packet(r0, &(0x7f0000000080)=""/170, 0xaa, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40612}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1a4, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0xa0}, 0x8040) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="00000001cfc944c938e5f7288d34abdfac54e0fde1f269807bd38c09d15becdeaf684cc5e995b6332643a02ea5f5db0bdd3c60679766df21750a359b60c2a262d0ab7f645d889d6d01551418d57b5442f3bb14d919f3814854f71a40ab48b017f5a86d4a551546828bbc91ef3871cf7aa0af255813a2d936c0585626ea812d0b36563cde21f98ac5a3b973a15208876ff6a8df8070ef", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250e0000000500380000000000080031000400000008003b0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40085}, 0xc0) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) recvfrom$packet(r2, &(0x7f0000000500)=""/245, 0xf5, 0x0, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x1, 0xe2, 0x6, @broadcast}, 0x14) (async) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) (async) 17:08:26 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:26 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x2000}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) (async) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10) (async) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x2000}, 0x4) (async) 17:08:26 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x5, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:26 executing program 0: inotify_init1(0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00004000ea6f254b0c9d26ddc9d9a89e000000d49de49c510000000f00000054c014e390b971c7f90394627ccef65a82a2efd667391f3929"], 0x14}}, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x16}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) r2 = syz_genetlink_get_family_id$batadv(0x0, r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000480)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x300, 0x0, 0x0, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x84d}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x8000) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) (async) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xc0, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) (async) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xfffffffffffffd68, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\t\x00\x00', @ANYRES16=0x0, @ANYRES8=r3], 0x13c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r5, 0x107, 0x16, 0x0, 0x0) [ 927.625266][T25600] ? debug_smp_processor_id+0x20/0x20 [ 927.630606][T25600] ? security_file_ioctl+0x9d/0xb0 [ 927.635684][T25600] __x64_sys_ioctl+0xd4/0x110 [ 927.640332][T25600] do_syscall_64+0xcb/0x1c0 [ 927.644805][T25600] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 927.650676][T25600] ---[ end trace 03bf7d324617ae38 ]--- 17:08:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl2\x00', r2, 0x0, 0x6, 0xf7, 0x10001, 0x43, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x20, 0x40, 0x5, 0x3ff}}) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4810) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000040)=0x100, 0x8) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl2\x00', r2, 0x0, 0x6, 0xf7, 0x10001, 0x43, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x20, 0x40, 0x5, 0x3ff}}) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4810) (async) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000040)=0x100, 0x8) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 927.714925][T25650] FAULT_INJECTION: forcing a failure. [ 927.714925][T25650] name failslab, interval 1, probability 0, space 0, times 0 [ 927.727722][T25650] CPU: 0 PID: 25650 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 927.739326][T25650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 927.749358][T25650] Call Trace: [ 927.752630][T25650] dump_stack+0x1d8/0x241 [ 927.756932][T25650] ? panic+0x73e/0x73e [ 927.760986][T25650] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 927.766762][T25650] ? mutex_unlock+0x19/0x40 [ 927.771322][T25650] ? kernfs_add_one+0x4a3/0x5c0 [ 927.776169][T25650] should_fail+0x709/0x870 [ 927.780555][T25650] ? setup_fault_attr+0x3d0/0x3d0 [ 927.785547][T25650] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 927.790982][T25650] ? _raw_spin_lock+0x1b0/0x1b0 [ 927.795807][T25650] ? sysfs_merge_group+0x3bc/0x460 [ 927.800902][T25650] ? kobject_uevent_env+0x26d/0x700 [ 927.806082][T25650] should_failslab+0x5/0x20 [ 927.810555][T25650] kmem_cache_alloc_trace+0x28/0x240 [ 927.815815][T25650] ? dev_uevent_filter+0xb0/0xb0 [ 927.820722][T25650] kobject_uevent_env+0x26d/0x700 [ 927.825718][T25650] device_add+0x7a7/0xbc0 [ 927.830020][T25650] device_create_vargs+0x1b8/0x210 [ 927.835102][T25650] device_create+0xea/0x130 [ 927.839578][T25650] ? device_create_vargs+0x210/0x210 [ 927.844849][T25650] bdi_register_va+0x89/0x5e0 [ 927.849500][T25650] bdi_register+0xd1/0x120 [ 927.853891][T25650] ? __device_add_disk+0x539/0x1200 [ 927.859064][T25650] ? bdi_register_va+0x5e0/0x5e0 [ 927.863975][T25650] ? percpu_ref_resurrect+0x113/0x190 [ 927.869319][T25650] bdi_register_owner+0x56/0xf0 [ 927.874143][T25650] __device_add_disk+0x5b8/0x1200 [ 927.879138][T25650] ? device_add_disk+0x30/0x30 [ 927.883871][T25650] ? vsprintf+0x30/0x30 [ 927.887999][T25650] ? device_initialize+0x1c7/0x3d0 [ 927.893080][T25650] ? __alloc_disk_node+0x326/0x380 [ 927.898164][T25650] loop_add+0x554/0x710 [ 927.902297][T25650] loop_control_ioctl+0x564/0x740 [ 927.907292][T25650] ? loop_remove+0xa0/0xa0 [ 927.911680][T25650] ? __lru_cache_add+0x1bf/0x210 [ 927.916589][T25650] ? memset+0x1f/0x40 [ 927.920542][T25650] ? fsnotify+0x1332/0x13f0 [ 927.925142][T25650] ? loop_remove+0xa0/0xa0 [ 927.929527][T25650] do_vfs_ioctl+0x744/0x1730 [ 927.934098][T25650] ? selinux_file_ioctl+0x723/0x970 [ 927.939276][T25650] ? ioctl_preallocate+0x250/0x250 [ 927.944357][T25650] ? __fget+0x40c/0x4a0 [ 927.948485][T25650] ? fget_many+0x20/0x20 [ 927.952701][T25650] ? check_preemption_disabled+0x154/0x330 [ 927.958475][T25650] ? debug_smp_processor_id+0x20/0x20 17:08:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl2\x00', r2, 0x0, 0x6, 0xf7, 0x10001, 0x43, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x20, 0x40, 0x5, 0x3ff}}) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4810) (async) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000040)=0x100, 0x8) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:26 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x81, 0x0, 0x0, 0x3}, 0x10) 17:08:26 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 65) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:26 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x6, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:26 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x3}, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:26 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x81, 0x0, 0x0, 0x3}, 0x10) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x81, 0x0, 0x0, 0x3}, 0x10) (async) [ 927.963818][T25650] ? security_file_ioctl+0x9d/0xb0 [ 927.968898][T25650] __x64_sys_ioctl+0xd4/0x110 [ 927.973547][T25650] do_syscall_64+0xcb/0x1c0 [ 927.978023][T25650] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:26 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x3}, 0x4) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:26 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x8, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:26 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req={0x81, 0x0, 0x0, 0x3}, 0x10) 17:08:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r4, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', r4, 0x8, 0x1, 0x6, 0x7, {{0xc, 0x4, 0x3, 0x1e, 0x30, 0x64, 0x0, 0x7f, 0x2f, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x7, 0x85, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xb, 0xe4, [@multicast2, @multicast2]}, @end, @cipso={0x86, 0x6, 0xfffffffffffffffe}]}}}}}) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r4, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', r4, 0x8, 0x1, 0x6, 0x7, {{0xc, 0x4, 0x3, 0x1e, 0x30, 0x64, 0x0, 0x7f, 0x2f, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x7, 0x85, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xb, 0xe4, [@multicast2, @multicast2]}, @end, @cipso={0x86, 0x6, 0xfffffffffffffffe}]}}}}}) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 928.088566][T25717] FAULT_INJECTION: forcing a failure. [ 928.088566][T25717] name failslab, interval 1, probability 0, space 0, times 0 [ 928.108954][T25717] CPU: 0 PID: 25717 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 928.120586][T25717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 928.130684][T25717] Call Trace: [ 928.133953][T25717] dump_stack+0x1d8/0x241 [ 928.138256][T25717] ? panic+0x73e/0x73e [ 928.142293][T25717] ? bdi_register_owner+0x56/0xf0 [ 928.147308][T25717] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 928.153175][T25717] ? do_vfs_ioctl+0x744/0x1730 [ 928.157910][T25717] ? do_syscall_64+0xcb/0x1c0 [ 928.162566][T25717] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 928.168607][T25717] should_fail+0x709/0x870 [ 928.172993][T25717] ? setup_fault_attr+0x3d0/0x3d0 [ 928.177986][T25717] ? kobject_get_path+0xbb/0x1a0 [ 928.182892][T25717] should_failslab+0x5/0x20 [ 928.187363][T25717] __kmalloc+0x51/0x2b0 [ 928.191491][T25717] kobject_get_path+0xbb/0x1a0 [ 928.196224][T25717] kobject_uevent_env+0x284/0x700 [ 928.201226][T25717] device_add+0x7a7/0xbc0 [ 928.205528][T25717] device_create_vargs+0x1b8/0x210 [ 928.210608][T25717] device_create+0xea/0x130 [ 928.215086][T25717] ? device_create_vargs+0x210/0x210 [ 928.220342][T25717] bdi_register_va+0x89/0x5e0 [ 928.225032][T25717] bdi_register+0xd1/0x120 [ 928.229419][T25717] ? __device_add_disk+0x539/0x1200 [ 928.234614][T25717] ? bdi_register_va+0x5e0/0x5e0 [ 928.239518][T25717] ? percpu_ref_resurrect+0x113/0x190 [ 928.244861][T25717] bdi_register_owner+0x56/0xf0 [ 928.249684][T25717] __device_add_disk+0x5b8/0x1200 [ 928.254682][T25717] ? device_add_disk+0x30/0x30 [ 928.259416][T25717] ? vsprintf+0x30/0x30 [ 928.263544][T25717] ? device_initialize+0x1c7/0x3d0 [ 928.268624][T25717] ? __alloc_disk_node+0x326/0x380 [ 928.273709][T25717] loop_add+0x554/0x710 [ 928.277834][T25717] loop_control_ioctl+0x564/0x740 [ 928.282829][T25717] ? loop_remove+0xa0/0xa0 [ 928.287217][T25717] ? __lru_cache_add+0x1bf/0x210 [ 928.292127][T25717] ? memset+0x1f/0x40 [ 928.296083][T25717] ? fsnotify+0x1332/0x13f0 [ 928.300555][T25717] ? loop_remove+0xa0/0xa0 [ 928.304946][T25717] do_vfs_ioctl+0x744/0x1730 [ 928.309515][T25717] ? selinux_file_ioctl+0x723/0x970 [ 928.314693][T25717] ? ioctl_preallocate+0x250/0x250 [ 928.319775][T25717] ? __fget+0x40c/0x4a0 [ 928.323903][T25717] ? fget_many+0x20/0x20 [ 928.328113][T25717] ? check_preemption_disabled+0x154/0x330 [ 928.333889][T25717] ? debug_smp_processor_id+0x20/0x20 17:08:27 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 66) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:27 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf4, r1, 0xe00, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0xf4}, 0x1, 0x0, 0x0, 0xc804}, 0x20000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:27 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x3}, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x9, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) r2 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r3 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r4, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', r4, 0x8, 0x1, 0x6, 0x7, {{0xc, 0x4, 0x3, 0x1e, 0x30, 0x64, 0x0, 0x7f, 0x2f, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x7, 0x85, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xb, 0xe4, [@multicast2, @multicast2]}, @end, @cipso={0x86, 0x6, 0xfffffffffffffffe}]}}}}}) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0xa, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 928.339228][T25717] ? security_file_ioctl+0x9d/0xb0 [ 928.344309][T25717] __x64_sys_ioctl+0xd4/0x110 [ 928.348958][T25717] do_syscall_64+0xcb/0x1c0 [ 928.353432][T25717] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 3: inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x40000040) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) 17:08:27 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf4, r1, 0xe00, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0xf4}, 0x1, 0x0, 0x0, 0xc804}, 0x20000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf4, r1, 0xe00, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0xf4}, 0x1, 0x0, 0x0, 0xc804}, 0x20000000) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) [ 928.424618][T25751] FAULT_INJECTION: forcing a failure. [ 928.424618][T25751] name failslab, interval 1, probability 0, space 0, times 0 [ 928.437279][T25751] CPU: 0 PID: 25751 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 928.448890][T25751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 928.458920][T25751] Call Trace: [ 928.462188][T25751] dump_stack+0x1d8/0x241 [ 928.466487][T25751] ? panic+0x73e/0x73e [ 928.470524][T25751] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 928.476299][T25751] should_fail+0x709/0x870 [ 928.480683][T25751] ? setup_fault_attr+0x3d0/0x3d0 [ 928.485680][T25751] ? alloc_uevent_skb+0x73/0x220 [ 928.490586][T25751] should_failslab+0x5/0x20 [ 928.495146][T25751] __kmalloc_track_caller+0x4f/0x280 [ 928.500397][T25751] ? kmem_cache_alloc+0xd0/0x210 [ 928.505327][T25751] ? alloc_uevent_skb+0x73/0x220 [ 928.510235][T25751] __alloc_skb+0xb5/0x4d0 [ 928.514536][T25751] alloc_uevent_skb+0x73/0x220 [ 928.519272][T25751] kobject_uevent_net_broadcast+0x2f3/0x570 [ 928.525131][T25751] ? kobject_get_path+0x17b/0x1a0 [ 928.530127][T25751] kobject_uevent_env+0x552/0x700 [ 928.535122][T25751] device_add+0x7a7/0xbc0 [ 928.539422][T25751] device_create_vargs+0x1b8/0x210 [ 928.544504][T25751] device_create+0xea/0x130 [ 928.549009][T25751] ? device_create_vargs+0x210/0x210 [ 928.554267][T25751] bdi_register_va+0x89/0x5e0 [ 928.558915][T25751] bdi_register+0xd1/0x120 [ 928.563316][T25751] ? __device_add_disk+0x539/0x1200 [ 928.568504][T25751] ? bdi_register_va+0x5e0/0x5e0 [ 928.573411][T25751] ? percpu_ref_resurrect+0x113/0x190 [ 928.578753][T25751] bdi_register_owner+0x56/0xf0 [ 928.583574][T25751] __device_add_disk+0x5b8/0x1200 [ 928.588566][T25751] ? device_add_disk+0x30/0x30 [ 928.593297][T25751] ? vsprintf+0x30/0x30 [ 928.597421][T25751] ? device_initialize+0x1c7/0x3d0 [ 928.602507][T25751] ? __alloc_disk_node+0x326/0x380 [ 928.607613][T25751] loop_add+0x554/0x710 [ 928.611738][T25751] loop_control_ioctl+0x564/0x740 [ 928.616731][T25751] ? loop_remove+0xa0/0xa0 [ 928.621117][T25751] ? __lru_cache_add+0x1bf/0x210 [ 928.626025][T25751] ? memset+0x1f/0x40 [ 928.629976][T25751] ? fsnotify+0x1332/0x13f0 [ 928.634479][T25751] ? loop_remove+0xa0/0xa0 [ 928.638882][T25751] do_vfs_ioctl+0x744/0x1730 [ 928.643443][T25751] ? selinux_file_ioctl+0x723/0x970 [ 928.648609][T25751] ? ioctl_preallocate+0x250/0x250 [ 928.653689][T25751] ? __fget+0x40c/0x4a0 [ 928.657816][T25751] ? fget_many+0x20/0x20 [ 928.662025][T25751] ? check_preemption_disabled+0x154/0x330 [ 928.667800][T25751] ? debug_smp_processor_id+0x20/0x20 17:08:27 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 67) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0xb, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) 17:08:27 executing program 3: inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x40000040) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x10, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 928.673140][T25751] ? security_file_ioctl+0x9d/0xb0 [ 928.678226][T25751] __x64_sys_ioctl+0xd4/0x110 [ 928.682961][T25751] do_syscall_64+0xcb/0x1c0 [ 928.687434][T25751] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:27 executing program 3: inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x40000040) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) 17:08:27 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 32) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) (rerun: 32) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf4, r1, 0xe00, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0xf4}, 0x1, 0x0, 0x0, 0xc804}, 0x20000000) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (rerun: 32) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) recvfrom$packet(r0, &(0x7f0000000040)=""/43, 0x2b, 0x40000020, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x2004) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="389502ab38bdb2454ba699526d020000", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000800000006001600030000000500120001000000060011000100000008000b0007000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00ff00000006001600c84700000500120000000000060011000008000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b007f000000060016007f0000000500120000000000060011009c00000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b00000000000600160000f700000500120001000000060011000800000008000b00010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000400000006001600010400000500120001000000060011001f00000008000b00070000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00018000000600160000020000050012000000000006001100700f000008000b00fffbffff080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600200000000500120000000000060011000100000008000b0006000000"], 0x238}, 0x1, 0x0, 0x0, 0x4000040}, 0x200488c0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000500)=0x14, 0x80800) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) r4 = gettid() sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x50) 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x11, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) recvfrom$packet(r0, &(0x7f0000000040)=""/43, 0x2b, 0x40000020, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x2004) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="389502ab38bdb2454ba699526d020000", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000800000006001600030000000500120001000000060011000100000008000b0007000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00ff00000006001600c84700000500120000000000060011000008000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b007f000000060016007f0000000500120000000000060011009c00000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b00000000000600160000f700000500120001000000060011000800000008000b00010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000400000006001600010400000500120001000000060011001f00000008000b00070000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00018000000600160000020000050012000000000006001100700f000008000b00fffbffff080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600200000000500120000000000060011000100000008000b0006000000"], 0x238}, 0x1, 0x0, 0x0, 0x4000040}, 0x200488c0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000500)=0x14, 0x80800) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) r4 = gettid() sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x50) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) recvfrom$packet(r0, &(0x7f0000000040)=""/43, 0x2b, 0x40000020, 0x0, 0x0) (async) ioprio_set$uid(0x3, 0x0, 0x2004) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="389502ab38bdb2454ba699526d020000", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000800000006001600030000000500120001000000060011000100000008000b0007000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00ff00000006001600c84700000500120000000000060011000008000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b007f000000060016007f0000000500120000000000060011009c00000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b00000000000600160000f700000500120001000000060011000800000008000b00010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000400000006001600010400000500120001000000060011001f00000008000b00070000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00018000000600160000020000050012000000000006001100700f000008000b00fffbffff080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600200000000500120000000000060011000100000008000b0006000000"], 0x238}, 0x1, 0x0, 0x0, 0x4000040}, 0x200488c0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000500)=0x14, 0x80800) (async) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) (async) gettid() (async) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x50) (async) [ 928.755066][T25786] FAULT_INJECTION: forcing a failure. [ 928.755066][T25786] name failslab, interval 1, probability 0, space 0, times 0 [ 928.767839][T25786] CPU: 0 PID: 25786 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 928.779455][T25786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 928.789497][T25786] Call Trace: [ 928.792777][T25786] dump_stack+0x1d8/0x241 [ 928.797165][T25786] ? panic+0x73e/0x73e [ 928.801213][T25786] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 928.806996][T25786] should_fail+0x709/0x870 [ 928.811387][T25786] ? setup_fault_attr+0x3d0/0x3d0 [ 928.816383][T25786] ? alloc_uevent_skb+0x73/0x220 [ 928.821293][T25786] should_failslab+0x5/0x20 [ 928.825767][T25786] __kmalloc_track_caller+0x4f/0x280 [ 928.831021][T25786] ? kmem_cache_alloc+0xd0/0x210 [ 928.835926][T25786] ? alloc_uevent_skb+0x73/0x220 [ 928.840833][T25786] __alloc_skb+0xb5/0x4d0 [ 928.845138][T25786] alloc_uevent_skb+0x73/0x220 [ 928.849871][T25786] kobject_uevent_net_broadcast+0x2f3/0x570 [ 928.855732][T25786] ? kobject_get_path+0x17b/0x1a0 [ 928.860724][T25786] kobject_uevent_env+0x552/0x700 [ 928.865721][T25786] device_add+0x7a7/0xbc0 [ 928.870022][T25786] device_create_vargs+0x1b8/0x210 [ 928.875104][T25786] device_create+0xea/0x130 [ 928.879576][T25786] ? device_create_vargs+0x210/0x210 [ 928.884831][T25786] bdi_register_va+0x89/0x5e0 [ 928.889479][T25786] bdi_register+0xd1/0x120 [ 928.893869][T25786] ? __device_add_disk+0x539/0x1200 [ 928.899035][T25786] ? bdi_register_va+0x5e0/0x5e0 [ 928.903984][T25786] ? percpu_ref_resurrect+0x113/0x190 [ 928.909323][T25786] bdi_register_owner+0x56/0xf0 [ 928.914143][T25786] __device_add_disk+0x5b8/0x1200 [ 928.919139][T25786] ? device_add_disk+0x30/0x30 [ 928.923876][T25786] ? vsprintf+0x30/0x30 [ 928.928005][T25786] ? device_initialize+0x1c7/0x3d0 [ 928.933090][T25786] ? __alloc_disk_node+0x326/0x380 [ 928.938190][T25786] loop_add+0x554/0x710 [ 928.942316][T25786] loop_control_ioctl+0x564/0x740 [ 928.947309][T25786] ? loop_remove+0xa0/0xa0 [ 928.951696][T25786] ? __lru_cache_add+0x1bf/0x210 [ 928.956600][T25786] ? memset+0x1f/0x40 [ 928.960553][T25786] ? fsnotify+0x1332/0x13f0 [ 928.965035][T25786] ? loop_remove+0xa0/0xa0 [ 928.969419][T25786] do_vfs_ioctl+0x744/0x1730 [ 928.973983][T25786] ? selinux_file_ioctl+0x723/0x970 [ 928.979150][T25786] ? ioctl_preallocate+0x250/0x250 [ 928.984230][T25786] ? __fget+0x40c/0x4a0 [ 928.988354][T25786] ? fget_many+0x20/0x20 [ 928.992567][T25786] ? check_preemption_disabled+0x154/0x330 [ 928.998342][T25786] ? debug_smp_processor_id+0x20/0x20 17:08:27 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 68) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x12, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) recvfrom$packet(r0, &(0x7f0000000040)=""/43, 0x2b, 0x40000020, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x2004) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="389502ab38bdb2454ba699526d020000", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000800000006001600030000000500120001000000060011000100000008000b0007000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00ff00000006001600c84700000500120000000000060011000008000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b007f000000060016007f0000000500120000000000060011009c00000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b00000000000600160000f700000500120001000000060011000800000008000b00010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000400000006001600010400000500120001000000060011001f00000008000b00070000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00018000000600160000020000050012000000000006001100700f000008000b00fffbffff080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600200000000500120000000000060011000100000008000b0006000000"], 0x238}, 0x1, 0x0, 0x0, 0x4000040}, 0x200488c0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000500)=0x14, 0x80800) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) r4 = gettid() sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x50) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) recvfrom$packet(r0, &(0x7f0000000040)=""/43, 0x2b, 0x40000020, 0x0, 0x0) (async) ioprio_set$uid(0x3, 0x0, 0x2004) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="389502ab38bdb2454ba699526d020000", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000800000006001600030000000500120001000000060011000100000008000b0007000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b00ff00000006001600c84700000500120000000000060011000008000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b007f000000060016007f0000000500120000000000060011009c00000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b00000000000600160000f700000500120001000000060011000800000008000b00010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000400000006001600010400000500120001000000060011001f00000008000b00070000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00018000000600160000020000050012000000000006001100700f000008000b00fffbffff080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000300000006001600200000000500120000000000060011000100000008000b0006000000"], 0x238}, 0x1, 0x0, 0x0, 0x4000040}, 0x200488c0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000500)=0x14, 0x80800) (async) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) (async) gettid() (async) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x50) (async) 17:08:27 executing program 3: ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0xc18) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 929.003686][T25786] ? security_file_ioctl+0x9d/0xb0 [ 929.008765][T25786] __x64_sys_ioctl+0xd4/0x110 [ 929.013412][T25786] do_syscall_64+0xcb/0x1c0 [ 929.017887][T25786] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:27 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1000, 0x8180) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4580}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200448c5}, 0x40800) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x13, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x235e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:27 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) (async, rerun: 32) r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1000, 0x8180) (rerun: 32) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4580}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200448c5}, 0x40800) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:27 executing program 3: ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0xc18) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0xc18) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:27 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x14, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x2b3c, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 929.144959][T25832] FAULT_INJECTION: forcing a failure. [ 929.144959][T25832] name failslab, interval 1, probability 0, space 0, times 0 [ 929.157770][T25832] CPU: 0 PID: 25832 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 929.169380][T25832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 929.179410][T25832] Call Trace: [ 929.182679][T25832] dump_stack+0x1d8/0x241 [ 929.186981][T25832] ? panic+0x73e/0x73e [ 929.191020][T25832] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 929.196803][T25832] ? vsnprintf+0x1cd0/0x1cd0 [ 929.201364][T25832] ? bdi_register_va+0x89/0x5e0 [ 929.206188][T25832] ? bdi_register_owner+0x56/0xf0 [ 929.211184][T25832] ? __device_add_disk+0x5b8/0x1200 [ 929.216361][T25832] ? loop_add+0x554/0x710 [ 929.220661][T25832] should_fail+0x709/0x870 [ 929.225068][T25832] ? setup_fault_attr+0x3d0/0x3d0 [ 929.230097][T25832] ? skb_clone+0x1b7/0x380 [ 929.234482][T25832] should_failslab+0x5/0x20 [ 929.238957][T25832] kmem_cache_alloc+0x24/0x210 [ 929.243691][T25832] skb_clone+0x1b7/0x380 [ 929.247906][T25832] ? netlink_broadcast_filtered+0x64d/0x11d0 [ 929.253856][T25832] netlink_broadcast_filtered+0x65b/0x11d0 [ 929.259634][T25832] netlink_broadcast+0x35/0x50 [ 929.264371][T25832] kobject_uevent_net_broadcast+0x385/0x570 [ 929.270235][T25832] kobject_uevent_env+0x552/0x700 [ 929.275231][T25832] device_add+0x7a7/0xbc0 [ 929.279544][T25832] device_create_vargs+0x1b8/0x210 [ 929.284634][T25832] device_create+0xea/0x130 [ 929.289108][T25832] ? device_create_vargs+0x210/0x210 [ 929.294363][T25832] bdi_register_va+0x89/0x5e0 [ 929.299009][T25832] bdi_register+0xd1/0x120 [ 929.303399][T25832] ? __device_add_disk+0x539/0x1200 [ 929.308564][T25832] ? bdi_register_va+0x5e0/0x5e0 [ 929.313477][T25832] ? percpu_ref_resurrect+0x113/0x190 [ 929.318826][T25832] bdi_register_owner+0x56/0xf0 [ 929.323747][T25832] __device_add_disk+0x5b8/0x1200 [ 929.328757][T25832] ? device_add_disk+0x30/0x30 [ 929.333497][T25832] ? vsprintf+0x30/0x30 [ 929.337633][T25832] ? device_initialize+0x1c7/0x3d0 [ 929.342720][T25832] ? __alloc_disk_node+0x326/0x380 [ 929.347808][T25832] loop_add+0x554/0x710 [ 929.351944][T25832] loop_control_ioctl+0x564/0x740 [ 929.356945][T25832] ? loop_remove+0xa0/0xa0 [ 929.361333][T25832] ? __lru_cache_add+0x1bf/0x210 [ 929.366242][T25832] ? memset+0x1f/0x40 [ 929.370192][T25832] ? fsnotify+0x1332/0x13f0 [ 929.374684][T25832] ? loop_remove+0xa0/0xa0 [ 929.379069][T25832] do_vfs_ioctl+0x744/0x1730 [ 929.383641][T25832] ? selinux_file_ioctl+0x723/0x970 [ 929.388815][T25832] ? ioctl_preallocate+0x250/0x250 17:08:28 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 69) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x2b3c, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 3: ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0xc18) (async) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) 17:08:28 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x300, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1000, 0x8180) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4580}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200448c5}, 0x40800) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) syz_open_dev$vcsa(&(0x7f0000000080), 0x1000, 0x8180) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4580}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200448c5}, 0x40800) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x8b, 0x6, @local}, 0x14) [ 929.393897][T25832] ? __fget+0x40c/0x4a0 [ 929.398023][T25832] ? fget_many+0x20/0x20 [ 929.402244][T25832] ? check_preemption_disabled+0x154/0x330 [ 929.408042][T25832] ? debug_smp_processor_id+0x20/0x20 [ 929.413384][T25832] ? security_file_ioctl+0x9d/0xb0 [ 929.418464][T25832] __x64_sys_ioctl+0xd4/0x110 [ 929.423112][T25832] do_syscall_64+0xcb/0x1c0 [ 929.427589][T25832] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x9) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x2b3c, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x5e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x500, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:28 executing program 0: r0 = gettid() getpgid(r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x8, &(0x7f0000000040)=""/197) r1 = gettid() getpgid(r1) sched_getattr(r1, &(0x7f0000000140)={0x38}, 0x38, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000180)) gettid() setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) [ 929.500166][T25871] FAULT_INJECTION: forcing a failure. [ 929.500166][T25871] name failslab, interval 1, probability 0, space 0, times 0 [ 929.513409][T25871] CPU: 0 PID: 25871 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 929.525039][T25871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 929.535075][T25871] Call Trace: [ 929.538344][T25871] dump_stack+0x1d8/0x241 [ 929.542651][T25871] ? panic+0x73e/0x73e [ 929.546693][T25871] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 929.552487][T25871] ? vsnprintf+0x1cd0/0x1cd0 [ 929.557062][T25871] ? bdi_register_va+0x89/0x5e0 [ 929.561887][T25871] ? bdi_register_owner+0x56/0xf0 [ 929.566883][T25871] ? __device_add_disk+0x5b8/0x1200 [ 929.572073][T25871] ? loop_add+0x554/0x710 [ 929.576382][T25871] should_fail+0x709/0x870 [ 929.580783][T25871] ? setup_fault_attr+0x3d0/0x3d0 [ 929.585781][T25871] ? skb_clone+0x1b7/0x380 [ 929.590166][T25871] should_failslab+0x5/0x20 [ 929.594643][T25871] kmem_cache_alloc+0x24/0x210 [ 929.599382][T25871] skb_clone+0x1b7/0x380 [ 929.603600][T25871] ? netlink_broadcast_filtered+0x64d/0x11d0 [ 929.609561][T25871] netlink_broadcast_filtered+0x65b/0x11d0 [ 929.615351][T25871] netlink_broadcast+0x35/0x50 [ 929.620090][T25871] kobject_uevent_net_broadcast+0x385/0x570 [ 929.625953][T25871] kobject_uevent_env+0x552/0x700 [ 929.630948][T25871] device_add+0x7a7/0xbc0 [ 929.635248][T25871] device_create_vargs+0x1b8/0x210 [ 929.640331][T25871] device_create+0xea/0x130 [ 929.644809][T25871] ? device_create_vargs+0x210/0x210 [ 929.650064][T25871] bdi_register_va+0x89/0x5e0 [ 929.654722][T25871] bdi_register+0xd1/0x120 [ 929.659125][T25871] ? __device_add_disk+0x539/0x1200 [ 929.664297][T25871] ? bdi_register_va+0x5e0/0x5e0 [ 929.669232][T25871] ? percpu_ref_resurrect+0x113/0x190 [ 929.674578][T25871] bdi_register_owner+0x56/0xf0 [ 929.679403][T25871] __device_add_disk+0x5b8/0x1200 [ 929.684403][T25871] ? device_add_disk+0x30/0x30 [ 929.689139][T25871] ? vsprintf+0x30/0x30 [ 929.693267][T25871] ? device_initialize+0x1c7/0x3d0 [ 929.698358][T25871] ? __alloc_disk_node+0x326/0x380 [ 929.703446][T25871] loop_add+0x554/0x710 [ 929.707585][T25871] loop_control_ioctl+0x564/0x740 [ 929.712591][T25871] ? loop_remove+0xa0/0xa0 [ 929.717063][T25871] ? __lru_cache_add+0x1bf/0x210 [ 929.721991][T25871] ? memset+0x1f/0x40 [ 929.725951][T25871] ? fsnotify+0x1332/0x13f0 [ 929.730544][T25871] ? loop_remove+0xa0/0xa0 [ 929.734946][T25871] do_vfs_ioctl+0x744/0x1730 [ 929.739512][T25871] ? selinux_file_ioctl+0x723/0x970 [ 929.744694][T25871] ? ioctl_preallocate+0x250/0x250 17:08:28 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 70) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x8b, 0x6, @local}, 0x14) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x8b, 0x6, @local}, 0x14) (async) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x9) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x9) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:28 executing program 0: r0 = gettid() getpgid(r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x8, &(0x7f0000000040)=""/197) r1 = gettid() getpgid(r1) (async) sched_getattr(r1, &(0x7f0000000140)={0x38}, 0x38, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000180)) (async) gettid() (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 929.749778][T25871] ? __fget+0x40c/0x4a0 [ 929.753923][T25871] ? fget_many+0x20/0x20 [ 929.758142][T25871] ? check_preemption_disabled+0x154/0x330 [ 929.763922][T25871] ? debug_smp_processor_id+0x20/0x20 [ 929.769273][T25871] ? security_file_ioctl+0x9d/0xb0 [ 929.774359][T25871] __x64_sys_ioctl+0xd4/0x110 [ 929.779008][T25871] do_syscall_64+0xcb/0x1c0 [ 929.783491][T25871] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x9) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000080)=0x9) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:28 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x600, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) connect$packet(r0, &(0x7f0000000080)={0x11, 0x2, 0x0, 0x1, 0x8b, 0x6, @local}, 0x14) 17:08:28 executing program 0: r0 = gettid() getpgid(r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x8, &(0x7f0000000040)=""/197) r1 = gettid() getpgid(r1) sched_getattr(r1, &(0x7f0000000140)={0x38}, 0x38, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000180)) gettid() setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) gettid() (async) getpgid(r0) (async) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x8, &(0x7f0000000040)=""/197) (async) gettid() (async) getpgid(r1) (async) sched_getattr(r1, &(0x7f0000000140)={0x38}, 0x38, 0x0) (async) socket$packet(0x11, 0x2, 0x300) (async) prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x3, &(0x7f0000000180)) (async) gettid() (async) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r2, 0x107, 0x16, 0x0, 0x0) (async) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x900, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 929.860717][T25903] FAULT_INJECTION: forcing a failure. [ 929.860717][T25903] name failslab, interval 1, probability 0, space 0, times 0 [ 929.881469][T25903] CPU: 0 PID: 25903 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 929.893097][T25903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 929.903142][T25903] Call Trace: [ 929.906428][T25903] dump_stack+0x1d8/0x241 [ 929.910752][T25903] ? panic+0x73e/0x73e [ 929.914811][T25903] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 929.920604][T25903] ? __lookup_slow+0x340/0x450 [ 929.925355][T25903] should_fail+0x709/0x870 [ 929.929760][T25903] ? setup_fault_attr+0x3d0/0x3d0 [ 929.934775][T25903] ? lookup_one_len+0x426/0x680 [ 929.939606][T25903] ? new_inode_pseudo+0x78/0x210 [ 929.944522][T25903] should_failslab+0x5/0x20 [ 929.949012][T25903] kmem_cache_alloc+0x24/0x210 [ 929.953761][T25903] new_inode_pseudo+0x78/0x210 [ 929.958596][T25903] new_inode+0x25/0x1d0 [ 929.962740][T25903] ? start_creating+0x183/0x270 [ 929.967590][T25903] debugfs_create_dir+0x66/0x380 [ 929.972511][T25903] bdi_register_va+0x232/0x5e0 [ 929.977263][T25903] bdi_register+0xd1/0x120 [ 929.981670][T25903] ? __device_add_disk+0x539/0x1200 [ 929.986852][T25903] ? bdi_register_va+0x5e0/0x5e0 [ 929.991778][T25903] ? percpu_ref_resurrect+0x113/0x190 [ 929.997139][T25903] bdi_register_owner+0x56/0xf0 [ 930.001984][T25903] __device_add_disk+0x5b8/0x1200 [ 930.006997][T25903] ? device_add_disk+0x30/0x30 [ 930.011744][T25903] ? vsprintf+0x30/0x30 [ 930.015886][T25903] ? device_initialize+0x1c7/0x3d0 [ 930.020988][T25903] ? __alloc_disk_node+0x326/0x380 [ 930.026085][T25903] loop_add+0x554/0x710 [ 930.030226][T25903] loop_control_ioctl+0x564/0x740 [ 930.035235][T25903] ? loop_remove+0xa0/0xa0 [ 930.039635][T25903] ? __lru_cache_add+0x1bf/0x210 [ 930.044557][T25903] ? memset+0x1f/0x40 [ 930.048523][T25903] ? fsnotify+0x1332/0x13f0 [ 930.053011][T25903] ? loop_remove+0xa0/0xa0 [ 930.057413][T25903] do_vfs_ioctl+0x744/0x1730 [ 930.061993][T25903] ? selinux_file_ioctl+0x723/0x970 [ 930.067178][T25903] ? ioctl_preallocate+0x250/0x250 [ 930.072277][T25903] ? __fget+0x40c/0x4a0 [ 930.076420][T25903] ? fget_many+0x20/0x20 [ 930.080645][T25903] ? check_preemption_disabled+0x154/0x330 [ 930.086433][T25903] ? debug_smp_processor_id+0x20/0x20 [ 930.091802][T25903] ? security_file_ioctl+0x9d/0xb0 [ 930.096899][T25903] __x64_sys_ioctl+0xd4/0x110 [ 930.101565][T25903] do_syscall_64+0xcb/0x1c0 [ 930.106058][T25903] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:28 executing program 0: ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000180)={0x0, 0x1}) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000200)={0x1, 0x7}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) getpeername$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @broadcast, @empty}, &(0x7f0000000280)=0xc) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/65, 0x41, 0x12000, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0xe5, 0x6, @broadcast}, 0x14) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x2, 0x9, 0x300, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x40880) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) recvfrom$packet(r0, &(0x7f00000001c0)=""/241, 0xf1, 0x1, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8001, 0xa7, 0x0, 0x2, 0x5, 0x18, "233ec45d7475634a1382f619fe5cbed3993ba5426a2b64624a653169f9fc8c881dff4beaa7bd300906d7ced7e7b273df9149393b3783d9386d8e42e96935dfce", "66a63f53827a99eff2f0958985fe58dcff81c97e71f773b89931064f8da58ac838b3f2aab5d9337430ad97b6bd9d6ce6b403c6ff72a45c4ad90a6592fe283fbe", "f473398a6c7e2c87f837e9587c613ff75745e7459cf0c278e7ca88a208b554df", [0x8000, 0x8]}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x58, 0x0, 0xa20, 0x70bd2b, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}}, 0x8000) 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0xfffffe1f) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="240035a4", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf250600000008002b007f00000008000b0008000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x4}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:28 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 71) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) [ 930.120747][T25903] debugfs: out of free dentries, can not create directory '7:0' 17:08:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x2, 0x9, 0x300, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x40880) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) recvfrom$packet(r0, &(0x7f00000001c0)=""/241, 0xf1, 0x1, 0x0, 0x0) (async) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8001, 0xa7, 0x0, 0x2, 0x5, 0x18, "233ec45d7475634a1382f619fe5cbed3993ba5426a2b64624a653169f9fc8c881dff4beaa7bd300906d7ced7e7b273df9149393b3783d9386d8e42e96935dfce", "66a63f53827a99eff2f0958985fe58dcff81c97e71f773b89931064f8da58ac838b3f2aab5d9337430ad97b6bd9d6ce6b403c6ff72a45c4ad90a6592fe283fbe", "f473398a6c7e2c87f837e9587c613ff75745e7459cf0c278e7ca88a208b554df", [0x8000, 0x8]}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x58, 0x0, 0xa20, 0x70bd2b, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}}, 0x8000) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0xa00, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:28 executing program 0: ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000180)={0x0, 0x1}) (async) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000200)={0x1, 0x7}) (async) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) getpeername$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) (async) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @broadcast, @empty}, &(0x7f0000000280)=0xc) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/65, 0x41, 0x12000, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0xe5, 0x6, @broadcast}, 0x14) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) 17:08:28 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) (async) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0xfffffe1f) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="240035a4", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf250600000008002b007f00000008000b0008000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x4}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) 17:08:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:28 executing program 0: ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000180)={0x0, 0x1}) (async) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000200)={0x1, 0x7}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) (async, rerun: 64) getpeername$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) (rerun: 64) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @broadcast, @empty}, &(0x7f0000000280)=0xc) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000040)=""/65, 0x41, 0x12000, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0xe5, 0x6, @broadcast}, 0x14) setsockopt$packet_fanout(r1, 0x107, 0x16, 0x0, 0x0) [ 930.216120][T25949] FAULT_INJECTION: forcing a failure. [ 930.216120][T25949] name failslab, interval 1, probability 0, space 0, times 0 [ 930.228881][T25949] CPU: 0 PID: 25949 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 930.240485][T25949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 930.250510][T25949] Call Trace: [ 930.253777][T25949] dump_stack+0x1d8/0x241 [ 930.258074][T25949] ? panic+0x73e/0x73e [ 930.262114][T25949] ? check_preemption_disabled+0x154/0x330 [ 930.267893][T25949] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 930.273670][T25949] ? debug_smp_processor_id+0x20/0x20 [ 930.279009][T25949] ? stack_trace_snprint+0x170/0x170 [ 930.284258][T25949] should_fail+0x709/0x870 [ 930.288639][T25949] ? setup_fault_attr+0x3d0/0x3d0 [ 930.293634][T25949] ? __kasan_slab_free+0x1fa/0x240 [ 930.298708][T25949] ? __kasan_slab_free+0x178/0x240 [ 930.303783][T25949] ? slab_free_freelist_hook+0x80/0x150 [ 930.309291][T25949] ? kfree+0xc6/0x260 [ 930.313239][T25949] ? kobject_uevent_env+0x352/0x700 [ 930.318408][T25949] ? device_create_vargs+0x1b8/0x210 [ 930.323665][T25949] ? device_create+0xea/0x130 [ 930.328307][T25949] ? bdi_register_va+0x89/0x5e0 [ 930.333121][T25949] ? bdi_register+0xd1/0x120 [ 930.337675][T25949] ? bdi_register_owner+0x56/0xf0 [ 930.342663][T25949] ? __d_alloc+0x2a/0x6a0 [ 930.346960][T25949] should_failslab+0x5/0x20 [ 930.351427][T25949] kmem_cache_alloc+0x24/0x210 [ 930.356156][T25949] __d_alloc+0x2a/0x6a0 [ 930.360277][T25949] d_alloc_parallel+0xe6/0x1310 [ 930.365094][T25949] ? avc_has_perm_noaudit+0x30c/0x400 [ 930.370430][T25949] ? avc_denied+0x1c0/0x1c0 [ 930.374903][T25949] ? d_hash_and_lookup+0x1e0/0x1e0 [ 930.379979][T25949] ? slab_free_freelist_hook+0x80/0x150 [ 930.385496][T25949] ? selinux_inode_permission+0x374/0x670 [ 930.391180][T25949] ? selinux_inode_permission+0x438/0x670 [ 930.396864][T25949] __lookup_slow+0x15a/0x450 [ 930.401769][T25949] ? lookup_one_len+0x680/0x680 [ 930.406606][T25949] lookup_one_len+0x426/0x680 [ 930.411257][T25949] ? try_lookup_one_len+0x650/0x650 [ 930.416434][T25949] start_creating+0xec/0x270 [ 930.420994][T25949] debugfs_create_dir+0x24/0x380 [ 930.425896][T25949] bdi_register_va+0x232/0x5e0 [ 930.430628][T25949] bdi_register+0xd1/0x120 [ 930.435011][T25949] ? __device_add_disk+0x539/0x1200 [ 930.440174][T25949] ? bdi_register_va+0x5e0/0x5e0 [ 930.445075][T25949] ? percpu_ref_resurrect+0x113/0x190 [ 930.450412][T25949] bdi_register_owner+0x56/0xf0 [ 930.455229][T25949] __device_add_disk+0x5b8/0x1200 [ 930.460238][T25949] ? device_add_disk+0x30/0x30 [ 930.464969][T25949] ? vsprintf+0x30/0x30 [ 930.469097][T25949] ? device_initialize+0x1c7/0x3d0 [ 930.474177][T25949] ? __alloc_disk_node+0x326/0x380 [ 930.479253][T25949] loop_add+0x554/0x710 [ 930.483378][T25949] loop_control_ioctl+0x564/0x740 [ 930.488367][T25949] ? loop_remove+0xa0/0xa0 [ 930.492906][T25949] ? __lru_cache_add+0x1bf/0x210 [ 930.497844][T25949] ? memset+0x1f/0x40 [ 930.501794][T25949] ? fsnotify+0x1332/0x13f0 [ 930.506268][T25949] ? loop_remove+0xa0/0xa0 [ 930.510655][T25949] do_vfs_ioctl+0x744/0x1730 17:08:29 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 72) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x26, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:29 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0xb00, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 930.515213][T25949] ? selinux_file_ioctl+0x723/0x970 [ 930.520378][T25949] ? ioctl_preallocate+0x250/0x250 [ 930.525456][T25949] ? __fget+0x40c/0x4a0 [ 930.529582][T25949] ? fget_many+0x20/0x20 [ 930.533791][T25949] ? check_preemption_disabled+0x154/0x330 [ 930.539563][T25949] ? debug_smp_processor_id+0x20/0x20 [ 930.544901][T25949] ? security_file_ioctl+0x9d/0xb0 [ 930.549983][T25949] __x64_sys_ioctl+0xd4/0x110 [ 930.554629][T25949] do_syscall_64+0xcb/0x1c0 [ 930.559099][T25949] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:29 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0xfffffe1f) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="240035a4", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf250600000008002b007f00000008000b0008000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x4}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0xfffffe1f) (async) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="240035a4", @ANYRES16=0x0, @ANYBLOB="100025bd7000ffdbdf250600000008002b007f00000008000b0008000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x4}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) 17:08:29 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x2, 0x9, 0x300, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x40880) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (async, rerun: 32) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80) (async, rerun: 32) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) recvfrom$packet(r0, &(0x7f00000001c0)=""/241, 0xf1, 0x1, 0x0, 0x0) (async) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8001, 0xa7, 0x0, 0x2, 0x5, 0x18, "233ec45d7475634a1382f619fe5cbed3993ba5426a2b64624a653169f9fc8c881dff4beaa7bd300906d7ced7e7b273df9149393b3783d9386d8e42e96935dfce", "66a63f53827a99eff2f0958985fe58dcff81c97e71f773b89931064f8da58ac838b3f2aab5d9337430ad97b6bd9d6ce6b403c6ff72a45c4ad90a6592fe283fbe", "f473398a6c7e2c87f837e9587c613ff75745e7459cf0c278e7ca88a208b554df", [0x8000, 0x8]}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x58, 0x0, 0xa20, 0x70bd2b, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}}, 0x8000) 17:08:29 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x1100, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x26, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x26, 0x1000}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:29 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x50200, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007d0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b004c080000"], 0x8c}, 0x1, 0x0, 0x0, 0x24042040}, 0x40014) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x300, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x26, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 930.666024][T25982] FAULT_INJECTION: forcing a failure. [ 930.666024][T25982] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 930.691631][T25982] CPU: 1 PID: 25982 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 930.703295][T25982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 930.713336][T25982] Call Trace: [ 930.716618][T25982] dump_stack+0x1d8/0x241 [ 930.720946][T25982] ? panic+0x73e/0x73e [ 930.725005][T25982] ? stack_trace_save+0x132/0x200 [ 930.730021][T25982] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 930.735824][T25982] ? stack_trace_snprint+0x170/0x170 [ 930.741099][T25982] should_fail+0x709/0x870 [ 930.745507][T25982] ? setup_fault_attr+0x3d0/0x3d0 [ 930.750522][T25982] ? __kasan_kmalloc+0x131/0x1e0 [ 930.755449][T25982] ? kmem_cache_alloc+0xd0/0x210 [ 930.760375][T25982] ? inode_init_always+0x5db/0x800 [ 930.765469][T25982] ? new_inode_pseudo+0x8f/0x210 [ 930.770392][T25982] __alloc_pages_nodemask+0x1b6/0x860 [ 930.775747][T25982] ? __x64_sys_ioctl+0xd4/0x110 [ 930.780581][T25982] ? do_syscall_64+0xcb/0x1c0 [ 930.785254][T25982] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 930.790797][T25982] ? lockref_get+0x1b3/0x2a0 [ 930.795377][T25982] ? asan.module_dtor+0x20/0x20 [ 930.800217][T25982] __get_free_pages+0xa/0x30 [ 930.804794][T25982] selinux_genfs_get_sid+0x55/0x250 [ 930.809980][T25982] inode_doinit_with_dentry+0x87c/0x1020 [ 930.815602][T25982] ? sb_finish_set_opts+0x7a0/0x7a0 [ 930.820791][T25982] ? current_time+0x1c4/0x310 [ 930.825455][T25982] ? atime_needs_update+0x580/0x580 [ 930.830642][T25982] security_d_instantiate+0xa5/0x100 [ 930.835917][T25982] d_instantiate+0x51/0x90 [ 930.840323][T25982] debugfs_create_dir+0x1a1/0x380 [ 930.845334][T25982] bdi_register_va+0x232/0x5e0 [ 930.850089][T25982] bdi_register+0xd1/0x120 [ 930.854494][T25982] ? __device_add_disk+0x539/0x1200 [ 930.859678][T25982] ? bdi_register_va+0x5e0/0x5e0 [ 930.864604][T25982] ? percpu_ref_resurrect+0x113/0x190 [ 930.869964][T25982] bdi_register_owner+0x56/0xf0 [ 930.874800][T25982] __device_add_disk+0x5b8/0x1200 [ 930.879813][T25982] ? device_add_disk+0x30/0x30 [ 930.884558][T25982] ? vsprintf+0x30/0x30 [ 930.888710][T25982] ? device_initialize+0x1c7/0x3d0 [ 930.893823][T25982] ? __alloc_disk_node+0x326/0x380 [ 930.898934][T25982] loop_add+0x554/0x710 [ 930.903088][T25982] loop_control_ioctl+0x564/0x740 [ 930.908101][T25982] ? loop_remove+0xa0/0xa0 [ 930.912503][T25982] ? __lru_cache_add+0x1bf/0x210 [ 930.917422][T25982] ? memset+0x1f/0x40 [ 930.921394][T25982] ? fsnotify+0x1332/0x13f0 [ 930.925881][T25982] ? loop_remove+0xa0/0xa0 [ 930.930284][T25982] do_vfs_ioctl+0x744/0x1730 [ 930.934860][T25982] ? selinux_file_ioctl+0x723/0x970 [ 930.940047][T25982] ? ioctl_preallocate+0x250/0x250 [ 930.945150][T25982] ? __fget+0x40c/0x4a0 [ 930.949295][T25982] ? fget_many+0x20/0x20 [ 930.953519][T25982] ? check_preemption_disabled+0x154/0x330 [ 930.959305][T25982] ? debug_smp_processor_id+0x20/0x20 17:08:29 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 73) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:29 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x1200, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:29 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x50200, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007d0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b004c080000"], 0x8c}, 0x1, 0x0, 0x0, 0x24042040}, 0x40014) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x300, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x50200, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007d0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b004c080000"], 0x8c}, 0x1, 0x0, 0x0, 0x24042040}, 0x40014) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x300, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) (async) 17:08:29 executing program 3: prctl$PR_GET_FP_MODE(0x2e) r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x800, 0x1}, 0x4) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x9, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x8000}, 0x4) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14, 0x80000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000026bd7000fddbdf250100000008000100010000000800020002000000080002000200b2137dfb807b53a52e67506899760000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008006}, 0x20040015) 17:08:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x235e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 930.964662][T25982] ? security_file_ioctl+0x9d/0xb0 [ 930.969758][T25982] __x64_sys_ioctl+0xd4/0x110 [ 930.974510][T25982] do_syscall_64+0xcb/0x1c0 [ 930.978997][T25982] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:29 executing program 3: prctl$PR_GET_FP_MODE(0x2e) r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x800, 0x1}, 0x4) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x9, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x8000}, 0x4) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14, 0x80000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000026bd7000fddbdf250100000008000100010000000800020002000000080002000200b2137dfb807b53a52e67506899760000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008006}, 0x20040015) prctl$PR_GET_FP_MODE(0x2e) (async) socket$packet(0x11, 0x2, 0x300) (async) socket$vsock_stream(0x28, 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x800, 0x1}, 0x4) (async) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x9, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x8000}, 0x4) (async) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) (async) accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14, 0x80000) (async) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000026bd7000fddbdf250100000008000100010000000800020002000000080002000200b2137dfb807b53a52e67506899760000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008006}, 0x20040015) (async) 17:08:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) 17:08:29 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x50200, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007d0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b004c080000"], 0x8c}, 0x1, 0x0, 0x0, 0x24042040}, 0x40014) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x300, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x50200, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007d0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b004c080000"], 0x8c}, 0x1, 0x0, 0x0, 0x24042040}, 0x40014) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x300, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) (async) [ 931.057642][T26030] FAULT_INJECTION: forcing a failure. [ 931.057642][T26030] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 931.081473][T26030] CPU: 1 PID: 26030 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 931.093102][T26030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 931.103131][T26030] Call Trace: [ 931.106426][T26030] dump_stack+0x1d8/0x241 [ 931.110724][T26030] ? panic+0x73e/0x73e [ 931.114760][T26030] ? stack_trace_save+0x132/0x200 [ 931.119751][T26030] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 931.125522][T26030] ? stack_trace_snprint+0x170/0x170 [ 931.130774][T26030] should_fail+0x709/0x870 [ 931.135158][T26030] ? setup_fault_attr+0x3d0/0x3d0 [ 931.140149][T26030] ? __kasan_kmalloc+0x131/0x1e0 [ 931.145054][T26030] ? kmem_cache_alloc+0xd0/0x210 [ 931.149957][T26030] ? inode_init_always+0x5db/0x800 [ 931.155033][T26030] ? new_inode_pseudo+0x8f/0x210 [ 931.159940][T26030] __alloc_pages_nodemask+0x1b6/0x860 [ 931.165276][T26030] ? __x64_sys_ioctl+0xd4/0x110 [ 931.170093][T26030] ? do_syscall_64+0xcb/0x1c0 [ 931.174740][T26030] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 931.180251][T26030] ? lockref_get+0x1b3/0x2a0 [ 931.184806][T26030] ? asan.module_dtor+0x20/0x20 [ 931.189626][T26030] __get_free_pages+0xa/0x30 [ 931.194183][T26030] selinux_genfs_get_sid+0x55/0x250 [ 931.199346][T26030] inode_doinit_with_dentry+0x87c/0x1020 [ 931.204942][T26030] ? sb_finish_set_opts+0x7a0/0x7a0 [ 931.210102][T26030] ? current_time+0x1c4/0x310 [ 931.214743][T26030] ? atime_needs_update+0x580/0x580 [ 931.219995][T26030] security_d_instantiate+0xa5/0x100 [ 931.225258][T26030] d_instantiate+0x51/0x90 [ 931.229639][T26030] debugfs_create_dir+0x1a1/0x380 [ 931.234632][T26030] bdi_register_va+0x232/0x5e0 [ 931.239361][T26030] bdi_register+0xd1/0x120 [ 931.243744][T26030] ? __device_add_disk+0x539/0x1200 [ 931.248908][T26030] ? bdi_register_va+0x5e0/0x5e0 [ 931.253813][T26030] ? percpu_ref_resurrect+0x113/0x190 [ 931.259147][T26030] bdi_register_owner+0x56/0xf0 [ 931.263993][T26030] __device_add_disk+0x5b8/0x1200 [ 931.268984][T26030] ? device_add_disk+0x30/0x30 [ 931.273713][T26030] ? vsprintf+0x30/0x30 [ 931.277835][T26030] ? device_initialize+0x1c7/0x3d0 [ 931.282912][T26030] ? __alloc_disk_node+0x326/0x380 [ 931.287990][T26030] loop_add+0x554/0x710 [ 931.292116][T26030] loop_control_ioctl+0x564/0x740 [ 931.297107][T26030] ? loop_remove+0xa0/0xa0 [ 931.301504][T26030] ? __lru_cache_add+0x1bf/0x210 [ 931.306410][T26030] ? memset+0x1f/0x40 [ 931.310358][T26030] ? fsnotify+0x1332/0x13f0 [ 931.314825][T26030] ? loop_remove+0xa0/0xa0 [ 931.319316][T26030] do_vfs_ioctl+0x744/0x1730 [ 931.323870][T26030] ? selinux_file_ioctl+0x723/0x970 [ 931.329036][T26030] ? ioctl_preallocate+0x250/0x250 [ 931.334114][T26030] ? __fget+0x40c/0x4a0 [ 931.338238][T26030] ? fget_many+0x20/0x20 [ 931.342444][T26030] ? check_preemption_disabled+0x154/0x330 [ 931.348216][T26030] ? debug_smp_processor_id+0x20/0x20 [ 931.353554][T26030] ? security_file_ioctl+0x9d/0xb0 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x1300, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x5e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 74) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x2000}, 0x31) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10001, 0x1) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x6}, 0x4) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x1400, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 931.358629][T26030] __x64_sys_ioctl+0xd4/0x110 [ 931.363272][T26030] do_syscall_64+0xcb/0x1c0 [ 931.367741][T26030] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/255, 0xff, 0x20, &(0x7f0000000180)={0x11, 0x1, r3, 0x1, 0x1, 0x6, @broadcast}, 0x14) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x2000}, 0x31) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10001, 0x1) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x6}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x2000}, 0x31) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) syz_open_dev$vcsa(&(0x7f0000000040), 0x10001, 0x1) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x6}, 0x4) (async) 17:08:30 executing program 3: prctl$PR_GET_FP_MODE(0x2e) r0 = socket$packet(0x11, 0x2, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x800, 0x1}, 0x4) (async) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x9, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x8000}, 0x4) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14, 0x80000) (async) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000026bd7000fddbdf250100000008000100010000000800020002000000080002000200b2137dfb807b53a52e67506899760000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008006}, 0x20040015) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x2279, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x2000}, 0x31) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10001, 0x1) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x4, 0x6}, 0x4) 17:08:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/255, 0xff, 0x20, &(0x7f0000000180)={0x11, 0x1, r3, 0x1, 0x1, 0x6, @broadcast}, 0x14) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x4000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 931.461713][T26064] FAULT_INJECTION: forcing a failure. [ 931.461713][T26064] name failslab, interval 1, probability 0, space 0, times 0 [ 931.485277][T26064] CPU: 0 PID: 26064 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 931.496908][T26064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 931.506957][T26064] Call Trace: [ 931.510248][T26064] dump_stack+0x1d8/0x241 [ 931.514575][T26064] ? panic+0x73e/0x73e [ 931.518634][T26064] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 931.524429][T26064] ? __lookup_slow+0x340/0x450 [ 931.529182][T26064] should_fail+0x709/0x870 [ 931.533591][T26064] ? setup_fault_attr+0x3d0/0x3d0 [ 931.538609][T26064] ? lookup_one_len+0x426/0x680 [ 931.543448][T26064] ? new_inode_pseudo+0x78/0x210 [ 931.548377][T26064] should_failslab+0x5/0x20 [ 931.552876][T26064] kmem_cache_alloc+0x24/0x210 [ 931.557630][T26064] new_inode_pseudo+0x78/0x210 [ 931.562382][T26064] new_inode+0x25/0x1d0 [ 931.566615][T26064] ? start_creating+0x183/0x270 [ 931.571456][T26064] __debugfs_create_file+0xb6/0x400 [ 931.576645][T26064] ? debugfs_create_dir+0x2e6/0x380 [ 931.581844][T26064] bdi_register_va+0x274/0x5e0 [ 931.586600][T26064] bdi_register+0xd1/0x120 [ 931.591008][T26064] ? __device_add_disk+0x539/0x1200 [ 931.596192][T26064] ? bdi_register_va+0x5e0/0x5e0 [ 931.601121][T26064] ? percpu_ref_resurrect+0x113/0x190 [ 931.606572][T26064] bdi_register_owner+0x56/0xf0 [ 931.611416][T26064] __device_add_disk+0x5b8/0x1200 [ 931.616444][T26064] ? device_add_disk+0x30/0x30 [ 931.621193][T26064] ? vsprintf+0x30/0x30 [ 931.625339][T26064] ? device_initialize+0x1c7/0x3d0 [ 931.630439][T26064] ? __alloc_disk_node+0x326/0x380 [ 931.635539][T26064] loop_add+0x554/0x710 [ 931.639685][T26064] loop_control_ioctl+0x564/0x740 [ 931.644699][T26064] ? loop_remove+0xa0/0xa0 [ 931.649102][T26064] ? __lru_cache_add+0x1bf/0x210 [ 931.654024][T26064] ? memset+0x1f/0x40 [ 931.657993][T26064] ? fsnotify+0x1332/0x13f0 [ 931.662483][T26064] ? loop_remove+0xa0/0xa0 [ 931.666889][T26064] do_vfs_ioctl+0x744/0x1730 [ 931.671467][T26064] ? selinux_file_ioctl+0x723/0x970 [ 931.676999][T26064] ? ioctl_preallocate+0x250/0x250 [ 931.682106][T26064] ? __fget+0x40c/0x4a0 [ 931.686255][T26064] ? fget_many+0x20/0x20 [ 931.690501][T26064] ? check_preemption_disabled+0x154/0x330 [ 931.696298][T26064] ? debug_smp_processor_id+0x20/0x20 [ 931.701662][T26064] ? security_file_ioctl+0x9d/0xb0 [ 931.706766][T26064] __x64_sys_ioctl+0xd4/0x110 17:08:30 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 75) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x2d) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) recvfrom$packet(r1, &(0x7f0000000080)=""/151, 0x97, 0x10133, &(0x7f0000000140)={0x11, 0xf6, 0x0, 0x1, 0x7, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) 17:08:30 executing program 0: ioctl$VHOST_VDPA_GET_AS_NUM(0xffffffffffffffff, 0x8004af7a, &(0x7f0000000040)) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x40040) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000180)={0x0, r2}) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x7922, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 931.711437][T26064] do_syscall_64+0xcb/0x1c0 [ 931.715931][T26064] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 931.724518][T26064] debugfs: out of free dentries, can not create file 'stats' 17:08:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) r2 = syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/255, 0xff, 0x20, &(0x7f0000000180)={0x11, 0x1, r3, 0x1, 0x1, 0x6, @broadcast}, 0x14) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) socket$inet(0x2, 0x3, 0x3) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async) syz_open_dev$vcsa(&(0x7f00000001c0), 0x3, 0x101000) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'tunl0\x00', r3, 0x40, 0x80, 0x4, 0x7, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x2068, 0x0, 0x8, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x2b}, {[@ra={0x94, 0x4, 0x1}]}}}}}) (async) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/255, 0xff, 0x20, &(0x7f0000000180)={0x11, 0x1, r3, 0x1, 0x1, 0x6, @broadcast}, 0x14) (async) 17:08:30 executing program 0: ioctl$VHOST_VDPA_GET_AS_NUM(0xffffffffffffffff, 0x8004af7a, &(0x7f0000000040)) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x40040) (async) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000180)={0x0, r2}) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:30 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x2d) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) recvfrom$packet(r1, &(0x7f0000000080)=""/151, 0x97, 0x10133, &(0x7f0000000140)={0x11, 0xf6, 0x0, 0x1, 0x7, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x14) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x38000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x800300, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x2}, 0x2d) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) recvfrom$packet(r1, &(0x7f0000000080)=""/151, 0x97, 0x10133, &(0x7f0000000140)={0x11, 0xf6, 0x0, 0x1, 0x7, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) [ 931.817064][T26112] FAULT_INJECTION: forcing a failure. [ 931.817064][T26112] name failslab, interval 1, probability 0, space 0, times 0 [ 931.836584][T26112] CPU: 0 PID: 26112 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 931.848213][T26112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 931.858243][T26112] Call Trace: [ 931.861509][T26112] dump_stack+0x1d8/0x241 [ 931.865817][T26112] ? panic+0x73e/0x73e [ 931.869856][T26112] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 931.875642][T26112] ? __lookup_slow+0x340/0x450 [ 931.880376][T26112] should_fail+0x709/0x870 [ 931.884762][T26112] ? setup_fault_attr+0x3d0/0x3d0 [ 931.889753][T26112] ? lookup_one_len+0x426/0x680 [ 931.894572][T26112] ? new_inode_pseudo+0x78/0x210 [ 931.899474][T26112] should_failslab+0x5/0x20 [ 931.903943][T26112] kmem_cache_alloc+0x24/0x210 [ 931.908682][T26112] new_inode_pseudo+0x78/0x210 [ 931.913425][T26112] new_inode+0x25/0x1d0 [ 931.917552][T26112] ? start_creating+0x183/0x270 [ 931.922369][T26112] __debugfs_create_file+0xb6/0x400 [ 931.927536][T26112] ? debugfs_create_dir+0x2e6/0x380 [ 931.932703][T26112] bdi_register_va+0x274/0x5e0 [ 931.937435][T26112] bdi_register+0xd1/0x120 [ 931.941823][T26112] ? __device_add_disk+0x539/0x1200 [ 931.946993][T26112] ? bdi_register_va+0x5e0/0x5e0 [ 931.951915][T26112] ? percpu_ref_resurrect+0x113/0x190 [ 931.957255][T26112] bdi_register_owner+0x56/0xf0 [ 931.962076][T26112] __device_add_disk+0x5b8/0x1200 [ 931.967067][T26112] ? device_add_disk+0x30/0x30 [ 931.972231][T26112] ? vsprintf+0x30/0x30 [ 931.976351][T26112] ? device_initialize+0x1c7/0x3d0 [ 931.981436][T26112] ? __alloc_disk_node+0x326/0x380 [ 931.986520][T26112] loop_add+0x554/0x710 [ 931.990652][T26112] loop_control_ioctl+0x564/0x740 [ 931.995647][T26112] ? loop_remove+0xa0/0xa0 [ 932.000030][T26112] ? __lru_cache_add+0x1bf/0x210 [ 932.004967][T26112] ? memset+0x1f/0x40 [ 932.008918][T26112] ? fsnotify+0x1332/0x13f0 [ 932.013391][T26112] ? loop_remove+0xa0/0xa0 [ 932.017785][T26112] do_vfs_ioctl+0x744/0x1730 [ 932.022342][T26112] ? selinux_file_ioctl+0x723/0x970 [ 932.027505][T26112] ? ioctl_preallocate+0x250/0x250 [ 932.032593][T26112] ? __fget+0x40c/0x4a0 [ 932.036724][T26112] ? fget_many+0x20/0x20 [ 932.040932][T26112] ? check_preemption_disabled+0x154/0x330 [ 932.046703][T26112] ? debug_smp_processor_id+0x20/0x20 [ 932.052042][T26112] ? security_file_ioctl+0x9d/0xb0 [ 932.057124][T26112] __x64_sys_ioctl+0xd4/0x110 [ 932.061769][T26112] do_syscall_64+0xcb/0x1c0 17:08:30 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 76) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:30 executing program 0: ioctl$VHOST_VDPA_GET_AS_NUM(0xffffffffffffffff, 0x8004af7a, &(0x7f0000000040)) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x40040) (async) r2 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async, rerun: 64) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@private2}, &(0x7f0000000b00)=0x14) (rerun: 64) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000180)={0x0, r2}) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x7}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socketpair(0x15, 0x800, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0xfffc, 0x4}, 0x4) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x1000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:30 executing program 3: sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10010}, 0xd57a8f51e7fa1d89) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) [ 932.066246][T26112] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 932.075270][T26112] debugfs: out of free dentries, can not create file 'stats' 17:08:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x7}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socketpair(0x15, 0x800, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0xfffc, 0x4}, 0x4) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x2000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 932.164806][T26147] FAULT_INJECTION: forcing a failure. [ 932.164806][T26147] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 932.189225][T26147] CPU: 1 PID: 26147 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 932.200853][T26147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 932.210900][T26147] Call Trace: [ 932.214188][T26147] dump_stack+0x1d8/0x241 [ 932.218514][T26147] ? panic+0x73e/0x73e [ 932.222575][T26147] ? stack_trace_save+0x132/0x200 [ 932.227586][T26147] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 932.233380][T26147] ? stack_trace_snprint+0x170/0x170 [ 932.238655][T26147] should_fail+0x709/0x870 [ 932.243063][T26147] ? setup_fault_attr+0x3d0/0x3d0 [ 932.248076][T26147] ? __kasan_kmalloc+0x131/0x1e0 [ 932.253003][T26147] ? kmem_cache_alloc+0xd0/0x210 [ 932.257929][T26147] ? inode_init_always+0x5db/0x800 [ 932.263029][T26147] ? new_inode_pseudo+0x8f/0x210 [ 932.267953][T26147] __alloc_pages_nodemask+0x1b6/0x860 [ 932.273313][T26147] ? __x64_sys_ioctl+0xd4/0x110 [ 932.278149][T26147] ? do_syscall_64+0xcb/0x1c0 [ 932.282828][T26147] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 932.288361][T26147] ? lockref_get+0x1b3/0x2a0 [ 932.292948][T26147] ? asan.module_dtor+0x20/0x20 [ 932.297788][T26147] __get_free_pages+0xa/0x30 [ 932.302364][T26147] selinux_genfs_get_sid+0x55/0x250 [ 932.307553][T26147] inode_doinit_with_dentry+0x87c/0x1020 [ 932.313176][T26147] ? sb_finish_set_opts+0x7a0/0x7a0 [ 932.318365][T26147] ? current_time+0x1c4/0x310 [ 932.323031][T26147] ? atime_needs_update+0x580/0x580 [ 932.328215][T26147] security_d_instantiate+0xa5/0x100 [ 932.333488][T26147] d_instantiate+0x51/0x90 [ 932.337890][T26147] __debugfs_create_file+0x256/0x400 [ 932.343163][T26147] bdi_register_va+0x274/0x5e0 [ 932.347914][T26147] bdi_register+0xd1/0x120 [ 932.352317][T26147] ? __device_add_disk+0x539/0x1200 [ 932.357497][T26147] ? bdi_register_va+0x5e0/0x5e0 [ 932.362423][T26147] ? percpu_ref_resurrect+0x113/0x190 [ 932.367786][T26147] bdi_register_owner+0x56/0xf0 [ 932.372626][T26147] __device_add_disk+0x5b8/0x1200 [ 932.377637][T26147] ? device_add_disk+0x30/0x30 [ 932.382383][T26147] ? vsprintf+0x30/0x30 [ 932.386527][T26147] ? device_initialize+0x1c7/0x3d0 [ 932.391622][T26147] ? __alloc_disk_node+0x326/0x380 [ 932.396714][T26147] loop_add+0x554/0x710 [ 932.400860][T26147] loop_control_ioctl+0x564/0x740 [ 932.405874][T26147] ? loop_remove+0xa0/0xa0 [ 932.410274][T26147] ? __lru_cache_add+0x1bf/0x210 [ 932.415199][T26147] ? memset+0x1f/0x40 [ 932.419166][T26147] ? fsnotify+0x1332/0x13f0 [ 932.423658][T26147] ? loop_remove+0xa0/0xa0 [ 932.428063][T26147] do_vfs_ioctl+0x744/0x1730 [ 932.432643][T26147] ? selinux_file_ioctl+0x723/0x970 [ 932.437827][T26147] ? ioctl_preallocate+0x250/0x250 [ 932.442922][T26147] ? __fget+0x40c/0x4a0 [ 932.447066][T26147] ? fget_many+0x20/0x20 [ 932.451306][T26147] ? check_preemption_disabled+0x154/0x330 [ 932.457108][T26147] ? debug_smp_processor_id+0x20/0x20 17:08:31 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 77) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:31 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x3000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:31 executing program 3: sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10010}, 0xd57a8f51e7fa1d89) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10010}, 0xd57a8f51e7fa1d89) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x7}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) socketpair(0x15, 0x800, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0xfffc, 0x4}, 0x4) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x3, 0x7}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) socketpair(0x15, 0x800, 0x0, &(0x7f00000000c0)) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0xfffc, 0x4}, 0x4) (async) 17:08:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x11c, r1, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x11eb6efdcbab4d18}, 0x4850) [ 932.462469][T26147] ? security_file_ioctl+0x9d/0xb0 [ 932.467569][T26147] __x64_sys_ioctl+0xd4/0x110 [ 932.472235][T26147] do_syscall_64+0xcb/0x1c0 [ 932.476731][T26147] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x235e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:31 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x4000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:31 executing program 3: sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10010}, 0xd57a8f51e7fa1d89) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10010}, 0xd57a8f51e7fa1d89) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) 17:08:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x11c, r1, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x11eb6efdcbab4d18}, 0x4850) 17:08:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) inotify_rm_watch(r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', r2, 0x4, 0x7f, 0xec, 0xad7, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x0, 0x1, 0x5, 0x4}}) 17:08:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x11c, r1, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x11eb6efdcbab4d18}, 0x4850) [ 932.590448][T26181] FAULT_INJECTION: forcing a failure. [ 932.590448][T26181] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 932.612856][T26181] CPU: 1 PID: 26181 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 932.624481][T26181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 932.634531][T26181] Call Trace: [ 932.637815][T26181] dump_stack+0x1d8/0x241 [ 932.642139][T26181] ? panic+0x73e/0x73e [ 932.646208][T26181] ? stack_trace_save+0x132/0x200 [ 932.651239][T26181] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 932.657037][T26181] ? stack_trace_snprint+0x170/0x170 [ 932.662313][T26181] should_fail+0x709/0x870 [ 932.666719][T26181] ? setup_fault_attr+0x3d0/0x3d0 [ 932.671733][T26181] ? __kasan_kmalloc+0x131/0x1e0 [ 932.676671][T26181] ? kmem_cache_alloc+0xd0/0x210 [ 932.681682][T26181] ? inode_init_always+0x5db/0x800 [ 932.686774][T26181] ? new_inode_pseudo+0x8f/0x210 [ 932.691697][T26181] __alloc_pages_nodemask+0x1b6/0x860 [ 932.697054][T26181] ? __x64_sys_ioctl+0xd4/0x110 [ 932.701886][T26181] ? do_syscall_64+0xcb/0x1c0 [ 932.706554][T26181] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 932.712102][T26181] ? lockref_get+0x1b3/0x2a0 [ 932.716681][T26181] ? asan.module_dtor+0x20/0x20 [ 932.721523][T26181] __get_free_pages+0xa/0x30 [ 932.726097][T26181] selinux_genfs_get_sid+0x55/0x250 [ 932.731283][T26181] inode_doinit_with_dentry+0x87c/0x1020 [ 932.736902][T26181] ? sb_finish_set_opts+0x7a0/0x7a0 [ 932.742084][T26181] ? current_time+0x1c4/0x310 [ 932.746752][T26181] ? atime_needs_update+0x580/0x580 [ 932.751946][T26181] security_d_instantiate+0xa5/0x100 [ 932.757223][T26181] d_instantiate+0x51/0x90 [ 932.761633][T26181] __debugfs_create_file+0x256/0x400 [ 932.766912][T26181] bdi_register_va+0x274/0x5e0 [ 932.771668][T26181] bdi_register+0xd1/0x120 [ 932.776074][T26181] ? __device_add_disk+0x539/0x1200 [ 932.781262][T26181] ? bdi_register_va+0x5e0/0x5e0 [ 932.786186][T26181] ? percpu_ref_resurrect+0x113/0x190 [ 932.791551][T26181] bdi_register_owner+0x56/0xf0 [ 932.796391][T26181] __device_add_disk+0x5b8/0x1200 [ 932.801406][T26181] ? device_add_disk+0x30/0x30 [ 932.806156][T26181] ? vsprintf+0x30/0x30 [ 932.810302][T26181] ? device_initialize+0x1c7/0x3d0 [ 932.815397][T26181] ? __alloc_disk_node+0x326/0x380 [ 932.820502][T26181] loop_add+0x554/0x710 [ 932.824657][T26181] loop_control_ioctl+0x564/0x740 [ 932.829671][T26181] ? loop_remove+0xa0/0xa0 [ 932.834163][T26181] ? __lru_cache_add+0x1bf/0x210 [ 932.839086][T26181] ? memset+0x1f/0x40 [ 932.843057][T26181] ? fsnotify+0x1332/0x13f0 [ 932.847547][T26181] ? loop_remove+0xa0/0xa0 [ 932.851950][T26181] do_vfs_ioctl+0x744/0x1730 [ 932.856529][T26181] ? selinux_file_ioctl+0x723/0x970 [ 932.861717][T26181] ? ioctl_preallocate+0x250/0x250 [ 932.866815][T26181] ? __fget+0x40c/0x4a0 [ 932.870957][T26181] ? fget_many+0x20/0x20 [ 932.875182][T26181] ? check_preemption_disabled+0x154/0x330 [ 932.880977][T26181] ? debug_smp_processor_id+0x20/0x20 [ 932.886334][T26181] ? security_file_ioctl+0x9d/0xb0 17:08:31 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 78) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:31 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x5000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xff, 0x1000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x4}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) inotify_rm_watch(r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', r2, 0x4, 0x7f, 0xec, 0xad7, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x0, 0x1, 0x5, 0x4}}) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) (async) syz_open_dev$vcsa(0x0, 0x9, 0x2400) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) (async) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) (async) inotify_rm_watch(r1, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', r2, 0x4, 0x7f, 0xec, 0xad7, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x0, 0x1, 0x5, 0x4}}) (async) 17:08:31 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x800) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x8000) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f00000001c0)) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="ee8f3588", @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf250200000005002e0000000000050029000100000005003000000000000a000900aaaaaaaaaaaa000005002d000100000005002e00010000000800320092c0ffff"], 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x800) connect$packet(r0, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x1, 0x9, 0x6, @multicast}, 0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f00000003c0)={0x2a0, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x2a0}, 0x1, 0x0, 0x0, 0x10000840}, 0x40000) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000200)) 17:08:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x5e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 932.891438][T26181] __x64_sys_ioctl+0xd4/0x110 [ 932.896104][T26181] do_syscall_64+0xcb/0x1c0 [ 932.900609][T26181] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:31 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x9, 0x0, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000140)={@private2}, &(0x7f0000000b00)=0x14) inotify_rm_watch(r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', r2, 0x4, 0x7f, 0xec, 0xad7, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x0, 0x1, 0x5, 0x4}}) 17:08:31 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x6000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 932.956971][T26212] FAULT_INJECTION: forcing a failure. [ 932.956971][T26212] name failslab, interval 1, probability 0, space 0, times 0 [ 932.972745][T26212] CPU: 1 PID: 26212 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 932.984372][T26212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 932.994407][T26212] Call Trace: [ 932.997671][T26212] dump_stack+0x1d8/0x241 [ 933.001970][T26212] ? panic+0x73e/0x73e [ 933.006005][T26212] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 933.011779][T26212] ? __kasan_kmalloc+0x1a5/0x1e0 [ 933.016683][T26212] ? loop_add+0x554/0x710 [ 933.020982][T26212] ? __kasan_kmalloc+0x131/0x1e0 [ 933.025886][T26212] ? kobj_map+0x74/0x650 [ 933.030098][T26212] ? __device_add_disk+0x63e/0x1200 [ 933.035351][T26212] should_fail+0x709/0x870 [ 933.039734][T26212] ? setup_fault_attr+0x3d0/0x3d0 [ 933.044726][T26212] ? kobject_set_name_vargs+0x5d/0x110 [ 933.050152][T26212] should_failslab+0x5/0x20 [ 933.054623][T26212] __kmalloc_track_caller+0x4f/0x280 [ 933.059875][T26212] kstrdup_const+0x51/0x90 [ 933.064269][T26212] kobject_set_name_vargs+0x5d/0x110 [ 933.069523][T26212] dev_set_name+0xd1/0x120 [ 933.073908][T26212] ? get_device+0x30/0x30 [ 933.078202][T26212] ? kobj_map+0x61f/0x650 [ 933.082505][T26212] __device_add_disk+0x6c3/0x1200 [ 933.087506][T26212] ? device_add_disk+0x30/0x30 [ 933.092338][T26212] ? device_initialize+0x1c7/0x3d0 [ 933.097425][T26212] ? __alloc_disk_node+0x326/0x380 [ 933.102509][T26212] loop_add+0x554/0x710 [ 933.106637][T26212] loop_control_ioctl+0x564/0x740 [ 933.111636][T26212] ? loop_remove+0xa0/0xa0 [ 933.116032][T26212] ? __lru_cache_add+0x1bf/0x210 [ 933.120935][T26212] ? memset+0x1f/0x40 [ 933.124884][T26212] ? fsnotify+0x1332/0x13f0 [ 933.129375][T26212] ? loop_remove+0xa0/0xa0 [ 933.133759][T26212] do_vfs_ioctl+0x744/0x1730 [ 933.138322][T26212] ? selinux_file_ioctl+0x723/0x970 [ 933.143491][T26212] ? ioctl_preallocate+0x250/0x250 [ 933.148575][T26212] ? __fget+0x40c/0x4a0 [ 933.152708][T26212] ? fget_many+0x20/0x20 17:08:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) 17:08:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xff, 0x1000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x4}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 933.156917][T26212] ? check_preemption_disabled+0x154/0x330 [ 933.162691][T26212] ? debug_smp_processor_id+0x20/0x20 [ 933.168030][T26212] ? security_file_ioctl+0x9d/0xb0 [ 933.173111][T26212] __x64_sys_ioctl+0xd4/0x110 [ 933.177780][T26212] do_syscall_64+0xcb/0x1c0 [ 933.182250][T26212] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 933.191508][T26212] kobject_add_internal failed for queue (error: -2 parent: (null)) [ 933.200083][T26212] ------------[ cut here ]------------ [ 933.205539][T26212] WARNING: CPU: 0 PID: 26212 at fs/sysfs/file.c:328 sysfs_create_files+0x215/0x4a0 [ 933.214779][T26212] Modules linked in: [ 933.218646][T26212] CPU: 0 PID: 26212 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 933.230233][T26212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 933.240264][T26212] RIP: 0010:sysfs_create_files+0x215/0x4a0 [ 933.246038][T26212] Code: 24 04 48 b9 00 00 00 00 00 fc ff df 48 8b 54 24 08 4c 8b 74 24 20 eb 2b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 e8 8b 1c ab ff <0f> 0b c7 44 24 04 ea ff ff ff 48 b9 00 00 00 00 00 fc ff df 48 8b [ 933.265610][T26212] RSP: 0018:ffff8881c4a4f920 EFLAGS: 00010246 [ 933.271643][T26212] RAX: ffffffff81ba2f11 RBX: ffff8881e999c0a0 RCX: 0000000000040000 [ 933.279585][T26212] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 933.287530][T26212] RBP: ffff8881c4a4f9f0 R08: ffffffff843e6101 R09: ffffed103ded2460 [ 933.295473][T26212] R10: ffffed103ded2460 R11: 1ffff1103ded245f R12: 0000000000000000 [ 933.303414][T26212] R13: ffffffff84fd70e0 R14: ffff8881e999c070 R15: ffffffff85e45820 [ 933.311352][T26212] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 933.320245][T26212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 933.326801][T26212] CR2: 0000000000000000 CR3: 00000001cfe6d000 CR4: 00000000003406f0 [ 933.334745][T26212] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 933.342692][T26212] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 933.350633][T26212] Call Trace: [ 933.353902][T26212] ? sysfs_create_file_ns+0x2a0/0x2a0 [ 933.359245][T26212] ? kobject_get+0xca/0x110 [ 933.363719][T26212] __device_add_disk+0x92b/0x1200 [ 933.368714][T26212] ? device_add_disk+0x30/0x30 [ 933.373445][T26212] ? device_initialize+0x1c7/0x3d0 [ 933.378524][T26212] ? __alloc_disk_node+0x326/0x380 [ 933.383602][T26212] loop_add+0x554/0x710 [ 933.387726][T26212] loop_control_ioctl+0x564/0x740 [ 933.392715][T26212] ? loop_remove+0xa0/0xa0 [ 933.397097][T26212] ? __lru_cache_add+0x1bf/0x210 [ 933.402003][T26212] ? memset+0x1f/0x40 [ 933.405958][T26212] ? fsnotify+0x1332/0x13f0 [ 933.410434][T26212] ? loop_remove+0xa0/0xa0 [ 933.414822][T26212] do_vfs_ioctl+0x744/0x1730 [ 933.419381][T26212] ? selinux_file_ioctl+0x723/0x970 [ 933.424640][T26212] ? ioctl_preallocate+0x250/0x250 [ 933.429718][T26212] ? __fget+0x40c/0x4a0 [ 933.433842][T26212] ? fget_many+0x20/0x20 [ 933.438051][T26212] ? check_preemption_disabled+0x154/0x330 [ 933.443821][T26212] ? debug_smp_processor_id+0x20/0x20 [ 933.449160][T26212] ? security_file_ioctl+0x9d/0xb0 [ 933.454238][T26212] __x64_sys_ioctl+0xd4/0x110 17:08:32 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xff, 0x1000) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x4}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) [ 933.458884][T26212] do_syscall_64+0xcb/0x1c0 [ 933.463357][T26212] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 933.469215][T26212] ---[ end trace 03bf7d324617ae39 ]--- [ 933.474787][T26212] ------------[ cut here ]------------ [ 933.480270][T26212] kernfs: can not remove 'events', no directory [ 933.486760][T26212] WARNING: CPU: 0 PID: 26212 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90 [ 933.496452][T26212] Modules linked in: [ 933.500322][T26212] CPU: 0 PID: 26212 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 933.511905][T26212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 933.521937][T26212] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90 [ 933.528056][T26212] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 80 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7 [ 933.547718][T26212] RSP: 0018:ffff8881c4a4f900 EFLAGS: 00010246 [ 933.553754][T26212] RAX: 867cbbf9586e1300 RBX: 0000000000000000 RCX: 0000000000040000 [ 933.561694][T26212] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 933.569633][T26212] RBP: ffff8881c4a4f9f0 R08: ffffffff814e3a77 R09: ffffed103edcaa08 [ 933.577578][T26212] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: ffffffff85e45820 [ 933.585529][T26212] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff84fd71a0 [ 933.593480][T26212] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 933.602463][T26212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 933.609020][T26212] CR2: 0000000000000000 CR3: 00000001cfe6d000 CR4: 00000000003406f0 [ 933.616963][T26212] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 933.624902][T26212] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 933.632839][T26212] Call Trace: [ 933.636101][T26212] sysfs_create_files+0x40a/0x4a0 [ 933.641092][T26212] ? sysfs_create_file_ns+0x2a0/0x2a0 [ 933.646431][T26212] ? kobject_get+0xca/0x110 [ 933.650909][T26212] __device_add_disk+0x92b/0x1200 [ 933.655908][T26212] ? device_add_disk+0x30/0x30 [ 933.660647][T26212] ? device_initialize+0x1c7/0x3d0 [ 933.665723][T26212] ? __alloc_disk_node+0x326/0x380 [ 933.670802][T26212] loop_add+0x554/0x710 [ 933.674934][T26212] loop_control_ioctl+0x564/0x740 [ 933.679926][T26212] ? loop_remove+0xa0/0xa0 [ 933.684320][T26212] ? __lru_cache_add+0x1bf/0x210 [ 933.689233][T26212] ? memset+0x1f/0x40 [ 933.693188][T26212] ? fsnotify+0x1332/0x13f0 [ 933.697660][T26212] ? loop_remove+0xa0/0xa0 [ 933.702042][T26212] do_vfs_ioctl+0x744/0x1730 [ 933.706607][T26212] ? selinux_file_ioctl+0x723/0x970 [ 933.711788][T26212] ? ioctl_preallocate+0x250/0x250 [ 933.716872][T26212] ? __fget+0x40c/0x4a0 [ 933.721000][T26212] ? fget_many+0x20/0x20 [ 933.725212][T26212] ? check_preemption_disabled+0x154/0x330 [ 933.730987][T26212] ? debug_smp_processor_id+0x20/0x20 [ 933.736331][T26212] ? security_file_ioctl+0x9d/0xb0 [ 933.741416][T26212] __x64_sys_ioctl+0xd4/0x110 [ 933.746064][T26212] do_syscall_64+0xcb/0x1c0 [ 933.750563][T26212] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:32 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 79) r1 = syz_open_dev$vcsa(0x0, 0x9, 0x2400) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6tnl0\x00', 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x80}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000b00)) 17:08:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:32 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x800) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x8000) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f00000001c0)) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="ee8f3588", @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf250200000005002e0000000000050029000100000005003000000000000a000900aaaaaaaaaaaa000005002d000100000005002e00010000000800320092c0ffff"], 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x800) connect$packet(r0, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x1, 0x9, 0x6, @multicast}, 0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f00000003c0)={0x2a0, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x2a0}, 0x1, 0x0, 0x0, 0x10000840}, 0x40000) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000200)) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x3}, 0x4) (async) syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x800) (async) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) (async) syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x8000) (async) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f00000001c0)) (async) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="ee8f3588", @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf250200000005002e0000000000050029000100000005003000000000000a000900aaaaaaaaaaaa000005002d000100000005002e00010000000800320092c0ffff"], 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x800) (async) connect$packet(r0, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x1, 0x9, 0x6, @multicast}, 0x14) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r3) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f00000003c0)={0x2a0, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x2a0}, 0x1, 0x0, 0x0, 0x10000840}, 0x40000) (async) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000200)) (async) 17:08:32 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x8000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) 17:08:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) 17:08:32 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x5c, 0x15, 0x1, 0x0, 0x9000000, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x0) [ 933.756422][T26212] ---[ end trace 03bf7d324617ae3a ]--- [ 933.762181][T26212] loop0: failed to create sysfs files for events 17:08:32 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x5}, 0x4) 17:08:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x50}}, 0x0) [ 933.804828][T26250] ------------[ cut here ]------------ [ 933.815520][T26250] kernfs: can not remove 'events', no directory [ 933.822472][T26250] WARNING: CPU: 0 PID: 26250 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90 [ 933.832171][T26250] Modules linked in: [ 933.836066][T26250] CPU: 0 PID: 26250 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 933.847671][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 933.857728][T26250] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90 [ 933.863868][T26250] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 80 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7 [ 933.883466][T26250] RSP: 0018:ffff8881c36ffa20 EFLAGS: 00010246 [ 933.889520][T26250] RAX: 4bdb88e7b0bd7000 RBX: 0000000000000000 RCX: 0000000000040000 [ 933.897476][T26250] RDX: ffffc90000948000 RSI: 000000000001252f RDI: 0000000000012530 [ 933.905438][T26250] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edc52b2 [ 933.913402][T26250] R10: ffffed103edc52b2 R11: 1ffff1103edc52b1 R12: 0000000000000000 [ 933.921364][T26250] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd71a0 [ 933.929327][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 933.938245][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 933.944815][T26250] CR2: 00007eff60cec718 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 933.952780][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 933.960744][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 933.968710][T26250] Call Trace: [ 933.972004][T26250] sysfs_remove_files+0x99/0xf0 [ 933.976848][T26250] del_gendisk+0x26e/0xbf0 [ 933.981260][T26250] ? device_add_disk_no_queue_reg+0x20/0x20 [ 933.987146][T26250] loop_remove+0x42/0xa0 [ 933.991380][T26250] loop_control_ioctl+0x67f/0x740 [ 933.996411][T26250] ? loop_remove+0xa0/0xa0 [ 934.000814][T26250] ? loop_remove+0xa0/0xa0 [ 934.005215][T26250] do_vfs_ioctl+0x744/0x1730 [ 934.009791][T26250] ? selinux_file_ioctl+0x723/0x970 [ 934.014975][T26250] ? ioctl_preallocate+0x250/0x250 [ 934.020074][T26250] ? __fget+0x40c/0x4a0 [ 934.024215][T26250] ? fget_many+0x20/0x20 [ 934.028442][T26250] ? __fpregs_load_activate+0x1d7/0x3c0 [ 934.033974][T26250] ? security_file_ioctl+0x9d/0xb0 [ 934.039072][T26250] __x64_sys_ioctl+0xd4/0x110 [ 934.043737][T26250] do_syscall_64+0xcb/0x1c0 [ 934.048235][T26250] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 17:08:32 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0xfffe}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) [ 934.054111][T26250] ---[ end trace 03bf7d324617ae3b ]--- [ 934.060400][T26250] ------------[ cut here ]------------ [ 934.068813][T26250] kernfs: can not remove 'events_async', no directory [ 934.075847][T26250] WARNING: CPU: 0 PID: 26250 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90 [ 934.085545][T26250] Modules linked in: [ 934.089436][T26250] CPU: 0 PID: 26250 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 934.101040][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 934.111093][T26250] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90 [ 934.117232][T26250] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 80 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7 [ 934.136824][T26250] RSP: 0018:ffff8881c36ffa20 EFLAGS: 00010246 [ 934.142878][T26250] RAX: 4bdb88e7b0bd7000 RBX: 0000000000000000 RCX: 0000000000040000 [ 934.150837][T26250] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 934.158795][T26250] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edcaa08 [ 934.166759][T26250] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000 [ 934.174715][T26250] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7240 [ 934.182680][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 934.191594][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 934.198165][T26250] CR2: 00007f98da1c4718 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 934.206124][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 934.214085][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 934.222044][T26250] Call Trace: [ 934.225327][T26250] sysfs_remove_files+0x99/0xf0 [ 934.230165][T26250] del_gendisk+0x26e/0xbf0 [ 934.234572][T26250] ? device_add_disk_no_queue_reg+0x20/0x20 [ 934.240456][T26250] loop_remove+0x42/0xa0 [ 934.244695][T26250] loop_control_ioctl+0x67f/0x740 [ 934.249709][T26250] ? loop_remove+0xa0/0xa0 [ 934.254120][T26250] ? loop_remove+0xa0/0xa0 [ 934.258521][T26250] do_vfs_ioctl+0x744/0x1730 [ 934.263095][T26250] ? selinux_file_ioctl+0x723/0x970 [ 934.268301][T26250] ? ioctl_preallocate+0x250/0x250 [ 934.273400][T26250] ? __fget+0x40c/0x4a0 [ 934.277545][T26250] ? fget_many+0x20/0x20 [ 934.281775][T26250] ? __fpregs_load_activate+0x1d7/0x3c0 [ 934.287312][T26250] ? security_file_ioctl+0x9d/0xb0 [ 934.292411][T26250] __x64_sys_ioctl+0xd4/0x110 [ 934.297077][T26250] do_syscall_64+0xcb/0x1c0 17:08:32 executing program 0: sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20040080) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0xffff}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) [ 934.301573][T26250] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 934.307449][T26250] ---[ end trace 03bf7d324617ae3c ]--- [ 934.315356][T26250] ------------[ cut here ]------------ [ 934.324028][T26250] kernfs: can not remove 'events_poll_msecs', no directory [ 934.331428][T26250] WARNING: CPU: 0 PID: 26250 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90 [ 934.341125][T26250] Modules linked in: [ 934.345015][T26250] CPU: 0 PID: 26250 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 934.356620][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 934.366685][T26250] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90 [ 934.372824][T26250] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 80 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7 [ 934.392414][T26250] RSP: 0018:ffff8881c36ffa20 EFLAGS: 00010246 [ 934.398465][T26250] RAX: 4bdb88e7b0bd7000 RBX: 0000000000000000 RCX: 0000000000040000 [ 934.406426][T26250] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 934.414384][T26250] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edc52b2 [ 934.422345][T26250] R10: ffffed103edc52b2 R11: 1ffff1103edc52b1 R12: 0000000000000000 [ 934.430303][T26250] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7260 [ 934.438261][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 934.447178][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 934.453755][T26250] CR2: 00007eff60ccb718 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 934.461724][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 934.469681][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 934.477637][T26250] Call Trace: [ 934.480917][T26250] sysfs_remove_files+0x99/0xf0 [ 934.485758][T26250] del_gendisk+0x26e/0xbf0 [ 934.490166][T26250] ? device_add_disk_no_queue_reg+0x20/0x20 [ 934.496056][T26250] loop_remove+0x42/0xa0 [ 934.500286][T26250] loop_control_ioctl+0x67f/0x740 [ 934.505294][T26250] ? loop_remove+0xa0/0xa0 [ 934.509698][T26250] ? loop_remove+0xa0/0xa0 [ 934.514101][T26250] do_vfs_ioctl+0x744/0x1730 [ 934.518677][T26250] ? selinux_file_ioctl+0x723/0x970 [ 934.523859][T26250] ? ioctl_preallocate+0x250/0x250 [ 934.528958][T26250] ? __fget+0x40c/0x4a0 [ 934.533098][T26250] ? fget_many+0x20/0x20 [ 934.537329][T26250] ? __fpregs_load_activate+0x1d7/0x3c0 [ 934.542861][T26250] ? security_file_ioctl+0x9d/0xb0 [ 934.547957][T26250] __x64_sys_ioctl+0xd4/0x110 [ 934.552620][T26250] do_syscall_64+0xcb/0x1c0 [ 934.557113][T26250] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 934.562987][T26250] ---[ end trace 03bf7d324617ae3d ]--- [ 934.571843][T26250] ------------[ cut here ]------------ [ 934.579182][T26250] kernfs: can not remove 'bdi', no directory [ 934.585459][T26250] WARNING: CPU: 0 PID: 26250 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90 [ 934.595151][T26250] Modules linked in: [ 934.599039][T26250] CPU: 0 PID: 26250 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 934.610642][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 934.620699][T26250] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90 [ 934.626852][T26250] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 80 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7 [ 934.646439][T26250] RSP: 0018:ffff8881c36ffa60 EFLAGS: 00010246 [ 934.652491][T26250] RAX: 4bdb88e7b0bd7000 RBX: 0000000000000000 RCX: 0000000000040000 [ 934.660452][T26250] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000040000 [ 934.668408][T26250] RBP: ffff8881c36ffb68 R08: ffffffff814e3a77 R09: ffffed103edcaa08 [ 934.676368][T26250] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: ffff8881e999c000 [ 934.684327][T26250] R13: ffff8881e999c4e8 R14: 0000000000000000 R15: ffffffff84fd6d00 [ 934.692290][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 934.701206][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 934.707772][T26250] CR2: 00007eff620b6000 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 934.715733][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 934.723697][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 934.731650][T26250] Call Trace: [ 934.734935][T26250] del_gendisk+0x593/0xbf0 [ 934.739342][T26250] ? device_add_disk_no_queue_reg+0x20/0x20 [ 934.745228][T26250] loop_remove+0x42/0xa0 [ 934.749465][T26250] loop_control_ioctl+0x67f/0x740 [ 934.754484][T26250] ? loop_remove+0xa0/0xa0 [ 934.758892][T26250] ? loop_remove+0xa0/0xa0 [ 934.763294][T26250] do_vfs_ioctl+0x744/0x1730 [ 934.767875][T26250] ? selinux_file_ioctl+0x723/0x970 [ 934.773064][T26250] ? ioctl_preallocate+0x250/0x250 [ 934.778168][T26250] ? __fget+0x40c/0x4a0 [ 934.782312][T26250] ? fget_many+0x20/0x20 [ 934.786543][T26250] ? __fpregs_load_activate+0x1d7/0x3c0 [ 934.792076][T26250] ? security_file_ioctl+0x9d/0xb0 [ 934.797177][T26250] __x64_sys_ioctl+0xd4/0x110 [ 934.801841][T26250] do_syscall_64+0xcb/0x1c0 17:08:33 executing program 0: sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20040080) (async) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0xffff}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (rerun: 32) [ 934.806331][T26250] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 934.812207][T26250] ---[ end trace 03bf7d324617ae3e ]--- [ 934.822237][T26250] kasan: CONFIG_KASAN_INLINE enabled [ 934.827708][T26250] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 934.836278][T26250] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 934.843215][T26250] CPU: 0 PID: 26250 Comm: syz-executor.2 Tainted: G W 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 934.854817][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 934.864874][T26250] RIP: 0010:strlen+0x2a/0x60 [ 934.869448][T26250] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01 [ 934.889041][T26250] RSP: 0018:ffff8881c36ff9c0 EFLAGS: 00010246 [ 934.895095][T26250] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 934.903058][T26250] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000000000 [ 934.911017][T26250] RBP: 0000000000000000 R08: ffffffff81b9a329 R09: ffffed10386dff3d [ 934.918973][T26250] R10: ffffed10386dff3d R11: 1ffff110386dff3c R12: ffffffffffffffff [ 934.926929][T26250] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 934.934890][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 934.943807][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 934.950375][T26250] CR2: 00007eff620b6000 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 934.958335][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 934.966293][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 934.974244][T26250] Call Trace: [ 934.977526][T26250] kernfs_name_hash+0x1e/0x220 [ 934.982280][T26250] kernfs_find_ns+0x6b/0x260 [ 934.986858][T26250] kernfs_remove_by_name_ns+0x32/0x90 [ 934.992219][T26250] del_gendisk+0x98a/0xbf0 [ 934.996629][T26250] ? device_add_disk_no_queue_reg+0x20/0x20 [ 935.002513][T26250] loop_remove+0x42/0xa0 [ 935.006750][T26250] loop_control_ioctl+0x67f/0x740 [ 935.011759][T26250] ? loop_remove+0xa0/0xa0 [ 935.016175][T26250] ? loop_remove+0xa0/0xa0 [ 935.020577][T26250] do_vfs_ioctl+0x744/0x1730 [ 935.025158][T26250] ? selinux_file_ioctl+0x723/0x970 [ 935.030343][T26250] ? ioctl_preallocate+0x250/0x250 [ 935.035444][T26250] ? __fget+0x40c/0x4a0 [ 935.039582][T26250] ? fget_many+0x20/0x20 [ 935.043810][T26250] ? __fpregs_load_activate+0x1d7/0x3c0 [ 935.049387][T26250] ? security_file_ioctl+0x9d/0xb0 [ 935.054485][T26250] __x64_sys_ioctl+0xd4/0x110 [ 935.059150][T26250] do_syscall_64+0xcb/0x1c0 [ 935.063643][T26250] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 935.069516][T26250] Modules linked in: [ 935.075489][T26250] ---[ end trace 03bf7d324617ae3f ]--- [ 935.080972][T26250] RIP: 0010:strlen+0x2a/0x60 [ 935.085794][T26250] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01 17:08:33 executing program 0: sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20040080) (async) r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0xffff}, 0x4) (async) setsockopt$packet_fanout(r0, 0x107, 0x16, 0x0, 0x0) (async) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) [ 935.105610][T26250] RSP: 0018:ffff8881c36ff9c0 EFLAGS: 00010246 [ 935.114644][T26250] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 935.122945][T26250] RDX: ffffc90000948000 RSI: 000000000003ffff RDI: 0000000000000000 [ 935.130913][T26250] RBP: 0000000000000000 R08: ffffffff81b9a329 R09: ffffed10386dff3d [ 935.141571][T26250] R10: ffffed10386dff3d R11: 1ffff110386dff3c R12: ffffffffffffffff [ 935.149806][T26250] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 935.161045][T26250] FS: 00007f98da1e5700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 935.170181][T26250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 935.176954][T26250] CR2: 00007eff60c68718 CR3: 00000001ed198000 CR4: 00000000003406f0 [ 935.185099][T26250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 935.193325][T26250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 935.201285][T26250] Kernel panic - not syncing: Fatal exception [ 935.207496][T26250] Kernel Offset: disabled [ 935.211805][T26250] Rebooting in 86400 seconds..